The New Stack Podcast

How Can Open Source Sustain Itself Without Creating Burnout?

Episode Summary

The whole world uses open source, but as we’ve learned from the Log4j debacle, “free” software isn’t really free. Organizations and their customers pay for it when projects aren’t frequently updated and maintained. How can we support open source project maintainers — and how can we decide which projects are worth the time and effort to maintain? “A lot of people pick up open source projects, and use them in their products and in their companies without really thinking about whether or not that project is likely to be successful over the long term,” Dawn Foster, director of open source community strategy at VMware’s open source program office (OSPO), told The New Stack’s audience during this On the Road edition of The New Stack’s Makers podcast. In this conversation recorded at Open Source Summit Europe in Dublin, Ireland, Foster elaborated on the human cost of keeping open source software maintained, improved and secure —  and how such projects can be sustained over the long term. The conversation, sponsored by Amazon Web Services, was hosted by Heather Joslyn, features editor at The New Stack.

Episode Notes

The whole world uses open source, but as we’ve learned from the Log4j debacle, “free” software isn’t really free. Organizations and their customers pay for it when projects aren’t frequently updated and maintained.

 

How can we support open source project maintainers — and how can we decide which projects are worth the time and effort to maintain?

 

“A lot of people pick up open source projects, and use them in their products and in their companies without really thinking about whether or not that project is likely to be successful over the long term,” Dawn Foster, director of open source community strategy at VMware’s open source program office (OSPO), told The New Stack’s audience during this On the Road edition of The New Stack’s Makers podcast.

 

In this conversation recorded at Open Source Summit Europe in Dublin, Ireland, Foster elaborated on the human cost of keeping open source software maintained, improved and secure —  and how such projects can be sustained over the long term.

 

The conversation, sponsored by Amazon Web Services, was hosted by Heather Joslyn, features editor at The New Stack.

 

Assessing Project Health: the ‘Lottery Factor’

 

One of the first ways to evaluate the health of an open source project, Foster said, is the “lottery factor”: “It's basically if one of your key maintainers for a project won the lottery, retired on a beach tomorrow, could the project continue to be successful?”

 

“And if you have enough maintainers and you have the work spread out over enough people, then yes. But if you're a single maintainer project and that maintainer retires, there might not be anybody left to pick it up.”

 

Foster is on the governing board for an project called Community Health Analytics Open Source Software — CHAOSS, to its friends — that aims to provide some reliable metrics to judge the health of an open source initiative.

 

The metrics CHAOSS is developing, she said, “help you understand where your project is healthy and where it isn't, so that you can decide what changes you need to make within your project to make it better.”

 

CHAOSS uses tooling like Augur and GrimoireLab to help get notifications and analytics on project health. And it’s friendly to newcomers, Foster said.

 

“We spend...a lot of time just defining metrics, which means working in a Google Doc and thinking about all of the different ways you might possibly measure something — something like, are you getting a diverse set of contributors into your project from different organizations, for example.”

 

Paying Maintainers, Onboarding Newbies

 

It’s important to pay open source maintainers in order to help sustain projects, she said. “The people that are being paid to do it are going to have a lot more time to devote to these open source projects. So they're going to tend to be a little bit more reliable just because they're they're going to have a certain amount of time that's devoted to contributing to these projects.”

 

Not only does paying people help keep vital projects going, but it also helps increase the diversity of contributors, “because you by paying people salaries to do this work in open source, you get people who wouldn't naturally have time to do that.

 

“So in a lot of cases, this is women who have extra childcare responsibilities. This is people from underrepresented backgrounds who have other commitments outside of work,” Foster said. “But by allowing them to do that within their work time, you not only get healthier, longer sustaining open source projects, you get more diverse contributions.”

 

The community can also help bring in new contributors by providing solid documentation and easy onboarding for newcomers, she said. “If people don't know how to build your software, or how to get a development environment up and running, they're not going to be able to contribute to the project.”

