Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Navigating Open Source Project Hurdles to Achie...

Bob Killen
November 13, 2023

Navigating Open Source Project Hurdles to Achieve Community Empowerment; or how the heck do you get through graduation?

How does an open source project become a recognized member of a foundation and provide high value to the cloud native ecosystem? How does it grow from sandbox to graduation stage? This talk will shed light on how to navigate the intricacies of the CNCF graduation process, which ultimately transforms an independent project into a vital part of a thriving community. This talk is the culmination of several years of shepherding open source projects, both as part of the CNCF as well as other major open source foundations. We will share insightful guidance, tips, and lessons to effectively navigate your own project's journey towards foundation membership. We will also cover pitfalls encountered during the process, and how you can avoid them by following the best practices.

Bob Killen

November 13, 2023
Tweet

More Decks by Bob Killen

Other Decks in Technology

Transcript

  1. or how the heck do you get through graduation? Navigating

    Open Source Project Hurdles to Achieve Community Empowerment
  2. Is my project right for CNCF? “CNCF’s mission is to

    make cloud native computing ubiquitous.”
  3. Is CNCF right for my project? Or are there other

    Foundations that are better fit for my project?
  4. Is CNCF right for my project? Or are there other

    Foundations that are better fit for my project?
  5. Governance Requirements • Adopt CNCF Code of Conduct • Discoverable

    and simple project governance • Sandbox • Incubating • Graduated
  6. Governance Requirements • Adopt CNCF Code of Conduct • Discoverable

    and simple project governance • Light "how to contribute" documentation • All project metadata and resources are vendor-neutral • Discoverable communication channel • Sandbox • Incubating • Graduated
  7. Governance Requirements • Adopt CNCF Code of Conduct • Discoverable

    and simple project governance • Light "how to contribute" documentation • All project metadata and resources are vendor-neutral • Discoverable communication channel • Sandbox • Incubating • Graduated You can use CNCF or Kubernetes Slack for your project if you need a chat channel
  8. Technical Documentation (Messaging) • Project goals, objectives and its differentiation

    in the Cloud Native landscape with supporting use cases. (identity) • Sandbox • Incubating • Graduated
  9. Technical Documentation • Project goals, objectives and its differentiation in

    the Cloud Native landscape with supporting use cases. • Sandbox • Incubating • Graduated Needs more cool demos, getting started guides, and how to install and use!
  10. Security Requirements • Document and enforce access control rules ◦

    2fa / passkey ◦ GitHub / Google Workspace permissions ◦ Who has access to CI infra • Sandbox • Incubating • Graduated
  11. • Document and enforce access control rules ◦ 2fa /

    passkey ◦ GitHub / Google Workspace permissions ◦ Who has access to CI infra • Reporting + Triage process for security vulnerabilities Security Requirements • Sandbox • Incubating • Graduated Creating a private security mailing list and simple triage workflow is super helpful right from the start.
  12. Security Requirements • Document and enforce access control rules ◦

    2fa / passkey ◦ GitHub / Google Workspace permissions ◦ Who has access to CI infra • Reporting + Triage process for security vulnerabilities • Sandbox • Incubating • Graduated Setup a Secret Manager like 1password or Keybase early to save yourself a big headache later! Creating a private security mailing list and simple triage workflow is super helpful right from the start.
  13. Sandbox Priorities Build Identity Use cases and advocacy Features and

    Velocity Simple dev process and good testing First users Communication and Feedback
  14. CNCF Service and Marketing Benefits CNCF Service Desk - CI/CD

    - Legal and Foundation Services - Tools (Zoom, Slack, etc) - Website and Design - Technical Documentation - Certification and Training Services - Case Studies - Community Surveys - and more • Sandbox • Incubating • Graduated Marketing & Event Support: - Virtual Only Events - In-Person Kiosk @ KubeCon https://github.com/cncf/servicedesk
  15. Sandbox Priorities Build Identity Use cases and advocacy Features and

    Velocity Simple dev process and good testing First users Communication and Feedback
  16. Graduating from Sandbox Solidify Identity Production case studies A good

    idea is to set up an ADOPTERS.md file! Strong case studies are the pride of your project!
  17. Graduating from Sandbox Solidify Identity Production case studies Contributor growth

    Contributor docs and processes Good issue templates and tags make life easier for you and others.
  18. Graduating from Sandbox Solidify Identity Production case studies Features Little

    more stability and Roadmap Contributor growth Contributor docs and processes
  19. Governance Requirements • Public documented communication channel • Up-to-date meeting

    schedule • Documented maintainer list • Enumerate & document subprojects • Demonstrate Contributor Growth / Pipeline • Sandbox • Incubating • Graduated
  20. Governance Requirements • Public documented communication channel • Up-to-date meeting

    schedule • Documented maintainer list • Enumerate & document subprojects • Demonstrate Contributor Growth / Pipeline • Contributor lifecycle (onboarding, offboarding, emeritus) • Sandbox • Incubating • Graduated Codifying a contributor lifecycle early will help as your project matures and gains more contributors.
  21. Governance Requirements • Public documented communication channel • Up-to-date meeting

    schedule • Documented maintainer list • Enumerate & document subprojects • Demonstrate Contributor Growth / Pipeline • Contributor lifecycle (onboarding, offboarding, emeritus) • Sandbox • Incubating • Graduated Codifying a contributor lifecycle early will help as your project matures and gains more contributors. A contributor ladder adds growth opportunities and can help you grow future maintainers & leaders.
  22. Technical Docs & Processes • Project Goals & Cloud Native

