{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根据 GitHub 2020 报告,2019年10月至2020年9月期间,Github上的全球开发者数量已经超过5600万,这一数字预计在 2025 年 将达到 1 亿。作为拥有最庞大开发者群体的开源项目托管平台,Github开发者数量的持续增长也直接反映了开源热。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"与此同时,另一个值得关注的数据是,中国的开源贡献者(2020年占比10%)已经跃居全球第二,并且占比持续在上升,预计在2025年将达到13%。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“中国开发者从一个开源的使用者,已经变成全球主流的开源贡献者。开源的协作创新开发模式,也成为推动软件产业持续创新发展的源泉。”9月23日,在"},{"type":"link","attrs":{"href":"https:\/\/www.infoq.cn\/theme\/112","title":"","type":null},"content":[{"type":"text","text":"2021华为全联接大会"}]},{"type":"text","text":"上,华为云与计算开源业务(OSDT)总经理堵俊平宣布,华为启动“开源雨林”计划,意图携手开源生态伙伴,帮助更多企业更好的使用开源、贡献开源。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"毋庸置疑,当前国内开源热度空前高涨,但显而易见,开源并不是“开放源代码”就完事,企业组织使用开源更不是毫无规章,开源背后涉及的人、社区、管理等等因素,都是有讲究的。而由于国内开源整体起步较晚,企业在采用开源加速创新的同时,也遇到了前所未有的挑战。带着这些思考,InfoQ受邀参加2021华为全联接大会,透过华为的路径看国内开源的发展现状和趋势,并深入了解“开源雨林”计划背后的考量,希望此文能为读者带来参考。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"拥抱开源,也要懂得治理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"拥抱开源已是行业趋势,市面上的开源软件几乎覆盖了目前软件技术栈的大部分。“开源已成为全球软件技术和产业创新的主导模式,是加速基础软件发展、社会高效协作的模式”,堵俊平表示,无论是大型的互联网企业,还是普通的软件开发者如今都可以借助开源,开发出各个领域的软件并改变传统工业、农业以及我们的日常生活。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根据信通院发布的2020开源生态白皮书,2019年我国企业已经使用开源技术的企业占比为87.4%,企业对开源技术的接受程度较高,使用开源技术已成主流。其中,超半数企业使用开源软件应用于数据库方向,云计算领域已普遍应用云计算开源技术,超七成的企业应用开源容器技术,超六成的企业已经应用或正在测试微服务框架。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但由于中国的开源起步较晚,中美用户生态还是存在一定的差距,国内企业用户对开源认识不足,在一定程度上制约了国内开源的发展。虽然国内使用开源技术的企业多,但是真正理解并且参与贡献的甚少。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"另有数据显示,中国的500强企业中,有约96.6%其实不了解开源,仅2%参与开源贡献。相比而言,全球500强企业中有79.2%了解开源,并且22%参与了开源贡献。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前,国内企业对开源存在一些“误解”,主要体现在以下几个方面:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"免费:开源软件都是免费的,企业无需为开源软件付费,导致"},{"type":"text","marks":[{"type":"strong"}],"text":"商业发行版市场空间降低。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"合规:开源软件可以随意使用和fork,导致"},{"type":"text","marks":[{"type":"strong"}],"text":"企业技术债和安全漏洞频发、挤压商业发行版市场空间。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"选型:不理解上下游社区及社区fork的关系,导致"},{"type":"text","marks":[{"type":"strong"}],"text":"不能较好地分辨社区是否可延续。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":4,"align":null,"origin":null},"content":[{"type":"text","text":"竞争力:竞争力开源后如何变现,不了解开源的商业模式,导致"},{"type":"text","marks":[{"type":"strong"}],"text":"社区参与度不足。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":5,"align":null,"origin":null},"content":[{"type":"text","text":"社区:不知道如何参加开源社区,也不了解参加社区投入产出,导致"},{"type":"text","marks":[{"type":"strong"}],"text":"社区参与度不足。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"开源治理是针对开源引入过程、自发开源过程、开源社区维护等方面的一套流程体系,是推动开源生态良性发展的有效手段。对企业来说,不理解开源,就无法真正发挥技术创新作用赋能自身数字化转型;不熟悉开源的安全、合规、生命周期及效率(工具),企业引入开源就容易得不偿失,导致成本过高及链路过长。