Posts

This free guide can help you increase your development team’s efficacy through and with open source contributions.

Open source programs are sparking innovation at organizations of all types, and if your program is up and running, you may have arrived at the point where maximizing the impact of your development is essential to continued success. Many open source program managers are now required to demonstrate the ROI of their technology development, and example open source report cards from Facebook and Google track development milestones.

This is where the new, free Improving Your Open Source Development Impact guide can help. The aim of the guide is to help you increase your development team’s efficacy through and with open source contributions. By implementing some of the best practices laid out in the guide, you can:

  • Reduce the amount of work needed from product teams
  • Minimize the cost to maintain source code and internal software branches
  • Improve code quality
  • Produce faster development cycles
  • Produce more stable code to serve as the base for products
  • Improve company reputation in key open source communities.

Open source development requires a different approach than many organizations are accustomed to. But the work becomes easier if you have a clear plan to follow. Fortunately, a whole lot of companies and individuals have already forged a path to success in contributing to significant open source projects. They have tried and true methods for establishing a leadership role in open source communities.

This open source guide offers lessons for increasing open source development impact through specific examples. Contributing to the Linux kernel is one of the hardest challenges for open source developers. With that in mind, the guide uses this case as an example, but the lessons learned will apply to nearly any open source project you’ll work with.

“It took us years of constant discussion and negotiation to break from the traditional IT setup into a more flexible environment that supports our open source development,” said Ibrahim Haddad, Vice President of R&D and Head of the Open Source Group at Samsung Research. “We made it work for us and with enough persistence you also can make it work for your open source team.”

Common Challenges

Notably, organizations run into common problems as they try to improve the impact of their open source inventions. The figure below shows some of the challenges that dedicated open source teams face in an enterprise setting.open source guidesThe Improving Your Open Source Development Impact guide can help you navigate these and other common open source-related challenges. It covers everything from evaluating ROI to optimizing practices, and it explores how to seamlessly and safely leverage existing tools to complement your open source creations.

It is one of a new collection of free guides from The Linux Foundation and The TODO Group providing valuable insight and expertise for any organization running an open source program. The guides are available now to help you run an open source program office where open source is supported, shared, and leveraged.

Check out the all the guides, and don’t miss the previous articles in the series:

How to Create an Open Source Program

Tools for Managing Open Source Programs

Measuring Your Open Source Program’s Success

Effective Strategies for Recruiting Open Source Developers

Participating in Open Source Communities

Using Open Source Code

Launching an Open Source Project: A Free Guide

linux kernel development

Part of the ongoing Linux development work involves hardening the kernel against attack.

Security is paramount these days for any computer system, including those running on Linux. Thus, part of the ongoing Linux development work involves hardening the kernel against attack, according to the recent Linux Kernel Development Report.

This work, according to report authors Jonathan Corbet and Greg Kroah-Hartman, involves the addition of several new technologies, many of which have their origin in the grsecurity and PaX patch sets. “New hardening features include virtually mapped kernel stacks, the use of the GCC plugin mechanism for structure-layout randomization, the hardened usercopy mechanism, and a new reference-count mechanism that detects and defuses reference-count overflows. Each of these features makes the kernel more resistant to attack,” the report states.

Linux kernel

Kees Cook

In this series, we are highlighting some of the hard-working developers who contribute to the Linux kernel. Here, Kees Cook, Software Engineer at Google, answers a few questions about his work.

Linux Foundation: What role do you play in the community and what subsystem(s) do you work on?

Kees Cook: Recently, I organized the Kernel Self-Protection Project (KSPP), which has helped focus lots of other developers to work together to harden the kernel against attack. I’m also the maintainer of seccomp, pstore, LKDTM, and gcc-plugin subsystems, and a co-maintainer of sysctl.

Linux Foundation: What have you been working on this year?

Cook: I’ve been focused on KSPP work. I’ve assisted many other developers by helping port, develop, test, and shepherd things like hardened usercopy, gcc plugins, KASLR improvements, PAN emulation, refcount_t conversion, and stack protector improvements.

Linux Foundation: What do you think the kernel community needs to work on in the upcoming year?

Cook: I think we’ve got a lot of work ahead in standardizing the definitions of syscalls (to help run-time checkers), and continuing to identify and eliminate error-prone code patterns (to avoid common flaws). Doing these kinds of tree-wide changes continues to be quite a challenge for contributors because the kernel development model tends to focus on per-subsystem development.