 

And showing people how to contribute properly can help alleviate the issue of burnout for project maintainers, Foster said:  “Any random person can file issues and bug maintainers all day, in ways that are not productive. And, you know, we end up with maintainer burnout...because we just don't have enough maintainers," said Foster.

 

“Getting new people into these projects and participating in ways that are eventually reducing the load on these horribly overworked maintainers is a good thing.”

 

Listen or watch this episode to learn more about maintaining open source sustainability.

Episode Transcription

Colleen Coll  0:08  

Welcome to this special edition of the new stack makers on the road. We're here at the Open Source summit in Dublin, Ireland. Discussions from the show floor with technologists giving you their expertise and insights to help you with your everyday work. Amazon Web Services is the world's most comprehensive and broadly adopted cloud platform, offering over 175 fully featured services from datacenters. Globally, millions of customers trust AWS to power their infrastructure become more agile and lower costs.

 

Heather Joslyn  0:49  

Hello, and welcome to an on the road episode of the new stack makers Podcast. I'm Heather Jocelyn Features Editor of the new stack. And we're here in beautiful downtown Dublin, Ireland, for the open source summit Europe. And I'm here with Don Foster. And we're going to talk about how to maintain sustainability and open source projects. So Don, you want to hear to introduce yourself.

 

Dawn Foster  1:10  

Yeah, sure. So I'm Don Foster, I am director of open source community strategy at VMware, which is under our open source program office. And that includes a lot of different things. So part of that is measuring the health of some of our open source projects. So I'm also involved in the chaos project, I'm on the governing board for Kaos, which is an open source project health analytics project. So that ties in nicely with my work at VMware, because we are focused on making sure that our open source projects are healthy. The other thing that I'm focused on is really helping us improve how we engage in open source projects, so that they are sustainable over the long term, which kind of ties into my work with the CN CF, contributor, strategy technical advisory group. So I'm co chair of that. And our our remit is really to help cn CF projects be sustainable grow well maintained, and healthy projects.

 

Heather Joslyn  2:04  

Terrific. And thank you for joining us today. Let's start with a definition of sustainability in terms of open source projects. What do you consider a sustainable open source project? And what are what are some of the challenges to sustaining it for containers,

 

Dawn Foster  2:17  

I think the first challenge is the word sustainability because sometimes it gets interpreted as sustainability in the sense of environmental sustainability, which isn't what we're talking about today. So the first thing to do is clarify what we mean by sustainability. And so from the standpoint that we're talking about today, it really is about making sure that your projects are successful over the long term. And it's something that's challenging for maintainers. In particular, maintainers have smaller projects where they might be the only maintainer. So you know, it's, it's something that's, that's important, you know, a lot of a lot of people pick up open source projects, and use them in their, in their products and in their companies without really thinking about whether or not that project is likely to be successful over the long term. And there, there are some different things you can look at with respect to that. So one of the things that I in particular like to look at when it comes to sustainability, is it's basically kind of a contributor metric. Sometimes it's called the the bus factor. Sometimes it's called a lottery lottery winner or something like that. But it's basically if one of your key maintainers for a project, won the lottery, retired on a beach tomorrow, could the project continue to be successful? And if you have enough maintainers, and you have the work spread out over enough, you know, enough people, then then yes, but if you're a single maintainer project, and that maintainer, retires, there might not be anybody left to pick it up. So that's one of the key things I look at when I'm thinking about whether a project is sustainable over the long term.

 

Heather Joslyn  3:39  

And that obviously, the danger of of project not being maintained over long term is that it becomes vulnerable. And obviously, companies and organizations use nearly all of them use some some open source. Yeah, it's

 

Dawn Foster  3:51  

a huge issue. And it's something that we're pretty proactive with actually at VMware, so we projects that are no longer maintained that are, you know, everybody ends up with a bit some abandoned projects, we take a really proactive approach to archiving those. And we also we also archive projects that don't continue to update their security vulnerabilities. So we don't want people using open source projects that are vulnerable. And this of course, isn't just you know, VMware has problem with you know, happens with cn CF projects it happens with, with everybody's projects, and you really, you really need to make sure that there are people who can actually make fixes especially around security vulnerabilities and then get those fixes were released into the you know, the next version of the product.