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"总的来说,目前企业用户在使用开源软件时遇到的挑战主要包括"},{"type":"text","marks":[{"type":"strong"}],"text":"安全"},{"type":"text","text":"(漏洞修复能力,漏洞修复服务,漏洞修复流程)、"},{"type":"text","marks":[{"type":"strong"}],"text":"合规"},{"type":"text","text":"(许可证冲突,识别合规风险,知识产权风险)、"},{"type":"text","marks":[{"type":"strong"}],"text":"生命周期"},{"type":"text","text":"(存量软件升级,建立流程和规则,参与上游社区贡献)、"},{"type":"text","marks":[{"type":"strong"}],"text":"效率"},{"type":"text","text":"(管理平台,开源软件库,代码扫描工具)等几方面,"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"因此,企业对于开源治理的诉求愈加迫切。“华为公司愿意把在开源领域长期积累的经验分享给伙伴。”堵俊平表示。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"提升全行业开源技术水平"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"据悉,“开源雨林”计划是一次全新的尝试,它将从开源通识、开源使用、开源贡献三大方面构建开源课程体系,帮助企业快速理解开源理念,掌握实战方法。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同时,华为也将发挥自身技术优势与经验优势,在团队、机制、项目三方面提供咨询服务,协助企业构建开源能力中心,逐步提升全行业开源技术水平。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/32\/321ab1d4d6ec387ecdf59387d05272db.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"堵俊平在讲解“开源雨林”计划。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"具体而言,华为把相关的理论和案例总结为十门开源专业课程,以授课的方式让企业快速具备实战基础。同时,华为也会选择和部分企业共建开源能力中心,或者采用联合创新项目的方式完成企业组织和流程搭建,让企业具备实战能力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"为什么是华为?华为是否具备这个基础?相信在“开源雨林”计划亮相之后,部分人会产生类似的疑问。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但若深入了解,则不难发现,近些年华为"},{"type":"text","marks":[{"type":"strong"}],"text":"从开源的参与者逐步走向开源的引领者"},{"type":"text","text":"。目前华为在顶级基金会(包括 Linux、CNCF、Linaro、OpenStack 等)拥有十多个董事席位,以及 200 多个 TSC、PTL、Core Committer 席位。在积极参与开源社区的同时,华为也是开源项目的主动贡献者,涵盖操作系统、云原生、数据库以及 AI 等领域。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"堵俊平介绍道,华为早在使用开源之初就成立了开源能力中心,并建立了可信开源的管理流程,已经有了10多年的社区经验积累。除了大力发展华为开源社区,华为还在CHAOSS社区共享开源治理、社区运营、基础设施经验,共建开源项目\/社区度量标准。近期,华为还加入了OpenChain项目(由 Linux 基金会发起的一项旨在简化开源合规性的项目,帮助各种组织更高效地解决开源许可证一致性问题),希望能为打造安全可信的开源软件供应链贡献更多的力量。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"事实上,自 2019 年华为全面提出了软件开源的战略后,华为开源的实力开始显现。在过去两年时间里,华为陆续推出了 openEuler、OpenHarmony、MindSpore 、openGauss、KubEdge、EdgeGallery、Karmada 等平台级开源项目,涉及到数字基础设施操作系统、智能终端操作系统、AI 计算框架、分布式数据库、边缘计算、多云容器编排系统、等基础软件项目。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由于历史因素,中国基础软件竞争力十分薄弱,因此"},{"type":"text","marks":[{"type":"strong"}],"text":"华为希望推动中国构建世界级的基础软件开源社区。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以openEuler为例,当下政企用户对于自主可控开源的操作系统替换关注度很高,openEuler(开源的Linux发行版)是数字基础设施的操作系统。短短两年,openEuler已经快速成长为国计民生行业支持多样性计算的首选操作系统,在运营商、政府、金融、能源行业都具备了大规模商用的能力。在本次大会上,openEuler 21.09版本正式发布,同时推出了全新的云原生全栈功能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"值得一提的是,自Linux kernel 5.8版本以来,华为内核代码贡献持续领先,"},{"type":"text","marks":[{"type":"strong"}],"text":"5.10版本贡献第一,在华为承诺帮助加强测试的支持下,Linux Kernel 5.10维护周期从2年延长至6年"},{"type":"text","text":"。