Linux Foundation: Why do you contribute to the Linux kernel?

Cook: I’ve always loved working with low-level software, close to the hardware boundary. I love the challenges it presents. Additionally, since Linux is used in all corners of the world, it’s hard to find a better project to contribute to that has such an impact on so many people’s lives.

You can learn more about the Linux kernel development process and read more developer profiles in the full report. Download the 2017 Linux Kernel Development Report now.

openchain

OpenChain makes open source compliance more predictable, understandable, and efficient for all participants in the software supply chain.

Communities form in open source all the time to address challenges. The majority of these communities are based around code, but others cover topics as diverse as design or governance. The OpenChain Project is a great example of the latter. What began three years ago as a conversation about reducing overlap, confusion, and wasted resources with respect to open source compliance is now poised to become an industry standard.

The idea to develop an overarching standard to describe what organizations could and should do to address open source compliance efficiently gained momentum until the formal project was born. The basic idea was simple: identify key recommended processes for effective open source management. The goal was equally clear: reduce bottlenecks and risk when using third-party code to make open source license compliance simple and consistent across the supply chain. The key was to pull things together in a manner that balanced comprehensiveness, broad applicability, and real-world usability.

Main Pillars of the Project

The OpenChain Project has three pillars supported by dedicated work teams. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. OpenChain Conformance allows organizations to display their adherence to these requirements. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, while meeting a key requirement of the OpenChain Specification. The result is that open source license compliance becomes more predictable, understandable, and efficient for all participants in the software supply chain.

Reasons to Engage

The OpenChain Project is designed to be useful and adoptable for all types of entities in the supply chain. As such, it is important to distill its value proposition for various potential partners. Our volunteer community created a list of five practical reasons to engage:

  1. OpenChain makes free and open source software (FOSS) more accessible to your developers. OpenChain provides a framework for shared, compliant use of FOSS. Conforming companies create an environment that supports use of FOSS internally and sharing of FOSS with partners.
  2. OpenChain reduces overall compliance effort, saving time and legal and engineering resources. OpenChain allows companies in a supply chain to work together toward FOSS compliance and provides a consistent standard to which all must perform. By contrast, in a typical supply chain, each member of the chain has to perform FOSS compliance for software of others in the chain, wasting time and resources in a duplication of effort.
  3. OpenChain may be adapted to your existing systems. OpenChain allows you to choose your own processes to meet its requirements. OpenChain provides resources that help you design new processes from the ground up, or you may choose to use the systems you have in place.
  4. OpenChain helps your business teams work together toward a common goal. OpenChain provides a blueprint for your legal, engineering, and business teams to work together toward FOSS compliance.
  5. OpenChain allows you to conform to a stable, community-backed specification. When you adopt OpenChain, you conform to a stable specification that is widely backed by industry and community participants. OpenChain was developed in an open, collaborative process, with contributors from a wide range of industries across Asia, Europe and North America. OpenChain is being formally adopted by a growing number of both small and larger companies.

Today, the OpenChain Project is addressing its goals and moving towards wider market adoption with the support of 14 Platinum members: Adobe, Arm, Cisco, Comcast, GitHub, Harman, Hitachi, HPE, Qualcomm, Siemens, Sony, Toyota, Western Digital, and Wind River. The project also has a broad community of volunteers helping to make open source compliance easier for a multitude of market segments. As we move into 2018, the OpenChain Project is well positioned for adoption by Tier 1, Tier 2, and Tier 3 suppliers in multiple sectors, ranging from embedded to mobile to automotive to enterprise to infrastructure.

Entities of all sizes are welcome to participate in the OpenChain Project. Everyone is welcome and encouraged to join our mailing list at:

https://lists.linuxfoundation.org/mailman/listinfo/openchain

You can also send private email to the Project Director, Shane Coughlan, at coughlan@linux.com.

open source culture

Open source involves a culture of understanding change. It’s about evolution as a group, says Mesosphere’s CMO Peter Guagenti.

In the early days of open source, one of the primary goals of the open source community was educating people about the benefits of open source and why they should use it. Today, open source is ubiquitous. Almost everyone is using it. That has created a unique challenge around educating new users about the open source development model and ensuring that open source projects are sustainable.

Peter Guagenti, CMO at Mesosphere, Inc.