 

Heather Joslyn  4:33  

Well, as someone suggested, particularly in the wake of the log for J vulnerabilities discovered late last year that one way to ensure that people continue to maintain an update, open source is to pay them. What is your take on that?

 

Dawn Foster  4:46  

A huge plus one to that? Absolutely. I mean, you know, I get paid for my participation in open source. So VMware pays my salary. A lot of my a lot of my work is in open source, open source projects. So and I I think I think that's something that it's becoming increasingly more common. So you look at like the Linux kernel and Kubernetes, where almost everyone is paid to contribute to those projects, which is different than it was an open source 20 years ago, right. But I think it's, I think it's incredibly important because those people who are paid to do this full time, they have more time to do this, they have more more resources with their company. So they're going to tend to be a little bit more reliable just because they're they're going to have a certain number of, you know, certain amount of time that's devoted to contributing to these projects, assuming that the company's continued to do that. But I think, you know, I'm, I'm a fan of a lot of the work that the Linux Foundation has done to, you know, pay some maintainers and put things under foundations and make sure that projects are, are well looked after. I think that's important. I think the other side effect of paying people to contribute to open source is that you get more diverse open source contributors, because you by paying people salaries to do this work in open source, you get people who wouldn't naturally have time to do that. So in a lot of cases, this is women who have extra childcare responsibilities. This is people from underrepresented backgrounds who have other commitments outside of work. But by allowing them to do that within their work time, you not only get healthier, longer sustaining open source projects, you get more diverse contributions.

 

Heather Joslyn  6:18  

Would Perl Do you think the open source community of contributors in particular can play toward making these project more sustainable? Yeah. So

 

Dawn Foster  6:25  

there, there are a lot of things that projects can do, my most recent bandwagon that I jump up and down on is making sure that you have really good documentation and onboarding processes for contributors. So if people don't know how to build your software, or how to get a development environment up and running, they're not going to be able to contribute to the project. So making it as easy as you possibly can through you know, there are some some tools you can use to give people development environments, so they don't have to spin one up on their own. There's better contributor documentation, which says, These are the steps you need to do to get a development environment up and running, here are the tests you need to run, here's the whole process. And if you don't have that documented, it's really hard to get anyone to contribute at all anyways. And then the other thing that I think a lot of projects are starting to take advantage of, but should take more advantage of is, you know, mentoring programs. So if you look at Outreachy as a fantastic one, you know, Google Summer of Code, Google Summer of docs, there are lots of CNCF has some mentoring programs as well. But pulling new people into the project and paying them through a mentorship and bringing more people on board, I think can help a lot. And that's one of the I think that's one of the areas that maintainers tend to fall down on. Because it's it's hard to take the if you're already a busy, overworked maintainer, it is really hard to take that more time to teach someone else how to do it, and it really pays off in the long run. Yeah, but it's hard in the short term for maintainers to take that time aside to you know, mentor and bring up new contributors.

 

Heather Joslyn  7:57  

It seems like to some degree, it's kind of a management issue, too, is like it's it's, it's can take more time to coach or to to mentor but in the long run it it pays off than just doing in the just,

 

Dawn Foster  8:09  

yeah, exactly. It's it's short term costs for a long term benefit. Really?

 

Heather Joslyn  8:13  

Yeah. what can companies do? And what does VMware do to help sort of inspire a culture of of contributing upstream to open source projects?