根据 openEuler 社区的版本生命周期,openEuler 22.03 LTS 版本将于明年发布,届时将会使用 Linux Kernel 5.10 作为该版本的内核。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了openEuler,其他开源项目比如openGauss、Karmada、MindSpore也在飞速发展。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"全场景 AI 计算框架 MindSpore 开源一年多以来快速成长,能力日趋强大,最新 MindSpore 1.5 版本强化全场景能力、原生支持大模型,并新增 AI 科学计算新范式、电磁仿真套件和分子模拟套件,促进 AI 应用于科学计算。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“去 O”一直是政企用户的目标,企业级数据库 openGauss 自去年 6 月开源,已经有 70 家企业加入社区,开发贡献者超过 2000 人,12 家伙伴基于 openGauss 发布商业发行版。如今,openGauss 社区理事会正式成立,包括主流的 DBV(数据库软件供应商)、关键行业客户、高校学术机构等 18 家单位,共建共享共治 openGauss 开源社区,一同打造全球领先的企业级开源数据库新生态。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"云原生是大势所趋,但是对于企业客户而言,出于数据主权和安全隐私的考虑,企业客户会考虑使用多云混合云方式开展业务,然而不同云环境的基础设施能力、安全架构的差异会造成企业 IT 架构和运维体系的割裂,加大多云混合云实施的复杂性,提高了运维成本。今年 4 月,华为正式宣布开源云原生多云容器编排项目 Karmada,并于 9 月将该项目捐赠给云原生计算基金会 CNCF。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"金融业的开源使用风险治理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"不仅在 IT 和互联网企业,银行电信等不少传统行业客户也在许多场景引入开源技术,开源已经成为推动企业数字化转型和创新的一大推手。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"据了解,华为在推出“开源雨林”计划之前,就和浦发银行就金融领域开源治理和开源策略方面有所合作。在金融业迎来发展新机遇的大背景下,浦发银行积极推进数字化转型,投入大量人力进行数字化研究,在云计算、大数据、人工智能领域进行开发创新,这其中不可避免地使用了大量开源软件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但众所周知,金融企业对监管合规和稳定性尤为严苛,银行产品大量使用开源技术的同时,合规、安全风险如何管控?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/3d\/3deb9013a7aebf116f8f66657198e17b.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"华为指出,金融客户当前仍着重于求解使用开源方面的问题,主要聚焦在安全、合规、生命周期、效率(工具)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"当看到华为在CNCF、Hadoop等开源社区的贡献和影响力后,浦发决定和华为公司合作,共同成立浦发·华为开源技术联合实验室,围绕开源使用风险治理结成联创项目,并提出了树立开源价值观、确立方法论和落地实践三步走的战略。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"首先是树立开源价值观,华为开源专家开展了多次现场培训和在线指导,和浦发一起识别开源使用风险,为后续顺利开展工作做好准备。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其次是确立方法论,结合华为开源治理的成功经验,浦发打造了关于开源使用及治理的顶层设计,从管控风险,到平台运作,最终实现高效自治。期间浦发结合业务实际,对开源技术引入、使用和安全管理设计了相关流程。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最后是成功落地实践,在完成上述方法论后,浦发在引入环节规避了开源软件相关安全风险,通过使用台账的记录做到开源软件可控可溯。目前开源治理能力已在全行推广,帮助浦发安全、合规、可靠、高效地评估和使用开源软件、管理开源资产、把控开源软件使用中的安全风险。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由于浦发率先在金融业实行开源管理,其能力得到了行业认可,同年浦发牵头成立金融行业开源技术应用社区,进一步提升了浦发在行业中的影响力。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"写在最后"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“只有通过开源,才有机会聚焦全社会全产业链的力量迅速提升基础软件能力,进而推动全行业的创新。”堵俊平说道。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"华为在开源领域的投入有目共睹。需要强调的是,无论是华为现在主导的开源社区或后续创建的其它社区,都需要企业有意向加入并且能够打通社区和商业的循环,才能可持续地发展。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而如何帮助企业少走弯路,应对开源挑战并切实有效地防范、化解开源风险的同时,能利用好开源的优势实现业务价值,驱动业务创新,便是“开源雨林”计划所要解决的问题。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"总而言之,是否要采用开源技术已经不是我们首要考虑的问题,未来更重要的是如何更好地使用开源、探索开源,创造更多可能性。"}]}]}
面对安全、合规、效率等诸多挑战,企业该如何用好“开源”?