Peter Guagenti, the Chief Marketing Officer at Mesosphere, Inc., has comprehensive experience with how open source works, having been involved with several leading open source projects. He has been a coder, but says that he considers himself a hustler. We talked with him about his role at Mesosphere, how to help companies become good open source citizens, and about the role of culture in open source. Here is an edited version of that interview.

The Linux Foundation: What’s the role of a CMO in an open source software company?

Peter Guagenti: The role of a CMO in a software company is fundamentally different from that in any other category.  We have a really interesting role in marketing and technology, and it’s one of education and guidance. There used to be a place 20 years ago where, as a marketer, you would come up with a simple pithy message and buy a bunch of advertising and people would believe it.

That’s not true anymore. Now we have to position ourselves alongside the architectures and the thought leadership that our customers are interested in to prove our value.

The Linux Foundation: Can you explain more about this approach?

Guagenti: I love that instead of focusing on marketing taglines, you really have to know the technology so customers have the confidence that they will get the support we promise. Since this space is changing so quickly, we spend probably half our time simply on educating and informing about the market and the challenges that customers face.

I don’t think about talking about DCOS, for example; I think about how connected cars are really important but nobody really knows how to build them. We serve six of the largest car makers in the world. So getting them to talk about how they’re approaching this problem — what they think about Edge computing, what they think about computing in the car, or what they think about data and moving that data around. These are the real exciting things.

The Linux Foundation: Can you talk about other work you have done in open source?

Guagenti:  I’m a long-time open source advocate. I’ve been in open source for over 10 years. I built an open source services practice in a large digital agency called Razorfish when I was at a client services there. I’ve spent time at three open source companies: Acquia, which is in the Drupal open source project; Nginx, which is the world’s most popular web server and application delivery controller; and now I am at Mesosphere, the container company.

The Linux Foundation: Open source has become the de facto software development model — almost everyone is consuming open source these days. That creates a new challenge as many new consumers don’t fully understand how open source works, which can lead to problems like not being part of the ecosystem and creating technical debt. Have you come across this problem?

Guagenti: Open source has evolved dramatically over the past 20 years. I would argue 10 years ago you were crazy if you were a Fortune 500 company and you were the CIO and said I’m going to integrate open source everywhere. But now open source is the default. I’ve worked in large state and national governments around the world. I’ve worked in the Fortune 500, and they all have adopted open source. But how they adopt open source successfully is different. If you look company by company, if you look at projects, there is a difference.

There are community-driven models, there are corporate-driven models, and there are things in between where you see things like Kubernetes, where you’ve multiple companies contributing at scale. There is a great mix, but companies don’t always know how to make the best use of that. It becomes critical for them to find the right enterprise that helps them understand how to use and deploy it. More important than that is to help them ensure they are making good decisions with that software and driving the roadmap forward by contributing or at least by being a voice in that.

We take for granted that open source exists, but open source requires involvement—either contribution of code or cash—to keep those projects healthy. We are at a point where open source has been around long enough that we have seen early open source projects just die because they didn’t have core maintainers able to earn a salary.

I was told that every great technology company needs a hacker and a hustler. I was a good coder early on, but I wasn’t great. I’m more of a hustler. I loved being able to see businesses build around open source and then have have that really be the heart of a healthy ecosystem where everyone is able to benefit from that code.

The Linux Foundation: What role does culture play in open source adoption?

Guagenti: It matters. Look at the digital transformation that we have been going through for the last 20 years. Look at the companies that have done it best. You will notice that the old stalwarts have now reinvented themselves in a meaningful way. They are continuing to evolve with the time and are competing effectively. They had a culture where they could embrace and accept a lot of these things.  

If you look at hiring the great technology talent, what’s the number one thing great technology talent expects? They want to work with the tools they want to use. They want to do it in a way that fits their pattern of behavior, their pattern of building these things. It’s not the money, it’s not the stock options, it’s not the fancy work. It’s about the kind of work I want to do everyday and and the way I want to do it.  

I work with some of the largest banks, I work with some of the largest government entities. What I have noticed, with some of the most successful ones, is that they have a culture internally where they understand this stuff. They understand what it means to not just use open source but to be a part of an open source community. Sometimes you do run into hurdles. I work with a lot of large companies that are either not comfortable contributing code back or just simply don’t feel they have the time to do it. But they do their bit in a different way; they may do things like contribute  financially to projects, send people to to events, or actually go and tell their story.

