A development company sold us an open source ASP.Net Starter Kits
We are a non-profit organization that paid over $30,000 to a development company to build us a public Website.
The development company delivered the donation portion of the website as a separate application. After looking at the source code I discovered it to be the open source PayPal eCommerce Site Starter Kit available from ASP.Net or http://dashcommerce.org/. They made a few minor modifications but most of the code is unchanged.
What would your reaction be and how would you respond?
The development company delivered the donation portion of the website as a separate application. After looking at the source code I discovered it to be the open source PayPal eCommerce Site Starter Kit available from ASP.Net or http://dashcommerce.org/. They made a few minor modifications but most of the code is unchanged.
What would your reaction be and how would you respond?
A few thoughts:
1) Software development is all about doing everything possible to avoid re-inventing the wheel. Even when you build something completely 'from scratch', you're still relying on a massive amount of work done by others. This includes things like the classes provided in the .Net Framework runtime, to features of the web server, to the underlying operating system API, to 3rd party controls. You would be a poor software developer to ignore an open source project with an acceptable license that get's you 80% there.
2) Whether a web site is successful often has more to do with it's appearance than it's function. They will certainly have spent a lot of time getting the look of your site correct, and the donation section is only one portion of the site. If using an open source project as a starting point allowed them to devote more resources elsewhere, then you should be happy.
3) It's not easy to make even minor changes to complicated software projects. There's a good chance that they were already familiar with the project, in which case that expertise is part of what you paid for. That's no different than how you pay any other professional. You'll pay a mechanic $200 to tighten a nut, because he knows which nut needs tightened. In this case, you asked them to give you a certain product and agreed on a price. They delivered. There's really nothing else to say.
4) One thing I would be concerned with is licensing. If you're using open source code, and changes were made to that code, depending on the license under which that code is released they may have obligations to give their changes back to the original project. If that's not done, as the owner of web site that obligation could fall to you. You're almost certainly okay here, as any modifications are probably specific to your organization. But it's something to be aware of.
5) Assuming the project has an acceptable license, it's still important that they be open about it's use, even if it's just in fine print. This information could be important to you for several reasons, including if that project is found to have a security vulnerability, if it gets a significant upgrade you may be able to take advantage of, or when it comes time to start adding new features. But as long as it's in the documentation somewhere, even if it's buried pretty deep, this is no big deal.
In summary: It's not a big deal that they based a significant portion of their work on an open source project. You agreed on a price, they delivered. It is bad if they are being deceptive about it. Either way, this isn't a valid reason to withhold any payment.
1) Software development is all about doing everything possible to avoid re-inventing the wheel. Even when you build something completely 'from scratch', you're still relying on a massive amount of work done by others. This includes things like the classes provided in the .Net Framework runtime, to features of the web server, to the underlying operating system API, to 3rd party controls. You would be a poor software developer to ignore an open source project with an acceptable license that get's you 80% there.
2) Whether a web site is successful often has more to do with it's appearance than it's function. They will certainly have spent a lot of time getting the look of your site correct, and the donation section is only one portion of the site. If using an open source project as a starting point allowed them to devote more resources elsewhere, then you should be happy.
3) It's not easy to make even minor changes to complicated software projects. There's a good chance that they were already familiar with the project, in which case that expertise is part of what you paid for. That's no different than how you pay any other professional. You'll pay a mechanic $200 to tighten a nut, because he knows which nut needs tightened. In this case, you asked them to give you a certain product and agreed on a price. They delivered. There's really nothing else to say.
4) One thing I would be concerned with is licensing. If you're using open source code, and changes were made to that code, depending on the license under which that code is released they may have obligations to give their changes back to the original project. If that's not done, as the owner of web site that obligation could fall to you. You're almost certainly okay here, as any modifications are probably specific to your organization. But it's something to be aware of.
5) Assuming the project has an acceptable license, it's still important that they be open about it's use, even if it's just in fine print. This information could be important to you for several reasons, including if that project is found to have a security vulnerability, if it gets a significant upgrade you may be able to take advantage of, or when it comes time to start adding new features. But as long as it's in the documentation somewhere, even if it's buried pretty deep, this is no big deal.
In summary: It's not a big deal that they based a significant portion of their work on an open source project. You agreed on a price, they delivered. It is bad if they are being deceptive about it. Either way, this isn't a valid reason to withhold any payment.
ASKER
What about security? The entire world has access to our source code and it would not be difficult for a hacker who is familar with the Starter Kits to determine that's what our site is built from.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if you're answering yes to all of those questions.... then that's good....
on the sidenote... the only real discussion i would see that would not cause problems would be on the topic that you would have liked to of known they were using open source software prior (and they may of already had it in their fine print... so go over your contract) ...