Navigating Open Source Project Hurdles to Achieve Community Empowerment; or how the heck do you get through graduation?

Slide 1

Slide 1 text

or how the heck do you get through graduation? Navigating Open Source Project Hurdles to Achieve Community Empowerment

Slide 2

Slide 2 text

Bob Killen @mrbobbytables OSS Program Manager @ Google Aizhamal Nurmamat kyzy @iamaijamal Director of DevRel @ Sysdig

Slide 3

Slide 3 text

Enter Alpacka A new super eﬃcient software packaging format with middle-out compression. @emrayquaza

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

Is my project right for CNCF? “CNCF’s mission is to make cloud native computing ubiquitous.”

Slide 7

Slide 7 text

Is CNCF right for my project? Or are there other Foundations that are better fit for my project?

Slide 8

Slide 8 text

Is CNCF right for my project? Or are there other Foundations that are better fit for my project?

Slide 9

Slide 9 text

What does CNCF give you? Visibility

Slide 10

Slide 10 text

What does CNCF give you? Visibility Alignment

Slide 11

Slide 11 text

What does CNCF give you? Visibility Alignment Legal framework

Slide 12

Slide 12 text

What does CNCF give you? A vendor-neutral home Visibility Alignment Legal framework

Slide 13

Slide 13 text

No content

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

No content

Slide 16

Slide 16 text

@emrayquaza

Slide 17

Slide 17 text

No content

Slide 18

Slide 18 text

Governance Requirements ● Adopt CNCF Code of Conduct ● Discoverable and simple project governance ● Sandbox ● Incubating ● Graduated

Slide 19

Slide 19 text

Governance Requirements ● Adopt CNCF Code of Conduct ● Discoverable and simple project governance ● Light "how to contribute" documentation ● All project metadata and resources are vendor-neutral ● Discoverable communication channel ● Sandbox ● Incubating ● Graduated

Slide 20

Slide 20 text

Slide 21

Slide 21 text

Technical Documentation (Messaging) ● Project goals, objectives and its differentiation in the Cloud Native landscape with supporting use cases. (identity) ● Sandbox ● Incubating ● Graduated

Slide 22

Slide 22 text

Technical Documentation ● Project goals, objectives and its differentiation in the Cloud Native landscape with supporting use cases. ● Sandbox ● Incubating ● Graduated Needs more cool demos, getting started guides, and how to install and use!

Slide 23

Slide 23 text

Security Requirements ● Document and enforce access control rules ○ 2fa / passkey ○ GitHub / Google Workspace permissions ○ Who has access to CI infra ● Sandbox ● Incubating ● Graduated

Slide 24

Slide 24 text

● Document and enforce access control rules ○ 2fa / passkey ○ GitHub / Google Workspace permissions ○ Who has access to CI infra ● Reporting + Triage process for security vulnerabilities Security Requirements ● Sandbox ● Incubating ● Graduated Creating a private security mailing list and simple triage workflow is super helpful right from the start.

Slide 25

Slide 25 text

Security Requirements ● Document and enforce access control rules ○ 2fa / passkey ○ GitHub / Google Workspace permissions ○ Who has access to CI infra ● Reporting + Triage process for security vulnerabilities ● Sandbox ● Incubating ● Graduated Setup a Secret Manager like 1password or Keybase early to save yourself a big headache later! Creating a private security mailing list and simple triage workflow is super helpful right from the start.

Slide 26

Slide 26 text

https://github.com/cncf/sandbox/

Slide 27

Slide 27 text

APPROVED @emrayquaza

Slide 28

Slide 28 text

No content

Slide 29

Slide 29 text

Sandbox Priorities Build Identity Use cases and advocacy

Slide 30

Slide 30 text

Sandbox Priorities Build Identity Use cases and advocacy First users Communication and Feedback

Slide 31

Slide 31 text

Sandbox Priorities Build Identity Use cases and advocacy Features and Velocity Simple dev process and good testing First users Communication and Feedback

Slide 32

Slide 32 text

Experiment!