That’s what we do a lot at Mesosphere. Since this space is changing, we love having our largest customers talking about what they’re doing with open source. Their culture matters because it’s not just the culture of open source and using open source. It’s a culture of innovation. It’s a culture of understanding change.  And that’s what open source is all about. It’s about evolution as a group.

Learn more about best practices for sustainable open source in the free Open Source Guides for the Enterprise from The Linux Foundation.

This article explains how to walk through, measure, and define strategies collaboratively in an open source community.

“If you don’t know where you are going, you’ll end up someplace else.” Yogi Berra

Open source projects are generally started as a way to scratch one’s itch and frankly that’s one of its greatest attributes. Getting code down provides a tangible method to express an idea, showcase a need, and solve a problem. It avoids over thinking and getting a project stuck in analysis-paralysis, letting the project pragmatically solve the problem at hand.

Next, a project starts to scale up and gets many varied users and contributions, with plenty of opinions along the way. That leads to the next big challenge how does a project start to build a strategic vision? In this article, I’ll describe how to walk through, measure, and define strategies collaboratively, in a community.

Strategy may seem like a buzzword of the corporate world rather something that an open source community would embrace, so I suggest stripping away the negative actions that are sometimes associated with this word (e.g., staff reductions, discontinuations, office closures). Strategy done right isn’t a tool to justify unfortunate actions but to help show focus and where each community member can contribute.

A good application of strategy achieves the following:

  • Why the project exists?
  • What the project looks to achieve?
  • What is the ideal end state for a project is.

The key to success is answering these questions as simply as possible, with consensus from your community. Let’s look at some ways to do this.

Setting a mission and vision

Efforts and courage are not enough without purpose and direction.” John F. Kennedy

All strategic planning starts off with setting a course for where the project wants to go. The two tools used here are Mission and Vision. They are complementary terms, describing both the reason a project exists (mission) and the ideal end state for a project (vision).

A great way to start this exercise with the intent of driving consensus is by asking each key community member the following questions:

  • What drove you to join and/or contribute the project?
  • How do you define success for your participation?

In a company, you’d ask your customers these questions usually. But in open source projects, the customers are the project participants and their time investment is what makes the project a success.

Driving consensus means capturing the answers to these questions and looking for themes across them. At R Consortium, for example, I created a shared doc for the board to review each member’s answers to the above questions, and followed up with a meeting to review for specific themes that came from those insights.

Building a mission flows really well from this exercise. The key thing is to keep the wording of your mission short and concise. Open Mainframe Project has done this really well. Here’s their mission:

Build community and adoption of Open Source on the mainframe by:

  • Eliminating barriers to Open Source adoption on the mainframe
  • Demonstrating value of the mainframe on technical and business levels
  • Strengthening collaboration points and resources for the community to thrive

At 40 words, it passes the key eye tests of a good mission statement; it’s clear, concise, and demonstrates the useful value the project aims for.

The next stage is to reflect on the mission statement and ask yourself this question: What is the ideal outcome if the project accomplishes its mission? That can be a tough one to tackle. Open Mainframe Project put together its vision really well:

Linux on the Mainframe as the standard for enterprise class systems and applications.

You could read that as a BHAG, but it’s really more of a vision, because it describes a future state that is what would be created by the mission being fully accomplished. It also hits the key pieces to an effective vision it’s only 13 words, inspirational, clear, memorable, and concise.

Mission and vision add clarity on the who, what, why, and how for your project. But, how do you set a course for getting there?

Goals, Objectives, Actions, and Results

“I don’t focus on what I’m up against. I focus on my goals and I try to ignore the rest.” Venus Williams

Looking at a mission and vision can get overwhelming, so breaking them down into smaller chunks can help the project determine how to get started. This also helps prioritize actions, either by importance or by opportunity. Most importantly, this step gives you guidance on what things to focus on for a period of time, and which to put off.