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根据 GitHub 2020 报告,2019年10月至2020年9月期间,Github上的全球开发者数量已经超过5600万,这一数字预计在 2025 年 将达到 1 亿。作为拥有最庞大开发者群体的开源项目托管平台,Github开发者数量的持续增长也直接反映了开源热。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"与此同时,另一个值得关注的数据是,中国的开源贡献者(2020年占比10%)已经跃居全球第二,并且占比持续在上升,预计在2025年将达到13%。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“中国开发者从一个开源的使用者,已经变成全球主流的开源贡献者。开源的协作创新开发模式,也成为推动软件产业持续创新发展的源泉。”9月23日,在"},{"type":"link","attrs":{"href":"https:\/\/www.infoq.cn\/theme\/112","title":"","type":null},"content":[{"type":"text","text":"2021华为全联接大会"}]},{"type":"text","text":"上,华为云与计算开源业务(OSDT)总经理堵俊平宣布,华为启动“开源雨林”计划,意图携手开源生态伙伴,帮助更多企业更好的使用开源、贡献开源。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"毋庸置疑,当前国内开源热度空前高涨,但显而易见,开源并不是“开放源代码”就完事,企业组织使用开源更不是毫无规章,开源背后涉及的人、社区、管理等等因素,都是有讲究的。而由于国内开源整体起步较晚,企业在采用开源加速创新的同时,也遇到了前所未有的挑战。带着这些思考,InfoQ受邀参加2021华为全联接大会,透过华为的路径看国内开源的发展现状和趋势,并深入了解“开源雨林”计划背后的考量,希望此文能为读者带来参考。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"拥抱开源,也要懂得治理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"拥抱开源已是行业趋势,市面上的开源软件几乎覆盖了目前软件技术栈的大部分。“开源已成为全球软件技术和产业创新的主导模式,是加速基础软件发展、社会高效协作的模式”,堵俊平表示,无论是大型的互联网企业,还是普通的软件开发者如今都可以借助开源,开发出各个领域的软件并改变传统工业、农业以及我们的日常生活。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根据信通院发布的2020开源生态白皮书,2019年我国企业已经使用开源技术的企业占比为87.4%,企业对开源技术的接受程度较高,使用开源技术已成主流。其中,超半数企业使用开源软件应用于数据库方向,云计算领域已普遍应用云计算开源技术,超七成的企业应用开源容器技术,超六成的企业已经应用或正在测试微服务框架。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但由于中国的开源起步较晚,中美用户生态还是存在一定的差距,国内企业用户对开源认识不足,在一定程度上制约了国内开源的发展。虽然国内使用开源技术的企业多,但是真正理解并且参与贡献的甚少。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"另有数据显示,中国的500强企业中,有约96.6%其实不了解开源,仅2%参与开源贡献。相比而言,全球500强企业中有79.2%了解开源,并且22%参与了开源贡献。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前,国内企业对开源存在一些“误解”,主要体现在以下几个方面:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"免费:开源软件都是免费的,企业无需为开源软件付费,导致"},{"type":"text","marks":[{"type":"strong"}],"text":"商业发行版市场空间降低。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"合规:开源软件可以随意使用和fork,导致"},{"type":"text","marks":[{"type":"strong"}],"text":"企业技术债和安全漏洞频发、挤压商业发行版市场空间。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"选型:不理解上下游社区及社区fork的关系,导致"},{"type":"text","marks":[{"type":"strong"}],"text":"不能较好地分辨社区是否可延续。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":4,"align":null,"origin":null},"content":[{"type":"text","text":"竞争力:竞争力开源后如何变现,不了解开源的商业模式,导致"},{"type":"text","marks":[{"type":"strong"}],"text":"社区参与度不足。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":5,"align":null,"origin":null},"content":[{"type":"text","text":"社区:不知道如何参加开源社区,也不了解参加社区投入产出,导致"},{"type":"text","marks":[{"type":"strong"}],"text":"社区参与度不足。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"开源治理是针对开源引入过程、自发开源过程、开源社区维护等方面的一套流程体系,是推动开源生态良性发展的有效手段。对企业来说,不理解开源,就无法真正发挥技术创新作用赋能自身数字化转型;不熟悉开源的安全、合规、生命周期及效率(工具),企业引入开源就容易得不偿失,导致成本过高及链路过长。