Will open source take the path of disobedience?

The more “successful” an open source project is, the more pressure it puts on maintainers.

In late 2021, the Log4j security breach once again brought the challenges facing the open source world into the spotlight. Mike Melanson wrote in his New Stack column:

This crisis is as if someone is saying “I said this would be the case” to the open source community – the open source community that thinks it can support and maintain projects at almost no cost (or even no cost) all the time. Once, but it was revealed.

While open source faces all kinds of problems, it is ultimately a very important part of many developers. Even for some, open source has been a key aspect of their careers.

“If I hadn’t contributed to open source software, I really wouldn’t have a career in web development,” Callum Macrae, a software developer and author of two O’Reilly books (on the subject of jQuery and Vue.js), told via email The New Stack: “If I had taken a different path into web development, my career would have been very different (and probably not as good as it is now).”

Macrae clearly values ​​what open source means for developers like him, but he’s also skeptical about the future of open source, at least from a maintainer’s perspective.

“I don’t think the current open source model is sustainable for the participants,” he said. “This model requires people to contribute as much as they can for almost nothing in return, and the last person is exhausted. He has to count on someone to take his job – and there’s always someone!”

The more “successful” an open source project is, the more pressure it puts on maintainers. Open source has now become a fundamental part of the global economy, so it’s only natural that over the past five years there have been many initiatives aimed at helping those developers of open source software, such as GitHub Sponsors and Tidelift. But overall, most of the work people do in the open source community is still unpaid.

How has the open source industry changed?

Open source program offices are on the rise

There are a lot of people asking what the next step for the open source industry should be. The growing number of Open Source Program Offices (OSPOs) show that businesses are also paying more and more attention to what open source is and what it involves.

According to a September survey by The New Stack, Linux Foundation Research, and TODO Group, 77 percent of organizations that have launched OSPOs report that the offices have had a positive impact on their software development efforts.

However, it should be noted that the trend of OSPO is just beginning, and there is still a lot of room for development. The above survey also surveyed organizations that have not opened an OSPO, of which 35% of respondents said they had not considered it, 28% said they did not see the business value in this regard, and 19% said Those who said they had never heard of the concept.

These statistics should give us a glimpse into the leopard and give us a sense of the scale of the task ahead.

In addition to questions about the popularity of OSPO, these findings allow us to ask some more fundamental questions about the ways in which open source is encouraged and supported within organizations. Statistics from the September study are a warning that we may be regressing:

• Forty-two percent of respondents said their organization’s engineers often or sometimes contribute to upstream open source projects, down from 48 percent in 2020.

• Thirty-six percent of respondents said they would train engineers to contribute to open source projects, down from 42 percent last year.

This shows a disconnect between the development of various new mechanisms and institutions supporting the open source industry and the actual work. This may be partly because of the gap between the rhetoric and reality, but it may also be because the values ​​and independence of the “movement” are disappearing.

“The fun part is mostly gone, but the pressure and expectations have increased,” Macrae said. How does the open source movement maintain its creativity and collaborative spirit, while ensuring that maintainers of the foundational software the world depends on have the support they need?

What it means to be an open source contributor/maintainer has changed

Over the years, what it means to be an open source contributor or maintainer has changed.

In 2019, technical writer and researcher Nadia Eghbal pointed out in an Increment article that research in the late 2010s showed that the open source community is not consolidating, but dividing. Eghbal believes that this phenomenon is partly caused by the nature of GitHub:

Through standardized version control, developer identification mechanisms, and a great user experience, GitHub makes it easier for developers to enter individual projects and submit contributions. As a result, the project now has more contributors, but many of those contributors have become more superficial in their interaction with the project.

A 2016 study of popular projects on GitHub found that nearly half of the contributors in the sample contributed only once, accounting for less than 2% of total commits.

This evolution led to several consequences. On the one hand, it has technical implications. Patrick McFadin, vice president of developer relations at DataStax, told The New Stack that while “smaller contributions may be valuable, larger ones, such as new features, require a longer focus time.”

But the impact goes beyond technology. If contributions are more sporadic and “superficial,” then it’s no exaggeration to say that the open source industry’s sense of community is waning, which once profoundly affected the activity of contributing to open source projects.

Here’s what Macrae alluded to: “While most projects used to be community-led, it now feels like they’re often backed by big corporations – the most obvious example being React/Facebook.”

In today’s world, open source has been touted as another key element of speed and innovation, and it’s easy to overlook the above.

However, if you look at the software world when open source software was born—a climate of rivalry, even political confrontation—you should know that there are some key elements of tension beneath the harmonious surface of the tech industry. These issues, if not addressed, could make the future of the industry less interesting, with less human involvement and collaboration.

Open Source and Developer Relations

Open source is a place to learn

Participating in open source projects helps developers learn — not just coding, says Ana Jiménez Santamaría, program manager at TODO Group, an organization dedicated to supporting and promoting open source.

