Upgrade to Pro — share decks privately, control downloads, hide ads and more …

An OSPO for OSPOS: How GitHub does open source

An OSPO for OSPOS: How GitHub does open source

As the OSPO at the home for the world’s developers, GitHub’s OSPO has a unique dual mission: we’re both managing GitHub’s open source projects and helping organizations that use GitHub as the center of their OSS activity. In this talk, Eric will enumerate projects on both sides of that equation and share lessons learned from working within GitHub and with open source communities. Open source ownership: We’re building an inventory of GitHub’s hundreds of orgs and the repos they contain. This project aims to define “durable ownership” for the projects which are still viable and to send the rest of them off into the sunset. License compliance: Like many large organizations, our codebase has thousands of repos and tens of thousands of dependencies. We also have a legal team that wants to make sure these dependencies don’t put us at risk. Building “get right” tooling has been a huge undertaking, but maybe others can learn from our efforts. Org health metrics : We’re always trying to answer questions with data, and a critical one is: are our projects healthy? The dashboard we’re building aims to provide helpful numbers to answer this question based on research from CHAOSS. Attendees will leave the talk with tool and process recommendations and perhaps some coveted Octocat stickers.

Eric Sorenson

May 11, 2023
Tweet

More Decks by Eric Sorenson

Other Decks in Technology

Transcript

  1. May 2023 OSS Summit NA 2023: OSPOCon An OSPO for

    OSPOs: Open Source at GitHub Eric Sorenson // @ahpook // Sr Product Manager, OSPO
  2. May 2023 OSS Summit NA 2023: OSPOCon Let’s build from

    here 100M+ 4M+ 2.6B+ 1,000+ 200M+ Developers Organizations Contributions per year Top open source communities Private + public repositories
  3. May 2023 OSS Summit NA 2023: OSPOCon “ GitHub Open

    source contributions make technology better for everyone. And it has become synonymous with enterprise software, advancing overall innovation for all of us. These developers are part of our teams, and it is our responsibility to support sustainable open source. Thomas Dohmke, CEO
  4. May 2023 OSS Summit NA 2023: OSPOCon GitHub and the

    open source enterprise No single person or team can make the progress that we can all make together.
  5. May 2023 OSS Summit NA 2023: OSPOCon Adding one open

    source library adds thousands of developers to your team.
  6. May 2023 OSS Summit NA 2023: OSPOCon “ Sun Microsystems

    CEO, 2005 Open source software is free like a puppy is free. Scott McNealy
  7. May 2023 OSS Summit NA 2023: OSPOCon Open source is

    at the core of GitHub 45,000 Unique open source components 40% GitHub employees contributing to open source 2,600+ Open source repositories
  8. May 2023 OSS Summit NA 2023: OSPOCon 1 2 3

    4 Contribute to the projects we rely on Share and maintain our projects Increase open source adoption for the world’s developers Help customers and community improve their open source efforts GitHub’s commitment to open source
  9. May 2023 OSS Summit NA 2023: OSPOCon Git Git Large

    File Storage Core git maintainer Tools Homebrew VS Code Languages React Ruby Go Ecosystem npm Packages Actions marketplace GitHub’s open source contributions
  10. May 2023 OSS Summit NA 2023: OSPOCon GitHub’s Open Source

    Projects GitHub CLI NPM GitHub Desktop CodeQL Dependabot Core
  11. May 2023 OSS Summit NA 2023: OSPOCon Primer Docs Roadmap

    Discussions Publish everything* *some exceptions may apply
  12. May 2023 OSS Summit NA 2023: OSPOCon Lives in public

    GitHub repo. Will only include ships we are comfortable sharing publicly, but that includes enterprise and security products. Public Roadmap
  13. May 2023 OSS Summit NA 2023: OSPOCon To enable individuals

    at GitHub and beyond to innovate more through open source. GitHub’s Open Source Program Office ensures GitHub consumes open source safely and participates effectively in open source. We also help our customers adopt open source best practices. Mission:
  14. May 2023 OSS Summit NA 2023: OSPOCon Programs: Help GitHub

    and Hubbers Durable Ownership of our code License Compliance Open Source releases Programs and Products Products: Help customers and community Organization Health Metrics Open OSPO Project Friction Fixes
  15. May 2023 OSS Summit NA 2023: OSPOCon Scan our codebase

    and alert about potential license problems Goals: • Implement ‘get clean’ workflow • Be minimally annoying • Explore productization License Compliance
  16. May 2023 OSS Summit NA 2023: OSPOCon SPDX Policy OSPO

    Policy Service GitHub App Scan repositories Resolve dependencies Create issues Look up license information
  17. May 2023 OSS Summit NA 2023: OSPOCon • ~350 out

    of 6000 repositories had potential issues, ~1000 in all • Most of these were bad data, very few required code changes • Still too annoying • Fixes: More docs, more automation, more curation, more dry runs • Open source results: github/go-spx, clearlydefined PRs Current state, lessons learned
  18. May 2023 OSS Summit NA 2023: OSPOCon Goal: Reduce business

    risk of unmanaged OSS Key questions: What OSS do we have? Who owns it? Is it safe? Durable Ownership
  19. May 2023 OSS Summit NA 2023: OSPOCon Durable Ownership Lessons

    Backtracking is tough. Get out ahead of your developers if you can! Backstop policy with automation and tools. Make it easy to do the right thing. Provide incentives, not just deterrents. E.g. moving to a new org means looser collaboration restrictions
  20. May 2023 OSS Summit NA 2023: OSPOCon Sustainability and maintainership

    Policy for releasing internal software as OSS Triage and office hours Issue templates and release checklist Open Source Release process
  21. May 2023 OSS Summit NA 2023: OSPOCon Average sponsorship $

    from an organization is 14x individual Direct financial support for projects your business relies on Organization sponsorships is now GA! Bulk sponsorships let you address a group of dependent projects at once GitHub Sponsors
  22. May 2023 OSS Summit NA 2023: OSPOCon Open conversations about

    the code and the community Less “formal” than an Issue, but attached to a repo for locality of reference Discussions
  23. May 2023 OSS Summit NA 2023: OSPOCon Organization Metrics Dashboard

    Community Standards README Code of Conduct License Contributing Guide Contribution Data Types of contributions over time Overall contribution stats Project Activity Trends in active/inactive repos* Issues and PRs opened vs closed Mean Time to Resolution
  24. May 2023 OSS Summit NA 2023: OSPOCon Tools, policies, and

    guides to help you get started Open-sourced from GitHub’s OSPO Open OSPO Project
  25. May 2023 OSS Summit NA 2023: OSPOCon Get involved, get

    help, and connect with peers in the OSPO community at GitHub
  26. May 2023 OSS Summit NA 2023: OSPOCon github.com/ github/github-ospo Policies,

    tools, and documentation from GitHub’s OSPO program to help you get started community/ospo/discussions Peer-to-peer discussion area for questions about metrics, success stories, and more todogroup/ospology Large community of OSPO practitioners talking about their challenges and approaches