There are lots of methods of time bound planning, but the method I think works the best for projects is what I’ve dubbed the GOAR method. It’s an acronym that stands for:

  • Goals define what the project is striving for and likely would align and support the mission. Examples might be “Grow a diverse contributor base” or “Become the leading project for X.” Goals are aspirational and set direction.
  • Objectives show how you measure a goal’s completion, and should be clear and measurable. You might also have multiple objectives to measure the completion of a goal. For example, the goal “Grow a diverse contributor base” might have objectives such as “Have X total contributors monthly” and “Have contributors representing Y different organizations.”
  • Actions are what the project plans to do to complete an objective. This is where you get tactical on exactly what needs done. For example, the objective “Have contributors representing Y different organizations” would like have actions of reaching out to interested organizations using the project, having existing contributors mentor new mentors, and providing incentives for first time contributors.
  • Results come along the way, showing progress both positive and negative from the actions.

You can put these into a table like this:

Goals Objectives Actions Results
Grow a diverse contributor base     Have X total contributors monthly
  • Existing contributors mentor new mentors
  • Providing incentives for first time contributors
Have contributors representing Y different organizations
  • Reach out to interested organizations using the project

In large organizations, monthly or quarterly goals and objectives often make sense; however, on open source projects, these time frames are unrealistic. Six- even 12-month tracking allows the project leadership to focus on driving efforts at a high level by nurturing the community along.

The end result is a rubric that provides clear vision on where the project is going. It also lets community members more easily find ways to contribute. For example, your project may include someone who knows a few organizations using the project this person could help introduce those developers to the codebase and guide them through their first commit.

What happens if the project doesn’t hit the goals?

“I have not failed. I’ve just found 10,000 ways that won’t work.” — Thomas A. Edison

Figuring out what is within the capability of an organization — whether Fortune 500 or a small open source project — is hard. And, sometimes the expectations or market conditions change along the way. Does that make the strategy planning process a failure? Absolutely not!

Instead, you can use this experience as a way to better understand your project’s velocity, its impact, and its community, and perhaps as a way to prioritize what is important and what’s not.

Autodesk is undergoing a company-wide shift to open source and inner source. And that’s on top of the culture change that both development methods require.

Autodesk is undergoing a company-wide shift to open source and inner source. And that’s on top of the culture change that both development methods require.

Inner source means applying open source development practices and methodologies to internal projects, even if the projects are proprietary. And the culture change required to be successful can be a hard shift from a traditional corporate hierarchy to an open approach. Even though they’re connected, all three changes are distinct heavy lifts.

They began by hiring Guy Martin as Director of Open Source Strategy in the Engineering Practice at Autodesk, which was designed to transform engineering across the company. Naturally, open source would play a huge role in that effort, including spurring the use of inner source. But neither would flourish if the company culture didn’t change. And so the job title swiftly evolved to Director of Open @ADSK at the company.

“I tend to focus a lot more on the culture change and the inner source part of my role even though I’m working through a huge compliance initiative right now on the open source side,” Martin said.

The history of Autodesk’s open source transformation began shortly after the shift of all its products to cloud began, including its AutoCAD architecture software, building information modeling with its Revit products, as well as  its media and entertainment products. The company’s role in open source in entertainment is now so significant that Martin often speaks at the Academy of Motion Picture Arts and Sciences on open source. They want to hear about what  Autodesk is doing as part of a larger collection of initiatives that the Academy is working on, Martin said.

At Autodesk, the goal is to spring engineers loose from their business silos and create a fully open source, cloud-centric company.

“Your primary identity detaches from being part of the AutoCAD team or part of the Revit team, or the 3ds Max or Inventor team or any of these products,” Martin explained. “It’s now shaping you into part of the Autodesk engineering team, and not your individual silo as a product organization in the company.”

Talent acquisition is among the top business goals for Open@Autodesk, especially given the company’s intense focus on innovation as well as making all of its products work seamlessly together. It takes talent skilled in open source methodologies and thinking to help make that happen. But it also means setting up the team dynamics so collaboration is more natural and less forced.

“With company cultures and some engineering cultures, the freedom to take an unconventional route to solve a problem doesn’t exist,” Martin said. “A lot of my job is to create that freedom so that smart and motivated engineers can figure out a way to put things together in a way that maybe they wouldn’t have thought of without that freedom and that culture.”

To help create an open source culture, the right tools must be in place and, oddly enough, those tools sometimes aren’t open source. For example, Martin created a single instance of Slack rather than use IRC, because Slack was more comfortable for users in other lines of the business who were already using it. The intent was to get teams to start talking across their organizational boundaries.

Another tool Martin is working with is Bitergia Analytics to monitor and manage Autodesk’s use of GitHub Enterprise.