 

Dawn Foster  8:22  

Yeah, so we have we have a few different programs within within VMware that that help with this, we, we run some regular meetups internally within VMware, that are more educational, so we try to help people understand what they need to do to contribute upstream or you know, what they can do to be better maintainer for the VMware originated open source projects. So we have we have meetups as the best practices around that. We also have really extensive open source guidelines, which are really around these are the things that you can do to make your contributions better. These are the processes we have at VMware. And, you know, it's really focused on trying to make sure that when VMware contributes to these open source projects that we're doing so it's a good corporate citizen, and that we're doing this in the right way. So anything we can do just to provide educational materials within our company is worth it.

 

Heather Joslyn  9:13  

Can you tell me about the chaos project? Yeah, absolutely. So

 

Dawn Foster  9:16  

the chaos projects, one of my favorite projects? Oh, it is it is also one of the most newcomer friendly projects. And we yeah, we get a lot of new contributors through the chaos project, but chaos itself, it's a community health analytics for open source projects. That's where the chaos comes from. And were focused on developing metrics for around Project Health. So metrics that help you understand where your project is healthy and where it isn't, so that you can decide what changes you need to make within your project to make it better. And the reason that the CAS project in particular is so friendly to newcomers is we spend, we spend a lot of time just defining metrics, which means working in a Google Doc and and thinking about all of the different ways you might possibly measure something, something like you know is, are you getting a diverse set of contributors into your project from different organizations, for example? So we have an organizational diversity metric. We also have a lot of diversity, equity and inclusion metrics. So how do you measure whether your event is is diverse, and we also do dei badging? So events can apply to get a DI badge for their event that we run through a whole process about whether or not their event is, you know, meets our diversity, equity and inclusion guidelines?

 

Heather Joslyn  10:33  

Is there any plan to sort of make those? Would this be on the user to use those metrics themselves? Or would it be a situation where those metrics are, you know, how a project rates, for example, or an event rates would be, you know, easily accessible to the public? Like, if you had a GitHub project? Would you be able to go to that GitHub project and see it as a potential contributor and see how it rates in terms of

 

Dawn Foster  10:57  

Yeah, so we don't, we don't necessarily rate projects. We also don't like to compare them against each other. But we do have, we do have tooling. So we have with there are a couple of tools. There's one called auger and one called Grimoire lab that are under the chaos project, okay. And then there are loads of other tools. So like cn CF has dev stats, which is a cn CF project. It's not nothing to do with chaos. But it measures a lot of the same things as the chaos tools, and they they spin up those dashboards for all cn CF projects. Okay, so anybody can go out and they can look at some of these dashboards. So if somebody has spun up a dashboard, whether it's using chaos tools are somebody else's tools than anybody can see, you know, various aspects of that, that projects health.

 

Heather Joslyn  11:36  

Okay, great. What are some of the new initiatives in addition to cast that you see that to to help foster open source sustainability that you'd like to draw attention to?

 

Dawn Foster  11:45  

Yeah, absolutely. I mean, I think some of the new mentoring initiatives within the CNC F are one way to improve sustainability. So I talked about this a little bit earlier, but that falls under the CNC F tag contributor strategy that I'm involved in. And so we just spun up a whole new mentoring working group, and we're looking at new ways to get people involved. And one of the things that that groups doing, they have some people in New Zealand, who are working with some indigenous communities and trying to get more women from indigenous communities involved in cn CF projects through the mentoring program. Okay, so they're doing some really interesting things with the idea that that wouldn't just be in New Zealand that we could, you know, maybe replicate that into other underrepresented communities across the world. So I think, I think that's one thing to look at. And I think you can look at also some of the initiatives coming out of Africa. So like she codes, Africa and some of those initiatives to try and get more people involved in open source projects. I think that's kind of the the new and interesting thing for sustainability of projects is really getting people from these underrepresented backgrounds and mentoring them and giving them opportunities within these projects.

 

Heather Joslyn  12:47  

Right. And obviously, also, that's to some degree contributing to open source creates a pipeline of talent as well, for companies that want to hire organizations that need additional tech talent. Yeah, for sure. Yeah, absolutely. Yeah. Just to dream a little bit, what are some other ideas that you'd like to see get more traction in this this area in this space? Open Source sustainability?

