Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

An OSPO for OSPOS: How GitHub does open source

Eric Sorenson
May 11, 2023
Technology
0
39

An OSPO for OSPOS: How GitHub does open source

As the OSPO at the home for the world’s developers, GitHub’s OSPO has a unique dual mission: we’re both managing GitHub’s open source projects and helping organizations that use GitHub as the center of their OSS activity. In this talk, Eric will enumerate projects on both sides of that equation and share lessons learned from working within GitHub and with open source communities. Open source ownership: We’re building an inventory of GitHub’s hundreds of orgs and the repos they contain. This project aims to define “durable ownership” for the projects which are still viable and to send the rest of them off into the sunset. License compliance: Like many large organizations, our codebase has thousands of repos and tens of thousands of dependencies. We also have a legal team that wants to make sure these dependencies don’t put us at risk. Building “get right” tooling has been a huge undertaking, but maybe others can learn from our efforts. Org health metrics : We’re always trying to answer questions with data, and a critical one is: are our projects healthy? The dashboard we’re building aims to provide helpful numbers to answer this question based on research from CHAOSS. Attendees will leave the talk with tool and process recommendations and perhaps some coveted Octocat stickers.

Eric Sorenson

May 11, 2023
Tweet

More Decks by Eric Sorenson

See All by Eric Sorenson
GitHub Organization Metrics Dashboard [beta]
ahpook
0
68
Relay by Puppet: the Next Leg
ahpook
0
120
Cloud Native Configuration Management
ahpook
0
4.3k
Welcome to SSLandia: PKI Improvements in Puppet 6
ahpook
0
150
Fourth Generation Configuration Management
ahpook
0
320
Twenty Years of Configuration Management
ahpook
1
190
Open-Source Maintainership and Community in 2016
ahpook
0
380
A Platform for a Roadmap: Mixing Metaphors for Fun and Profit
ahpook
0
91
Puppet and Devops for Automation
ahpook
0
110

Other Decks in Technology

See All in Technology
12/2(月)のBedrockアプデ速報(re:Invent 2024 Daily re:Cap #1 with AWS Heroes)
minorun365
PRO
1
220
偶有的複雑性と戦うためのアーキテクチャとチームトポロジー
knih
7
5.9k
Will multimodal language processing change the world?
keio_smilab
PRO
2
250
複雑なCI/CDから脱却したアーキテクチャ:NTTグループの内製プラットフォーム事例を通して / An Architecture Achieving Simplified CI/CD: Insights from NTT Group's In-House Platform Case Study
nttcom
0
100
【CNDW2024】SIerで200人クラウドネイティブのファンを増やした話
yuta1979
1
260
2024年のAmazon Bedrockアップデート一挙おさらい 〜まだ間に合う! re:Invent直前までの重大ニュースを速習しよう〜
minorun365
PRO
3
160
LLMアプリケーションの評価と継続的改善
pharma_x_tech
2
170
ONNX推論クレートの比較と実装奮闘記
emergent
0
260
SLMをエッジAIとして検証してみて分かったこと
iotcomjpadmin
0
290
Entra ID の基礎(Japan Microsoft 365 コミュニティ カンファレンス 2024)
murachiakira
3
2.1k
最強DB講義 #35 大規模言語モデルに基づく検索モデル
mpkato
1
120
歴史あるRuby on Railsでデッドコードを見つけ、 消す方法@yabaibuki.dev #3
ayumu838
0
1.7k

Featured

See All Featured
Designing Experiences People Love
moore
138
23k
Git: the NoSQL Database
bkeepers
PRO
427
64k
Why Our Code Smells
bkeepers
PRO
334
57k
Ruby is Unlike a Banana
tanoku
97
11k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
It's Worth the Effort
3n
183
27k
[RailsConf 2023] Rails as a piece of cake
palkan
52
5k
Building Adaptive Systems
keathley
38
2.3k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Statistics for Hackers
jakevdp
796
220k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k

Transcript

  1. May 2023 OSS Summit NA 2023: OSPOCon An OSPO for

    OSPOs: Open Source at GitHub Eric Sorenson // @ahpook // Sr Product Manager, OSPO

  2. May 2023 OSS Summit NA 2023: OSPOCon Let’s build from

    here 100M+ 4M+ 2.6B+ 1,000+ 200M+ Developers Organizations Contributions per year Top open source communities Private + public repositories

  3. May 2023 OSS Summit NA 2023: OSPOCon “ GitHub Open

    source contributions make technology better for everyone. And it has become synonymous with enterprise software, advancing overall innovation for all of us. These developers are part of our teams, and it is our responsibility to support sustainable open source. Thomas Dohmke, CEO

  4. May 2023 OSS Summit NA 2023: OSPOCon GitHub and the

    open source enterprise No single person or team can make the progress that we can all make together.

  5. May 2023 OSS Summit NA 2023: OSPOCon Adding one open

    source library adds thousands of developers to your team.