Martin says the three key lessons he’s learned as an open source program manager are:

  1. Stay flexible because change happens
  2. Be humble but bold
  3. Be passionate.

“I’ve been at Autodesk two years but I’m still bootstrapping some of the things around culture. We have strong contributors in some projects, while in some projects we’re consuming. I think you have to do both, especially if you’re bootstrapping a new open source effort in a company. ”

“The challenge is always balancing the needs of the product teams, who have to get a product out the door, and who (and as an engineer I can say this) will take shortcuts whenever possible. They want to know, ‘why should we be doing this for the community? All we care about is our stuff.’ And it’s getting them past that. Yes, we’re doing work that’s going to be used elsewhere, but in the end we’re going to get benefits from pulling work from other people who have done work that they knew was going to be used in the community.”

The Linux Kernel Development Report, which was recently released by The Linux Foundation, sheds light on various aspects of the development process as well as on who is doing the work. According to the report, more than 85 percent of all kernel development is done by developers who are being paid for their work. Additionally, the overall number of companies involved in working toward the improvement of the kernel is increasing, with the top 30 companies contributing to the Linux kernel shown in the table at right.

The report states:

What we see here is that a small number of companies is responsible for a large portion of the total changes to the kernel. But there is a “long tail” of companies (nearly 500 of which do not appear in the above list) which have made significant changes since the 4.7 release. There may be no other examples of such a large, common resource being supported by such a large group of independent actors in such a collaborative way.

Jens Axboe, Software Engineer at Facebook

In this article, Jens Axboe, Software Engineer at Facebook, answers a few questions about how and why he contributes to the Linux kernel.

The Linux Foundation: What role do you play in the community and what subsystem(s) do you work on?

Jens Axboe: I’m the Linux block layer maintainer, so I primarily develop features in that area, as well as help review and guide others doing the same.

The Linux Foundation: What have you been working on this year?

Axboe: This year, I contributed an IO scheduler framework for the block multiqueue subsystem, support for allowing applications to inform the kernel of life time of writes, and much faster IO accounting for blk-mq.   

Since 4.8, I have contributed about 200 patches. In terms of features, the most interesting, which are not mentioned above, are probably writeback throttling (blk-wbt), IO polling for fast devices (both classic and hybrid/efficient modes), and more efficient O_DIRECT.

The Linux Foundation: What do you think the kernel community needs to work on in the upcoming year?

Axboe: Attracting more young talent. Most young folks these days gravitate towards product instead of infrastructure. It’s important that we bring new talent into the fold.

The Linux Foundation: Why do you contribute to the Linux kernel?

Axboe: First of all, because I enjoy the work. It’s challenging and fun, plus there’s a personal gratification knowing that your code is running on billions of devices. Finally, it’s my job.

You can learn more about the Linux kernel development process and read more developer profiles in the full report. Download the 2017 Linux Kernel Development Report now.

An important step in using open source code effectively is setting explicit guidelines to be followed.

Open source programs at organizations of all sizes are fueling innovation, and many program leaders are quickly learning that weaving open source code into projects — and creating new projects — require informed guidelines and best practices. Organizations are often leveraging existing open source code to build their own commercial products and services, and contributing back to projects.

However, diving in and using open source code without an understanding of everything from legal risks to best development practices is perilous. Approaching open source code usage without best practices in place can also tarnish an organization’s reputation. That’s where the free, new Using Open Source Code guide comes in. It can help you craft and codify a comprehensive strategy.

One of the most important steps in using open source code effectively within your program is to set explicit guidelines to be followed, which are often summarized in a strategy document. What if code comes into one of your projects from a project with a different licensing setup? What acceptance, rejection, and exception policies should developers follow? What is your organization’s overall stance toward open source development?

These are all among the questions that need concrete answers as you codify your strategy, and there are more questions involving the ecosystem that applies to using open source code. How are APIs documented? Have you laid out a Contributor Licensing Agreement that everyone can use? Have you picked the right license for your project? Your strategy document should be specific about best practices, APIs and more.

“A well-designed open source compliance process should simultaneously ensure compliance with the terms of open source licenses and also help companies protect their own intellectual property and that of third-party suppliers from unintended disclosure and/or other consequences,” notes Ibrahim Haddad, Vice President of R&D and Head of the Open Source Group at Samsung Research America.