Slide 33

Slide 33 text

CNCF Service and Marketing Benefits CNCF Service Desk - CI/CD - Legal and Foundation Services - Tools (Zoom, Slack, etc) - Website and Design - Technical Documentation - Certification and Training Services - Case Studies - Community Surveys - and more ● Sandbox ● Incubating ● Graduated Marketing & Event Support: - Virtual Only Events - In-Person Kiosk @ KubeCon https://github.com/cncf/servicedesk

Slide 34

Slide 34 text

This is going really well!

Slide 35

Slide 35 text

No content

Slide 36

Slide 36 text

This is going really well! Next milestone?

Slide 37

Slide 37 text

@emrayquaza

Slide 38

Slide 38 text

Sandbox Priorities Build Identity Use cases and advocacy Features and Velocity Simple dev process and good testing First users Communication and Feedback

Slide 39

Slide 39 text

Graduating from Sandbox Solidify Identity Production case studies

Slide 40

Slide 40 text

Graduating from Sandbox Solidify Identity Production case studies A good idea is to set up an ADOPTERS.md file!

Slide 41

Slide 41 text

Graduating from Sandbox Solidify Identity Production case studies A good idea is to set up an ADOPTERS.md file! Strong case studies are the pride of your project!

Slide 42

Slide 42 text

Graduating from Sandbox Solidify Identity Production case studies Contributor growth Contributor docs and processes

Slide 43

Slide 43 text

Graduating from Sandbox Solidify Identity Production case studies Contributor growth Contributor docs and processes Good issue templates and tags make life easier for you and others.

Slide 44

Slide 44 text

Graduating from Sandbox Solidify Identity Production case studies Features Little more stability and Roadmap Contributor growth Contributor docs and processes

Slide 45

Slide 45 text

No content

Slide 46

Slide 46 text

Slide 47

Slide 47 text

Governance Requirements ● Public documented communication channel ● Up-to-date meeting schedule ● Documented maintainer list ● Enumerate & document subprojects ● Demonstrate Contributor Growth / Pipeline ● Contributor lifecycle (onboarding, offboarding, emeritus) ● Sandbox ● Incubating ● Graduated Codifying a contributor lifecycle early will help as your project matures and gains more contributors.

Slide 48

Slide 48 text

Slide 49

Slide 49 text

Slide 50

Slide 50 text

Technical Docs & Processes ● Project Goals & Cloud Native Fit (identify) ● What does the project do and why? ● Overview of project architecture & software design (extended identity) ● Maintain roadmap or some forward looking docs / tracking mechanism ● Project release process ● Sandbox ● Incubating ● Graduated Oh no, we accidentally imported a GPL dependency. Regularly scan or implement CI check to prevent importing dependencies with an incompatible license!

Slide 51

Slide 51 text

Security Requirements ● Document and enforce access control rules ○ 2fa / passkey ○ GitHub / Google Workspace permissions ○ Who has access to CI infra ● Security vulnerability report / triage process ● Achieve a passing score of the Open Source Security Foundation “Best Practices” badge ● Perform and document a Security Self Assessment ● Sandbox ● Incubating ● Graduated https://github.com/cncf/tag-security

Slide 52

Slide 52 text

@emrayquaza APPROVED

Slide 53

Slide 53 text

@emrayquaza APPROVED

Slide 54

Slide 54 text

Incubation Priorities Experiments Stability and communication

Slide 55

Slide 55 text

Incubation Priorities Experiments Stability and communication Contributor growth Contributor ladder, roles

Slide 56

Slide 56 text

Incubation Priorities Experiments Stability and communication Revise Governance Formalized decision making Contributor growth Contributor ladder, roles

Slide 57

Slide 57 text

CNCF Marketing Benefits Events - Virtual Only Events - CNCF-hosted colo events KubeCon Project Opportunities - In-Person Kiosk - In-Person Project Meeting - PR Support - Maintainer Session - Project Video Updates (keynote) Marketing - CNCF Online Programs - CNCF Blog - Case Studies - Surveys Marketing Release Support Major: Incubating, Graduated - Project webinar (2/year) - CNCF Blog - Media engagement - Twitter Support https://github.com/cncf/servicedesk ● Sandbox ● Incubating ● Graduated