By contributing to open source projects, she said, “people have the opportunity to not only improve their coding skills, but also their soft skills, such as learning how to work in a collaborative environment.”

Macrae’s early experience with contributing to open source software supports this view. “I had never written PHP or HTML/JavaScript before, didn’t know what SVN and later Git was, and didn’t have any computer science knowledge,” he recalls.

A key part of his learning process is community: “I have a community that helps me learn while also contributing to something that thousands of people use.”

If we watch open source communities fall, will they still be spaces where developers can learn? The answer may be to look elsewhere for better training and support, such as finding online learning resources, or finding a job at an organization that really cares about your skills and career.

But this alternative is not entirely satisfactory: as long as open source remains participatory, the learning process there will be the same. You’re not learning a course or a list of skills; you’re learning how to build, fix, and improve something with other people.

Impact of Developer Relations

The growth of developer relations over the past few years can be seen as a symptom of the decline of “traditional” open source communities. It also shows a heightened awareness among businesses of the need to engage and nurture communities around specific tools.

To complete a master’s degree in data science, Santamaría studied how developer relations work in open source communities.

“Its main goal is to create a model that describes different types of developers based on the activities performed by different channels,” she said, adding, “The business value of this analysis is to capture a set of metrics that can be used by DevRel experts. , reporting on their work through a community-focused model.”

This is certainly interesting, but consider how foreign it would have been to developers working on free software 30 years ago.

That’s not to say how new the idea is; after all, community management is now part of modern working mechanisms in every field. Rather, it’s to point out that what we see as “community” has shifted from something very organic and interesting to something more organized, productive and efficient.

Perhaps, however, it is the idealism that sees community in some way as “organic” that causes many of the problems we see in open source software today.

“The open source world is a community of many communities, so it needs experts to nurture and grow those communities as part of the project’s sustainability,” Santamaría said.

“As open source adoption grows within organizations, I think ‘open source’ developer relationships are now key, both to educate developers on open source internally and externally, and to be the hub between the organization and the open source projects they care about. “

Interestingly, this model is consistent with the evolution of open source in Eghbal’s eyes, where a small number of maintainers are responsible for most of the work of the project. The industry may be moving from a state of mass participation to some kind of hosting culture.

This might be a good thing. But it also raises new questions: does this approach undermine true “openness”? Can it scale to meet the fundamental challenges we face?

Getting Started with Open Source

One of the benefits of bringing the developer relationship model to more open source work is that it can help solve one of the most difficult problems in contributing to open source: simplifying the onboarding process.

“While there are good beginner’s guides and courses online, there is no clear career path,” Santamaría said.

When developers need to continuously improve their knowledge to cope with the pressure of employment in fast-moving fields such as technology, there is no doubt that contributing to projects is not a priority for many newcomers.

Arguably, we are in the worst possible situation right now. So many communities that once helped many senior developers learn to code are gone, and there is no more formalized infrastructure to help people navigate the industry.

However, Santamaría does suggest some possible ways forward: a structured open source career path that includes “advocating good open source practices for a new generation” and raising awareness of open source among senior management to “save developers hours of work” ” to explore open source projects.

The concept of career nodes is mentioned elsewhere. In a blog post responding to the Log4j story, Google developer Filip Valsorda wrote: “You can’t start as a junior maintainer, get training, gain experience, and expect to eventually grow into a higher-paid senior maintainer. In It doesn’t work today.”

These changes take time. In the short term, projects like First Contributions on GitHub could provide a way to get started for people who want to get involved with open source.

Open Source and the “Tragedy of the Commons”

It’s clear that businesses need to play more of a role in open source. As Valsorda noted in the same blog post, “The concepts of open source sustainability and supply chain security are on everyone’s slides, blogs, and press releases. Big companies desperately need the open source ecosystem to professionalize.”

Amanda Brock, CEO of OpenUK, a non-profit organisation that supports the use of open technologies, agrees: “We not only need the best software – as is the case with global collaboration and diverse open source software – but also with appropriate funding to Make sure those who build all this foundational software maintain and support the security of that software.”

Brock cites some similar cases in the UK. For example, she mentioned the work of the Energy Digitization Working Group. The government group “recommends that the backbone of the digitized energy sector should be based on open source software. The NHS in the UK also now has an open source software-first approach to writing its code, with an increasing reliance on open source.”

However, while infrastructure projects adopting an open source software approach is a clear endorsement of this model, they do not necessarily address the problems existing projects face, or support the developers responsible for maintaining them.

Brock’s point is persuasive, saying that we need to “change the perception of open source software as the commons, and instead see it as a public good.” In some ways, however, the “tragedy of the commons” here is our failure to recognize that “commons” and “public interest” may actually be the same thing.

Hopefully the open source world remains a space for creative, independent-minded people to learn and explore, while also creating something that can benefit all. What is the point of open source if our solution to open source sustainability undermines this core ethos?

Original link: https://thenewstack.io/can-open-source-sustain-itself-without-losing-its-soul

The text and pictures in this article are from InfoQ