Upgrade to Pro — share decks privately, control downloads, hide ads and more …

An OSPO for OSPOS: How GitHub does open source

An OSPO for OSPOS: How GitHub does open source

As the OSPO at the home for the world’s developers, GitHub’s OSPO has a unique dual mission: we’re both managing GitHub’s open source projects and helping organizations that use GitHub as the center of their OSS activity. In this talk, Eric will enumerate projects on both sides of that equation and share lessons learned from working within GitHub and with open source communities. Open source ownership: We’re building an inventory of GitHub’s hundreds of orgs and the repos they contain. This project aims to define “durable ownership” for the projects which are still viable and to send the rest of them off into the sunset. License compliance: Like many large organizations, our codebase has thousands of repos and tens of thousands of dependencies. We also have a legal team that wants to make sure these dependencies don’t put us at risk. Building “get right” tooling has been a huge undertaking, but maybe others can learn from our efforts. Org health metrics : We’re always trying to answer questions with data, and a critical one is: are our projects healthy? The dashboard we’re building aims to provide helpful numbers to answer this question based on research from CHAOSS. Attendees will leave the talk with tool and process recommendations and perhaps some coveted Octocat stickers.

Eric Sorenson

May 11, 2023
Tweet

More Decks by Eric Sorenson

Other Decks in Technology

Transcript

  1. May 2023 OSS Summit NA 2023: OSPOCon
    An OSPO for OSPOs:
    Open Source at GitHub
    Eric Sorenson // @ahpook // Sr Product Manager, OSPO

    View full-size slide

  2. May 2023 OSS Summit NA 2023: OSPOCon
    Let’s build from here
    100M+ 4M+ 2.6B+ 1,000+ 200M+
    Developers Organizations Contributions
    per year
    Top open source
    communities
    Private + public
    repositories

    View full-size slide

  3. May 2023 OSS Summit NA 2023: OSPOCon

    GitHub
    Open source contributions make technology better for
    everyone. And it has become synonymous with
    enterprise software, advancing overall innovation for all
    of us. These developers are part of our teams, and it is
    our responsibility to support sustainable open source.
    Thomas Dohmke, CEO

    View full-size slide

  4. May 2023 OSS Summit NA 2023: OSPOCon
    GitHub and the
    open source
    enterprise
    No single person or team can make
    the progress that we
    can all make together.

    View full-size slide

  5. May 2023 OSS Summit NA 2023: OSPOCon
    Adding one open source
    library adds thousands of
    developers to your team.

    View full-size slide

  6. May 2023 OSS Summit NA 2023: OSPOCon

    Sun Microsystems CEO, 2005
    Open source software is free
    like a puppy is free.
    Scott McNealy

    View full-size slide

  7. May 2023 OSS Summit NA 2023: OSPOCon
    How GitHub Does
    Open Source

    View full-size slide

  8. May 2023 OSS Summit NA 2023: OSPOCon
    Open source is
    at the core of
    GitHub
    45,000
    Unique open source components
    40%
    GitHub employees contributing
    to open source
    2,600+
    Open source repositories

    View full-size slide

  9. May 2023 OSS Summit NA 2023: OSPOCon
    1
    2
    3
    4
    Contribute to the projects we rely on
    Share and maintain our projects
    Increase open source adoption for the
    world’s developers
    Help customers and community
    improve their open source efforts
    GitHub’s
    commitment
    to open source

    View full-size slide

  10. May 2023 OSS Summit NA 2023: OSPOCon
    Git
    Git Large File Storage
    Core git maintainer
    Tools
    Homebrew
    VS Code
    Languages
    React
    Ruby
    Go
    Ecosystem
    npm
    Packages
    Actions marketplace
    GitHub’s open source contributions

    View full-size slide

  11. May 2023 OSS Summit NA 2023: OSPOCon
    GitHub’s Open Source Projects
    GitHub CLI NPM GitHub Desktop
    CodeQL Dependabot Core

    View full-size slide

  12. May 2023 OSS Summit NA 2023: OSPOCon
    Community Involvement

    View full-size slide

  13. May 2023 OSS Summit NA 2023: OSPOCon
    Primer
    Docs
    Roadmap
    Discussions
    Publish
    everything*
    *some exceptions may apply

    View full-size slide

  14. May 2023 OSS Summit NA 2023: OSPOCon
    Lives in public GitHub repo.
    Will only include ships we are
    comfortable sharing publicly, but that
    includes enterprise and security
    products.
    Public Roadmap