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"总的来说,目前企业用户在使用开源软件时遇到的挑战主要包括"},{"type":"text","marks":[{"type":"strong"}],"text":"安全"},{"type":"text","text":"(漏洞修复能力,漏洞修复服务,漏洞修复流程)、"},{"type":"text","marks":[{"type":"strong"}],"text":"合规"},{"type":"text","text":"(许可证冲突,识别合规风险,知识产权风险)、"},{"type":"text","marks":[{"type":"strong"}],"text":"生命周期"},{"type":"text","text":"(存量软件升级,建立流程和规则,参与上游社区贡献)、"},{"type":"text","marks":[{"type":"strong"}],"text":"效率"},{"type":"text","text":"(管理平台,开源软件库,代码扫描工具)等几方面,"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"因此,企业对于开源治理的诉求愈加迫切。“华为公司愿意把在开源领域长期积累的经验分享给伙伴。”堵俊平表示。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"提升全行业开源技术水平"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"据悉,“开源雨林”计划是一次全新的尝试,它将从开源通识、开源使用、开源贡献三大方面构建开源课程体系,帮助企业快速理解开源理念,掌握实战方法。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同时,华为也将发挥自身技术优势与经验优势,在团队、机制、项目三方面提供咨询服务,协助企业构建开源能力中心,逐步提升全行业开源技术水平。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/32\/321ab1d4d6ec387ecdf59387d05272db.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"堵俊平在讲解“开源雨林”计划。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"具体而言,华为把相关的理论和案例总结为十门开源专业课程,以授课的方式让企业快速具备实战基础。同时,华为也会选择和部分企业共建开源能力中心,或者采用联合创新项目的方式完成企业组织和流程搭建,让企业具备实战能力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"为什么是华为?华为是否具备这个基础?相信在“开源雨林”计划亮相之后,部分人会产生类似的疑问。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但若深入了解,则不难发现,近些年华为"},{"type":"text","marks":[{"type":"strong"}],"text":"从开源的参与者逐步走向开源的引领者"},{"type":"text","text":"。目前华为在顶级基金会(包括 Linux、CNCF、Linaro、OpenStack 等)拥有十多个董事席位,以及 200 多个 TSC、PTL、Core Committer 席位。在积极参与开源社区的同时,华为也是开源项目的主动贡献者,涵盖操作系统、云原生、数据库以及 AI 等领域。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"堵俊平介绍道,华为早在使用开源之初就成立了开源能力中心,并建立了可信开源的管理流程,已经有了10多年的社区经验积累。除了大力发展华为开源社区,华为还在CHAOSS社区共享开源治理、社区运营、基础设施经验,共建开源项目\/社区度量标准。近期,华为还加入了OpenChain项目(由 Linux 基金会发起的一项旨在简化开源合规性的项目,帮助各种组织更高效地解决开源许可证一致性问题),希望能为打造安全可信的开源软件供应链贡献更多的力量。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"事实上,自 2019 年华为全面提出了软件开源的战略后,华为开源的实力开始显现。在过去两年时间里,华为陆续推出了 openEuler、OpenHarmony、MindSpore 、openGauss、KubEdge、EdgeGallery、Karmada 等平台级开源项目,涉及到数字基础设施操作系统、智能终端操作系统、AI 计算框架、分布式数据库、边缘计算、多云容器编排系统、等基础软件项目。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由于历史因素,中国基础软件竞争力十分薄弱,因此"},{"type":"text","marks":[{"type":"strong"}],"text":"华为希望推动中国构建世界级的基础软件开源社区。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以openEuler为例,当下政企用户对于自主可控开源的操作系统替换关注度很高,openEuler(开源的Linux发行版)是数字基础设施的操作系统。短短两年,openEuler已经快速成长为国计民生行业支持多样性计算的首选操作系统,在运营商、政府、金融、能源行业都具备了大规模商用的能力。在本次大会上,openEuler 21.09版本正式发布,同时推出了全新的云原生全栈功能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"值得一提的是,自Linux kernel 5.8版本以来,华为内核代码贡献持续领先,"},{"type":"text","marks":[{"type":"strong"}],"text":"5.10版本贡献第一,在华为承诺帮助加强测试的支持下,Linux Kernel 5.10维护周期从2年延长至6年"},{"type":"text","text":"。