Creating a Policy

As the guide notes, creating a strategy document featuring best practices does not need to be complicated. A good open source usage policy includes six simple rules:

  • Engineers must receive approval from the OSRB before integrating any open source code in a product.
  • Software received from third parties must be audited to identify any open source code included, which ensures license obligations can be fulfilled before a product ships.
  • All software must be audited and reviewed, including all proprietary software components.
  • Products must fulfill open source licensing obligations prior to customer receipt.
  • Approval for using a given open source component in one product is not approval for another deployment, even if the open source component is the same.
  • All changed components must go through the approval process.

Importantly, the guide also notes the importance of effective code review practices. “If your code review process is overly burdensome, you’ll slow innovation or provide a good excuse for developers to circumvent the process completely,” Haddad emphasizes.

Additionally, Haddad, advises that circumspect code usage and compliance practices must be ongoing. “It’s important to remember that open source compliance doesn’t stop with version 1.0,” he said.

The Using Open Source Code guide can help you with everything from licensing issues to best development practices, and it explores how to seamlessly and safely weave open components into your open source projects. It is one of a new collection of free guides from The Linux Foundation and The TODO Group that are all extremely valuable for any organization running an open source program. The guides are available now to help you run an open source program office where open source is supported, shared, and leveraged. With such an office, organizations can establish and execute on their open source strategies efficiently, with clear terms.

These guides were produced based on expertise from open source leaders. Check out the guides and stay tuned for our continuing coverage.

Also, don’t miss the previous articles in the series:

How to Create an Open Source Program

Tools for Managing Open Source Programs

Measuring Your Open Source Program’s Success

Effective Strategies for Recruiting Open Source Developers

A Free Guide to Participating in Open Source Communities

Read about featured Linux kernel developers in the 2017 Linux Kernel Development Report.

The recent Linux Kernel Development Report released by The Linux Foundation, included information about several featured Linux kernel developers. According to the report, roughly 15,600 developers from more than 1,400 companies have contributed to the Linux kernel since 2005, when the adoption of Git made detailed tracking possible. Over the next several weeks, we will be highlighting some specific Linux kernel developers who agreed to answer a few questions about what they do and why they contribute to the kernel.

Linux kernel developer

Laura Abbott, a Fedora Kernel Engineer at Red Hat

In this article, we feature Laura Abbott, a Fedora Kernel Engineer at Red Hat.

The Linux Foundation: What role do you play in the community and what subsystem(s) do you work on?

Laura Abbott: My full-time job is working as one of two maintainers for the Fedora kernels. This means I push out kernel releases and fix/shepherd bugs. Outside of that role, I maintain the Ion memory management framework and do occasional work on arm/arm64 and KSPP (kernel hardening).

The Linux Foundation: What have you been working on this year?

Abbott: I did some major reworking on Ion this year and ripped out a lot of code (everyone’s favorite type of patch!). Hopefully, I’ll be able to report that Ion is out of staging in the next kernel report. Apart from that, I’ve spent a lot of time testing and reviewing patches for kernel hardening.

The Linux Foundation: What do you think the kernel community needs to work on in the upcoming year?

Abbott: As a general theme, there needs to be a focus on scaling the community. There’s always an ongoing discussion about how to attract new developers and there’s been a recent focus on how to grow contributors into maintainers. There’s still a lot of ‘tribal knowledge’ in pretty much every area which makes things difficult for everyone. I’d like to see the kernel community continue to make processes easier for new and existing developers. I’d also like to see the discussions about building an inclusive community continue.

The Linux Foundation: Why do you contribute to the Linux kernel?

Abbott: I’ve always found low-level systems fascinating and enjoy seeing how all the pieces work together. There’s always something new to learn about in the kernel, and I find the work challenging.

You can learn more about the Linux kernel development process and read more developer profiles in the full report. Download the 2017 Linux Kernel Development Report now.

open source program

“We believe that our projects help move the industry forward while giving other companies and individuals the opportunity to use our platform to scale more quickly and build better products.” – Christine Abernathy, Open Source Developer Advocate at Facebook.

Facebook’s open source team was “formally” created in 2009, but the company has built with open source from its inception. Facebook.com was originally built on top of the LAMP (Linux/ Apache/ MySQL/ PHP) stack. And over time Facebook has used and contributed back to these projects, as well as evolved and released new projects such as Hack which has its roots in PHP.