    View full-size slide

  15. May 2023 OSS Summit NA 2023: OSPOCon
    GitHub’s Open Source
    Program Office

    View full-size slide

  16. May 2023 OSS Summit NA 2023: OSPOCon
    To enable individuals at GitHub and
    beyond to innovate more through open source.
    GitHub’s Open Source Program Office ensures GitHub consumes
    open source safely and participates effectively in open source.
    We also help our customers adopt open source best practices.
    Mission:

    View full-size slide

  17. May 2023 OSS Summit NA 2023: OSPOCon
    Programs: Help GitHub and
    Hubbers
    Durable Ownership of our code
    License Compliance
    Open Source releases
    Programs and Products
    Products: Help customers
    and community
    Organization Health Metrics
    Open OSPO Project
    Friction Fixes

    View full-size slide

  18. May 2023 OSS Summit NA 2023: OSPOCon
    OSPO (and friends)
    Programs

    View full-size slide

  19. May 2023 OSS Summit NA 2023: OSPOCon
    Scan our codebase and alert about
    potential license problems
    Goals:
    ● Implement ‘get clean’ workflow
    ● Be minimally annoying
    ● Explore productization
    License
    Compliance

    View full-size slide

  20. May 2023 OSS Summit NA 2023: OSPOCon
    SPDX Policy
    OSPO Policy
    Service
    GitHub App
    Scan
    repositories
    Resolve
    dependencies
    Create issues
    Look up license
    information

    View full-size slide

  21. May 2023 OSS Summit NA 2023: OSPOCon
    ● ~350 out of 6000 repositories had potential issues, ~1000 in all
    ● Most of these were bad data, very few required code changes
    ● Still too annoying
    ● Fixes: More docs, more automation, more curation, more dry runs
    ● Open source results: github/go-spx, clearlydefined PRs
    Current state, lessons learned

    View full-size slide

  22. May 2023 OSS Summit NA 2023: OSPOCon
    Goal:
    Reduce business risk of
    unmanaged OSS
    Key questions:
    What OSS do we have?
    Who owns it?
    Is it safe?
    Durable
    Ownership

    View full-size slide

  23. May 2023 OSS Summit NA 2023: OSPOCon
    Durable Ownership Lessons
    Backtracking is tough.
    Get out ahead of your
    developers if you can!
    Backstop policy with
    automation and tools.
    Make it easy to do the
    right thing.
    Provide incentives, not just
    deterrents. E.g. moving to
    a new org means looser
    collaboration restrictions

    View full-size slide

  24. May 2023 OSS Summit NA 2023: OSPOCon
    Sustainability and
    maintainership
    Policy for releasing
    internal software as OSS
    Triage and office
    hours
    Issue templates and
    release checklist
    Open Source
    Release
    process

    View full-size slide

  25. May 2023 OSS Summit NA 2023: OSPOCon
    OSPO (and friends)
    Products

    View full-size slide

  26. May 2023 OSS Summit NA 2023: OSPOCon
    Average sponsorship $ from an
    organization is 14x individual
    Direct financial support for projects your
    business relies on
    Organization sponsorships is now GA!
    Bulk sponsorships let you address a
    group of dependent projects at once
    GitHub
    Sponsors

    View full-size slide

  27. May 2023 OSS Summit NA 2023: OSPOCon
    Open conversations about the
    code and the community
    Less “formal” than an Issue, but
    attached to a repo for locality of
    reference
    Discussions

    View full-size slide

  28. May 2023 OSS Summit NA 2023: OSPOCon
    Organization Metrics Dashboard
    Community
    Standards
    README
    Code of Conduct
    License
    Contributing Guide
    Contribution Data
    Types of contributions over
    time
    Overall contribution stats
    Project Activity
    Trends in active/inactive repos*
    Issues and PRs opened vs
    closed
    Mean Time to Resolution

    View full-size slide

  29. May 2023 OSS Summit NA 2023: OSPOCon

    View full-size slide

  30. May 2023 OSS Summit NA 2023: OSPOCon
    Tools, policies, and guides to help you
    get started
    Open-sourced from GitHub’s OSPO
    Open OSPO
    Project

    View full-size slide

  31. May 2023 OSS Summit NA 2023: OSPOCon
    Get involved, get help, and
    connect with peers in the OSPO
    community at GitHub

    View full-size slide

  32. May 2023 OSS Summit NA 2023: OSPOCon
    github.com/
    github/github-ospo
    Policies, tools, and documentation from
    GitHub’s OSPO program to help you get started
    community/ospo/discussions
    Peer-to-peer discussion area for questions
    about metrics, success stories, and more
    todogroup/ospology
    Large community of OSPO practitioners talking
    about their challenges and approaches

    View full-size slide

  33. May 2023 OSS Summit NA 2023: OSPOCon
    Thank you

    View full-size slide

  34. May 2023 OSS Summit NA 2023: OSPOCon

    View full-size slide