 

Dawn Foster  13:07  

Yeah, it's it's a good question. I mean, one of the things that I worry a lot about right now is maintainer burnout. So you know, we have, we have things like maintainer circle that we run out of, again, tag contributors strategy for the CNC F, and it really is, it acts kind of as a support group for maintainers. And so it's just maintainers talking to other maintainers about ways ways to improve their, you know, the success of their projects. But I really think that we need to do, we need to do more to address maintainer burnout. And it's something that's, that's really, it's really hard to do for open source projects, because, you know, any random person can file issues and bug maintainers all day in ways that are that are not productive. And, you know, we end up with maintainer burnout. And we also end up with maintainer burnout, because we just don't have enough maintainers. So getting, I think, really kind of this pipeline of getting new people into these projects and participating in ways that is eventually reducing the load on these horribly overworked maintainers is is a good thing. Do you

 

Heather Joslyn  14:07  

think the pandemic had an effect on burnout in general? Who was gonna make it worse than it? Did it ease the burden on people or

 

Dawn Foster  14:14  

or it? It depends, actually. So at the beginning,

 

Heather Joslyn  14:18  

as an engineer, that's an engineered answer.

 

Dawn Foster  14:20  

At the beginning of the pandemic, we saw a big uptick in open source because all of a sudden, people just had all of this time on their hands, and they did not know what to do with it. Now over time, and the reason I say it depends is because it actually fragmented so Josh Burke has done he did some research on this, and it was a little bit anecdotal, a little bit based on CNCF stats, but what he found was that there was there was kind of a tipping point at which people who did not have kids and a lot of family responsibilities at home continued to sustain this higher level. And people who had kids who are now like homeschooling them from home, there were all these additional responsibilities that they hadn't had before. Yeah, their contributions to open SARS tended to go down. So it really tended to have a bit of a split based on whether or not you had a lot of whether or not you had kids at home family commitments, things like that. It's interesting.

 

Heather Joslyn  15:08  

Anything else we should cover on this topic that you would like people to know if they're a maintainer or they are thinking about, you know, would like to contribute more? Oh, that's

 

Dawn Foster  15:18  

a, that's a good question. I would encourage people to contribute to open source projects, if they're, if they're not already. I think it's fun. I mean, the projects that I contribute to are I do it because I like it. It's also part of my job. But Kaos is a fun project to contribute to some of the CN CF projects are fun, like Kubernetes has a whole contributor strategy group that you can get involved in. And that's a great way to get an inroads into contributing. So even if you're not writing any code, you're not doing anything super technical, you can still get involved and helping the contributor experience for everybody by contributing to some of these like this contributor experience group. And then within the CN CF, we have tag contributors strategy. So we've got loads of resources for maintainers that are published on the website. But people can also get involved, they can come to our meetings, they can help other people, they can come talk to us. So I would encourage people to use the resources that are out there to to talk to other maintainers and know that they're not alone. And and then if they're not already involved as a contributor to get involved so that we can increase this this pipeline of new contributors into open source

 

Heather Joslyn  16:21  

projects, and also help document write documentation. writing documentation

 

Dawn Foster  16:25  

is a fabulous way to get involved in an open source projects. Great.

 

Heather Joslyn  16:30  

Well, thank you very much for joining us today, Don. We've been joined today by Don foster of VMware open source program office. And I just wanted to say thank you for joining us today on this on the road edition of the new stack makers, and we'll see you soon.

 

Alex Williams  16:45  

Thanks for listening. If you liked the show, please rate and review us on Apple podcast, Spotify, or wherever you get your podcasts. That's one of the best ways you can help us grow this community and we really appreciate your feedback. You can find the full video version of this episode on YouTube. Search for the new stack and don't forget to subscribe so you never miss any new videos. Thanks for joining us and see you soon.

 

Transcribed by https://otter.ai