“Open source is core to our engineering DNA. We believe that sharing our code and even hardware designs accelerates the pace of innovation in the world. We believe that our projects help move the industry forward while giving other companies and individuals the opportunity to use our platform to scale more quickly and build better products.” – Christine Abernathy, Open Source Developer Advocate at Facebook.

Custom tools to manage open source

Facebook has a dedicated Tools team within the open source program office that is responsible for building internal tools to help manage its open source portfolio. This includes the projects that Facebook shares, which are mostly hosted on GitHub, as well as the other external projects they contribute to such as the Linux Kernel.

The program office provides a dashboard for each project that includes GitHub metrics such as the number of open issues or the ratio of internal to external contributions for a given time period. Project maintainers are given tools so they can bring GitHub pull requests and issues into their internal review and bug tracking systems. This makes it easier for engineers to manage external issues where they’re most comfortable. Maintainers also have access to workflow tools to reliably push internal commits out to GitHub, making it easy to quickly sync internal and external code bases and reducing the churn on landing external contributions.

The open source team can look at these project dashboards to help analyze the health of a particular project. They’ve even open-sourced some of these workflow tools: mention-bot and FBShipIt.

The team collects top-level statistics on how the overall portfolio is doing through aggregate dashboards across the GitHub orgs they manage. These are used to provide high-level reports to stakeholders and a community of internal open source enthusiasts. The tools team also provides insight into top contributors. Project maintainers are encouraged to refer to this list and reward their top contributors. The company periodically thanks its top internal contributors and makes some of this information available to its internal review systems.

The open source office also provides tooling to guide potential projects through the review process. This helps streamline the process and helps the team easily spot and correct bottlenecks.

The open source team also provides services such as documentation. This includes helping out with the technical content as well as building out some of the documentation infrastructure and templates that projects can use.

Open Source Success Through Steady Progress

At the end of each half the program office identifies goals around metrics they want to achieve. The metrics they track include:

  • The average age of open issues or open pull requests
  • The ratio of external to internal commits
  • The number of commits
  • The growth in followers and forks
  • The number of social media followers.

They’re periodically tweaking what they measure as they refine what it means to maintain a healthy portfolio.

Facebook also surveys new hires every six months to gauge their awareness of its open source program. They set baseline metrics a few surveys back and the goal is to maintain or grow those numbers.

Their open source success isn’t the result of one action but the cumulative effect of a steady stream of quality releases over the years and a focus on growing thriving communities to support those projects.

“Projects like React, React Native, Create-React-App, Immutable, HHVM, Fresco, and GraphQL are the constant beat that have contributed to the success of our program,” Abernathy said.

One of Facebook’s most successful projects is React Native. It makes use of many of Facebook’s tools to help manage the community. For example, mention-bot came out of this project and was a way to quickly identify reviewers for a pull request. FBShipIt helped it cut down the time to bring in external contributions, review them internally, and land these contributions back out to GitHub. In the early days, this process sometimes took a day as much of it is manual. Now this can be done in as little as minutes if it’s an automatic reviews.

The open source program office also provided documentation services to help refresh and keep the React Native site up to date.

Tips for New Open Source Program Managers

Organizations that are just establishing an open source strategy and program office can learn from the success of Facebook’s open source program. Here are the three key practices that Abernathy shared that have contributed to their success as a program office:

  1. When evaluating what to share, it should be something that’s useful to your company. Many of the projects that Facebook shares are used in production and include all the benefits that come along with that. This means those projects are likely to have continued support which in turn means the community is well supported.
  2. Find a way to highlight, promote, and reward your open source contributors, both internal and external. Facebook has periodic reports that highlight its open source heroes. This helps raise the profile of engineers and their work with managers who may sometimes not be managers of that open source project.
  3. As a central program office, find pain points that cut across the various projects and tackle them.

For example, many projects had previously built their own commit copying scripts and it was the number one pain point from a survey they ran at that time. FBShipIt, which copies commits between repositories, was built to address this and it’s owned by the open source team. It moved the burden off the engineering teams and is universally praised for helping smooth the workflow for pulling in external contributions.

Acknowledgments

For this feature we interviewed Christine Abernathy (@abernathyca), Open Source Developer Advocate at Facebook, to learn more about the Facebook’s open source program. Libby Clark performed the interview.