根据 openEuler 社区的版本生命周期,openEuler 22.03 LTS 版本将于明年发布,届时将会使用 Linux Kernel 5.10 作为该版本的内核。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了openEuler,其他开源项目比如openGauss、Karmada、MindSpore也在飞速发展。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"全场景 AI 计算框架 MindSpore 开源一年多以来快速成长,能力日趋强大,最新 MindSpore 1.5 版本强化全场景能力、原生支持大模型,并新增 AI 科学计算新范式、电磁仿真套件和分子模拟套件,促进 AI 应用于科学计算。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“去 O”一直是政企用户的目标,企业级数据库 openGauss 自去年 6 月开源,已经有 70 家企业加入社区,开发贡献者超过 2000 人,12 家伙伴基于 openGauss 发布商业发行版。如今,openGauss 社区理事会正式成立,包括主流的 DBV(数据库软件供应商)、关键行业客户、高校学术机构等 18 家单位,共建共享共治 openGauss 开源社区,一同打造全球领先的企业级开源数据库新生态。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"云原生是大势所趋,但是对于企业客户而言,出于数据主权和安全隐私的考虑,企业客户会考虑使用多云混合云方式开展业务,然而不同云环境的基础设施能力、安全架构的差异会造成企业 IT 架构和运维体系的割裂,加大多云混合云实施的复杂性,提高了运维成本。今年 4 月,华为正式宣布开源云原生多云容器编排项目 Karmada,并于 9 月将该项目捐赠给云原生计算基金会 CNCF。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"金融业的开源使用风险治理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"不仅在 IT 和互联网企业,银行电信等不少传统行业客户也在许多场景引入开源技术,开源已经成为推动企业数字化转型和创新的一大推手。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"据了解,华为在推出“开源雨林”计划之前,就和浦发银行就金融领域开源治理和开源策略方面有所合作。在金融业迎来发展新机遇的大背景下,浦发银行积极推进数字化转型,投入大量人力进行数字化研究,在云计算、大数据、人工智能领域进行开发创新,这其中不可避免地使用了大量开源软件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但众所周知,金融企业对监管合规和稳定性尤为严苛,银行产品大量使用开源技术的同时,合规、安全风险如何管控?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/3d\/3deb9013a7aebf116f8f66657198e17b.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"华为指出,金融客户当前仍着重于求解使用开源方面的问题,主要聚焦在安全、合规、生命周期、效率(工具)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"当看到华为在CNCF、Hadoop等开源社区的贡献和影响力后,浦发决定和华为公司合作,共同成立浦发·华为开源技术联合实验室,围绕开源使用风险治理结成联创项目,并提出了树立开源价值观、确立方法论和落地实践三步走的战略。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"首先是树立开源价值观,华为开源专家开展了多次现场培训和在线指导,和浦发一起识别开源使用风险,为后续顺利开展工作做好准备。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其次是确立方法论,结合华为开源治理的成功经验,浦发打造了关于开源使用及治理的顶层设计,从管控风险,到平台运作,最终实现高效自治。期间浦发结合业务实际,对开源技术引入、使用和安全管理设计了相关流程。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最后是成功落地实践,在完成上述方法论后,浦发在引入环节规避了开源软件相关安全风险,通过使用台账的记录做到开源软件可控可溯。目前开源治理能力已在全行推广,帮助浦发安全、合规、可靠、高效地评估和使用开源软件、管理开源资产、把控开源软件使用中的安全风险。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由于浦发率先在金融业实行开源管理,其能力得到了行业认可,同年浦发牵头成立金融行业开源技术应用社区,进一步提升了浦发在行业中的影响力。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"写在最后"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“只有通过开源,才有机会聚焦全社会全产业链的力量迅速提升基础软件能力,进而推动全行业的创新。”堵俊平说道。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"华为在开源领域的投入有目共睹。需要强调的是,无论是华为现在主导的开源社区或后续创建的其它社区,都需要企业有意向加入并且能够打通社区和商业的循环,才能可持续地发展。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而如何帮助企业少走弯路,应对开源挑战并切实有效地防范、化解开源风险的同时,能利用好开源的优势实现业务价值,驱动业务创新,便是“开源雨林”计划所要解决的问题。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"总而言之,是否要采用开源技术已经不是我们首要考虑的问题,未来更重要的是如何更好地使用开源、探索开源,创造更多可能性。"}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章