Slide 58

Slide 58 text

@emrayquaza

Slide 59

Slide 59 text

@emrayquaza

Slide 60

Slide 60 text

@emrayquaza

Slide 61

Slide 61 text

From Incubation to Graduation Solid Governance Full Committer lifecycle, emeritus members Vendor-neutrality Committer and vendor diversity

Slide 62

Slide 62 text

No content

Slide 63

Slide 63 text

No content

Slide 64

Slide 64 text

Slide 65

Slide 65 text

Technical Docs & Processes ● Project Goals & Cloud Native Fit (identify) ● Regularly updated contributor guide ● Overview of project architecture & software design (extended identity) ● Maintain roadmap or some forward looking docs / tracking mechanism ● Project release process ● Roadmap change process ● Sandbox ● Incubating ● Graduated

Slide 66

Slide 66 text

Slide 67

Slide 67 text

Security Requirements ● Document and enforce access control rules ○ 2fa / passkey ○ GitHub / Google Workspace permissions ○ Who has access to CI infra ● Security vulnerability report / triage process ● Achieve a passing score of the Open Source Security Foundation “Best Practices” badge ● Perform and document a Security Self Assessment ● Third Party Security Audit ● Resolve all High & Critical Flaws Discovered in Security Audit ● Sandbox ● Incubating ● Graduated

Slide 68

Slide 68 text

APPROVED @emrayquaza

Slide 69

Slide 69 text

Marketing Benefits Events - Virtual Only Events - CNCF-hosted colo events - Stand-Alone Events KubeCon Project Opportunities - In-Person Kiosk - In-Person Project Meeting - PR Support - Maintainer Session - Project Video Updates (keynote) Marketing - CNCF Online Programs - CNCF Blog - Case Studies - Surveys - Project Media Velocity Reports Marketing Release Support Major: Incubating, Graduated Minor: Graduated - Project webinar (2/year) - CNCF Blog - Media engagement - Twitter Support https://github.com/cncf/servicedesk ● Sandbox ● Incubating ● Graduated

Slide 70

Slide 70 text

@emrayquaza

Slide 71

Slide 71 text

No content

Slide 72

Slide 72 text

Evolution of Priorities Feature Velocity Stability

Slide 73

Slide 73 text

Evolution of Priorities Feature Velocity Stability “Boring”

Slide 74

Slide 74 text

Evolution of Priorities Feature Velocity Stability “Boring” Contributor Growth Maintainer Health

Slide 75

Slide 75 text

Maintainer Health ● Find the balance between prioritizing bringing in new contributors and focusing on your maintainers. ● Invest the time to identify areas of the project at risk and what you can watch for in the future. ● Work to turn active contributors into maintainers (Ladder, Mentoring). ● Automate or streamline what you can to reduce maintainer toil.

Slide 76

Slide 76 text

INCLUDING GOVERNANCE! Maintainer Health ● Find the balance between prioritizing bringing in new contributors and focusing on your maintainers. ● Invest the time to identify areas of the project at risk and what you can watch for in the future. ● Work to turn active contributors into maintainers (Ladder, Mentoring). ● Automate or streamline what you can to reduce maintainer toil.

Slide 77

Slide 77 text

Slide 78

Slide 78 text

Evolution of Priorities Feature Velocity Stability Contributor Growth Maintainer Health Documentation Communication & Transparency “Boring”

Slide 79

Slide 79 text

Communication & Transparency ● Develop process to surface both achievements and risks. ○ Published achievements and reports help maintainers justify their commitment. ○ Everyone will assume things are fine, unless risks are highly visible. ● Write everything as if addressing someone brand new to the project with minimal knowledge of the space. ● Make it easy for people to follow-up and get involved.