  6. May 2023 OSS Summit NA 2023: OSPOCon “ Sun Microsystems

    CEO, 2005 Open source software is free like a puppy is free. Scott McNealy

  7. May 2023 OSS Summit NA 2023: OSPOCon How GitHub Does

    Open Source

  8. May 2023 OSS Summit NA 2023: OSPOCon Open source is

    at the core of GitHub 45,000 Unique open source components 40% GitHub employees contributing to open source 2,600+ Open source repositories

  9. May 2023 OSS Summit NA 2023: OSPOCon 1 2 3

    4 Contribute to the projects we rely on Share and maintain our projects Increase open source adoption for the world’s developers Help customers and community improve their open source efforts GitHub’s commitment to open source

  10. May 2023 OSS Summit NA 2023: OSPOCon Git Git Large

    File Storage Core git maintainer Tools Homebrew VS Code Languages React Ruby Go Ecosystem npm Packages Actions marketplace GitHub’s open source contributions

  11. May 2023 OSS Summit NA 2023: OSPOCon GitHub’s Open Source

    Projects GitHub CLI NPM GitHub Desktop CodeQL Dependabot Core

  12. May 2023 OSS Summit NA 2023: OSPOCon Community Involvement

  13. May 2023 OSS Summit NA 2023: OSPOCon Primer Docs Roadmap

    Discussions Publish everything* *some exceptions may apply

  14. May 2023 OSS Summit NA 2023: OSPOCon Lives in public

    GitHub repo. Will only include ships we are comfortable sharing publicly, but that includes enterprise and security products. Public Roadmap

  15. May 2023 OSS Summit NA 2023: OSPOCon GitHub’s Open Source

    Program Office

  16. May 2023 OSS Summit NA 2023: OSPOCon To enable individuals

    at GitHub and beyond to innovate more through open source. GitHub’s Open Source Program Office ensures GitHub consumes open source safely and participates effectively in open source. We also help our customers adopt open source best practices. Mission:

  17. May 2023 OSS Summit NA 2023: OSPOCon Programs: Help GitHub

    and Hubbers Durable Ownership of our code License Compliance Open Source releases Programs and Products Products: Help customers and community Organization Health Metrics Open OSPO Project Friction Fixes

  18. May 2023 OSS Summit NA 2023: OSPOCon OSPO (and friends)

    Programs

  19. May 2023 OSS Summit NA 2023: OSPOCon Scan our codebase

    and alert about potential license problems Goals: • Implement ‘get clean’ workflow • Be minimally annoying • Explore productization License Compliance

  20. May 2023 OSS Summit NA 2023: OSPOCon SPDX Policy OSPO

    Policy Service GitHub App Scan repositories Resolve dependencies Create issues Look up license information

  21. May 2023 OSS Summit NA 2023: OSPOCon • ~350 out

    of 6000 repositories had potential issues, ~1000 in all • Most of these were bad data, very few required code changes • Still too annoying • Fixes: More docs, more automation, more curation, more dry runs • Open source results: github/go-spx, clearlydefined PRs Current state, lessons learned

  22. May 2023 OSS Summit NA 2023: OSPOCon Goal: Reduce business

    risk of unmanaged OSS Key questions: What OSS do we have? Who owns it? Is it safe? Durable Ownership

  23. May 2023 OSS Summit NA 2023: OSPOCon Durable Ownership Lessons

    Backtracking is tough. Get out ahead of your developers if you can! Backstop policy with automation and tools. Make it easy to do the right thing. Provide incentives, not just deterrents. E.g. moving to a new org means looser collaboration restrictions

  24. May 2023 OSS Summit NA 2023: OSPOCon Sustainability and maintainership

    Policy for releasing internal software as OSS Triage and office hours Issue templates and release checklist Open Source Release process

  25. May 2023 OSS Summit NA 2023: OSPOCon OSPO (and friends)

    Products

  26. May 2023 OSS Summit NA 2023: OSPOCon Average sponsorship $

    from an organization is 14x individual Direct financial support for projects your business relies on Organization sponsorships is now GA! Bulk sponsorships let you address a group of dependent projects at once GitHub Sponsors

  27. May 2023 OSS Summit NA 2023: OSPOCon Open conversations about

    the code and the community Less “formal” than an Issue, but attached to a repo for locality of reference Discussions

  28. May 2023 OSS Summit NA 2023: OSPOCon Organization Metrics Dashboard

    Community Standards README Code of Conduct License Contributing Guide Contribution Data Types of contributions over time Overall contribution stats Project Activity Trends in active/inactive repos* Issues and PRs opened vs closed Mean Time to Resolution

  29. May 2023 OSS Summit NA 2023: OSPOCon

  30. May 2023 OSS Summit NA 2023: OSPOCon Tools, policies, and

    guides to help you get started Open-sourced from GitHub’s OSPO Open OSPO Project

  31. May 2023 OSS Summit NA 2023: OSPOCon Get involved, get

    help, and connect with peers in the OSPO community at GitHub

  32. May 2023 OSS Summit NA 2023: OSPOCon github.com/ github/github-ospo Policies,

    tools, and documentation from GitHub’s OSPO program to help you get started community/ospo/discussions Peer-to-peer discussion area for questions about metrics, success stories, and more todogroup/ospology Large community of OSPO practitioners talking about their challenges and approaches

  33. May 2023 OSS Summit NA 2023: OSPOCon Thank you

  34. May 2023 OSS Summit NA 2023: OSPOCon