Cloudogus comment on the consultation process for the Germany Stack

We also shared this post via the official OpenCode channel as part of the participation process for the Germany Stack. The fact that the first concrete implementation of the "D-Stack" (Deutschland or Germany Stack) is taking place directly as open source in this repository is groundbreaking. The same applies to the idea of using OpenCode as a tool for the transparent collection and discussion of feedback. Keep up the good work.

Attached is our feedback as a mid-sized company in the digital industry that offers its products as open source software and has also been active in the public sector for almost 10 years.

Tech inventory

As this is currently an initial draft, there is still a need to add technologies to all layers of the stack. Accordingly, the feedback received so far contains many requests or wishes for additional technologies. Just as desirable as public participation is an inventory of as many public authorities as possible, with a focus on already established, sovereign technologies. In addition to proprietary non-European offerings such as MS Teams, ChatGpt, AWS, Azure DevOps, Jira/Confluence, etc., there are also established, open, sovereign alternatives such as OpenDesk from ZenDis, SCS, KIPITZ, and SWEC from ITZBund. Identifying these and helping to reuse them is one of the most important and lowest-hanging tasks of the D-Stack. Feedback #294 seems to pursue similar approaches here and goes into even greater depth.

Consolidation

When it comes to technologies, there will almost always be several solutions for similar use cases. The D-Stack is motivated by consolidation. At the same time, competition stimulates business and drives innovation. That is why, for example, the CNCF deliberately focuses on supporting different tools for the same use cases. Furthermore, use cases rarely have exactly the same requirements and conditions; see, for example, the discussion about Argo CD/Flux, Helm/Kustomize in feedback #327. Consolidation through the D-Stack should not aim to provide the one technology for a use case, but rather to facilitate an informed selection from a catalog of proven solutions in its domain through curation. What the domain actually is, Germany or public service in Germany, still needs to be clarified. Ideally, references can facilitate the selection process. Contact persons or the creation of user forums for direct exchange can promote inter-agency communication, including between municipalities, states, and the federal government. There is a lot of potential here to achieve the goal of consolidation, specifically the creation of uniform solutions instead of “many isolated island solutions.”
One extreme is to offer only one technology per use case. The other extreme, a mere listing of technologies, is also not helpful. Ironically, the CNCF Landscape, which serves as the technological basis for the presentation of the tech stack, is exactly that. At tech conferences, it regularly appears in sarcastic memes to visualize the agony of choice when selecting the right cloud-native technologies. On the one hand, the D-Stack, with its domain-specific criteria, has the potential to be more valuable than, for example, the CNCF Landscape. On the other hand, it shows tendencies to become even more comprehensive than the CNCF Landscape by listing fundamental aspects such as protocols. Finding the right balance between selection and overview will be crucial for the usability and success of the D-Stack. Methods familiar from tech radars can be used here to provide additional concrete details, see also feedback #293. Perhaps a “golden path” approach could be implemented that highlights the most common solutions and possible integrations for common use cases. Examples of these use cases include the digital workplace, software development, DevOps, Kubernetes operation, project management, etc. Project management/requirements management is a particularly good example because Atlassian provides a practical example of the importance of digital sovereignty with the end of its Datacenter licenses for Confluence and Jira. With OpenProject, Redmine/EasyRedmine (see also feedback #71) in combination with BlueSpice or XWiki, federable sovereign stacks are available here. PMFlex can also be used as a project management methodology in the public sector.

Transparent admission process through open source map

After the consultation process and the inventory described above, the D-Stack should not be “finished.” In fact, it should never be ‘finished’ because its goal is to establish a “living ecosystem of open innovation.” To achieve this, it is necessary to create a clearly regulated and transparent admission process for additional technologies. OpenCode is also suitable for this purpose. This is also requested by the OSBA in feedback #287.
So far, however, only the repository d-stack-home is visible, not (yet) the repository behind technologie.deutschland-stack.gov.de. Providers could submit an application there via merge request, and a transparent discussion could take place there. This process would also make it easy for providers and users to maintain the entries.

Criteria and maturity

The idea of transparently evaluating technologies based on various criteria sounds sensible and would set the D-Stack apart from, for example, the CNCF landscape, which is a confusing list of a huge number of technologies. References can be another added value: Where in Germany, Europe, in the public sector, at which authorities is a product used, and how many users use it?

The central criterion in the D-Stack is likely to be digital sovereignty. This in particular will enable the D-Stack to achieve its goal of “strengthening the digital economy.” The criteria of provider influence and design capability (product participation) are particularly important in the public sector, where there are often more specific requirements than in the private sector (e.g., air-gapped systems, VS-NfD, fewer skilled workers). Experience shows that SMEs are particularly flexible in this area and can be promoted here to stand out from (international) corporations. Badges, as known from some large retail platforms, can be another helpful tool, visualizing when products are offered or supported by SMEs.

The numerical value or level of the digital sovereignty criterion must also reflect differences such as open source vs. open core, rights holder/code owner (company vs. NPO/consortium/association/foundation), and the applicable legal jurisdiction.

Examples here are the Linux Foundation, NeoNephos, SCS/OSBA (see also feedback #310 to feedback #317 and feedback #276 to feedback #291), ALASCA (feedback #229), CodeBerg, etc. Example: There are more reliable alternatives to GitLab (an American company with an open core model), the only source code management system in the current tech stack, such as Forgejo (open source, further development by the German association Codeberg) or SCM-Mananger (open source, further development and support by Cloudogu, an SME from Germany).

It definitely contributes to transparency when facts and sources are listed in addition to the numerical value and level. More sophisticated alternatives should also be displayed directly.

Award

On an economic level, the D-Stack can also help to close the technological gap in Germany and Europe. Bitkom has presented a comprehensive concept for this (see also feedback #415). One of the key points is the creation of a central marketplace for cloud-based IT in the public sector as an extension of the IT Planning Council's “Marketplace of the Future” concept. The D-Stack could consolidate federal marketplaces such as the FIT Store, EfA Marketplace, and Cloud Service Portal of the German Administration Cloud and open them up to private providers. Here, too, there is a special opportunity to drive innovation, for example through an SME quota or SME-friendly participation conditions. Small companies in particular are often lightweight and innovative, but are disadvantaged by the usual procurement procedures. They do not have the human resources, expertise, legal support, or references to obtain large framework contracts through tenders.
Open source must also be anchored in public procurement law in order to underline its central importance for digital sovereignty. For example, by giving preference to open source in procurement, as the OSBA demands (see also Open Source Priority in feedback #276 and feedback #288) or by applying the Free Software First principle as called for by the FSFE in feedback #347.

In Germany, we often complain that we are lagging behind other European countries in terms of digitization. This presents an opportunity! Instead of reinventing the wheel, we should learn from the best practices of other countries. The EU is also heavily criticized by the German public. At this point, we should take advantage of its benefits and identify, adapt, and jointly develop effective solutions through the exchange of experiences and cooperation with our European partners.

Further participation process

It remains desirable that, even after the initial participation process has been completed, further public consultations take place in which small and medium-sized enterprises are also heard. We are happy to continue contributing our experience in the development of open source and cooperation with the public sector.