Rating open source

It is so easy to pull open source libs into your project. But do you rate them against the same quality standards as your own code? Do you understand the code? Can you fix bugs in there as fast as you can in your own code? Can you build it?

We know how to isolate third party libs, but we still underestimate the influence they have on the quality of the entire application. A bug in an open source module you use will still be a bug in your application. It is you that has to go and fix it. It is your responsibility. So you better find a way to qualify and justify the open source that you use in your application.

So how can you qualify the open source you are using? There are many checklists and models available on the internet. I like it simple... the top of my list looks like this:

• Do they ship? Does the API / product / framework have a release history? It is the best proof of a healthy product and of solid interest from people you might need for feedback / bug fixes / usage knowledge.
• Is the code Uncle Bob worthy? That is, can I read it? Can I understand what is going on? (If the first method you see is 30+ lines... run!)
• Can I fix at least 3 bugs that are listed in the bug tracker. You need some idea about the velocity in case you encounter bugs that are relevant to your application.