    Fit (identify) • What does the project do and why? • Overview of project architecture & software design (extended identity) • Maintain roadmap or some forward looking docs / tracking mechanism • Project release process • Sandbox • Incubating • Graduated
  23. Technical Docs & Processes • Project Goals & Cloud Native

    Fit (identify) • What does the project do and why? • Overview of project architecture & software design (extended identity) • Maintain roadmap or some forward looking docs / tracking mechanism • Project release process • Sandbox • Incubating • Graduated Oh no, we accidentally imported a GPL dependency. Regularly scan or implement CI check to prevent importing dependencies with an incompatible license!
  24. Security Requirements • Document and enforce access control rules ◦

    2fa / passkey ◦ GitHub / Google Workspace permissions ◦ Who has access to CI infra • Security vulnerability report / triage process • Achieve a passing score of the Open Source Security Foundation “Best Practices” badge • Perform and document a Security Self Assessment • Sandbox • Incubating • Graduated https://github.com/cncf/tag-security
  25. CNCF Marketing Benefits Events - Virtual Only Events - CNCF-hosted

    colo events KubeCon Project Opportunities - In-Person Kiosk - In-Person Project Meeting - PR Support - Maintainer Session - Project Video Updates (keynote) Marketing - CNCF Online Programs - CNCF Blog - Case Studies - Surveys Marketing Release Support Major: Incubating, Graduated - Project webinar (2/year) - CNCF Blog - Media engagement - Twitter Support https://github.com/cncf/servicedesk • Sandbox • Incubating • Graduated
  26. From Incubation to Graduation Solid Governance Full Committer lifecycle, emeritus

    members Vendor-neutrality Committer and vendor diversity
  27. Governance Requirements • Public documented communication channel • Up-to-date meeting

    schedule • Documented maintainer list • Enumerate & document subprojects • Demonstrate Contributor Growth / Pipeline • Contributor lifecycle (onboarding, offboarding, emeritus) • Subproject leadership process documented • Sandbox • Incubating • Graduated
  28. Technical Docs & Processes • Project Goals & Cloud Native

    Fit (identify) • Regularly updated contributor guide • Overview of project architecture & software design (extended identity) • Maintain roadmap or some forward looking docs / tracking mechanism • Project release process • Roadmap change process • Sandbox • Incubating • Graduated
  29. Technical Docs & Processes • Project Goals & Cloud Native

    Fit (identify) • Regularly updated contributor guide • Overview of project architecture & software design (extended identity) • Maintain roadmap or some forward looking docs / tracking mechanism • Project release process • Roadmap change process • Sandbox • Incubating • Graduated Don’t make your change process TOO complicated. Find the balance between collecting enough details and usability.
  30. Security Requirements • Document and enforce access control rules ◦

    2fa / passkey ◦ GitHub / Google Workspace permissions ◦ Who has access to CI infra • Security vulnerability report / triage process • Achieve a passing score of the Open Source Security Foundation “Best Practices” badge • Perform and document a Security Self Assessment • Third Party Security Audit • Resolve all High & Critical Flaws Discovered in Security Audit • Sandbox • Incubating • Graduated
  31. Marketing Benefits Events - Virtual Only Events - CNCF-hosted colo

    events - Stand-Alone Events KubeCon Project Opportunities - In-Person Kiosk - In-Person Project Meeting - PR Support - Maintainer Session - Project Video Updates (keynote) Marketing - CNCF Online Programs - CNCF Blog - Case Studies - Surveys - Project Media Velocity Reports Marketing Release Support Major: Incubating, Graduated Minor: Graduated - Project webinar (2/year) - CNCF Blog - Media engagement - Twitter Support https://github.com/cncf/servicedesk • Sandbox • Incubating • Graduated
  32. Maintainer Health • Find the balance between prioritizing bringing in

    new contributors and focusing on your maintainers. • Invest the time to identify areas of the project at risk and what you can watch for in the future. • Work to turn active contributors into maintainers (Ladder, Mentoring). • Automate or streamline what you can to reduce maintainer toil.
  33. INCLUDING GOVERNANCE! Maintainer Health • Find the balance between prioritizing

    bringing in new contributors and focusing on your maintainers. • Invest the time to identify areas of the project at risk and what you can watch for in the future. • Work to turn active contributors into maintainers (Ladder, Mentoring). • Automate or streamline what you can to reduce maintainer toil.
  34. Maintainer Health • Find the balance between prioritizing bringing in

    new contributors and focusing on your maintainers. • Invest the time to identify areas of the project at risk and what you can watch for in the future. • Work to turn active contributors into maintainers (Ladder, Mentoring). • Automate or streamline what you can to reduce maintainer toil. INCLUDING GOVERNANCE!
  35. Evolution of Priorities Feature Velocity Stability Contributor Growth Maintainer Health

    Documentation Communication & Transparency “Boring”
  36. Communication & Transparency • Develop process to surface both achievements

    and risks. ◦ Published achievements and reports help maintainers justify their commitment. ◦ Everyone will assume things are fine, unless risks are highly visible. • Write everything as if addressing someone brand new to the project with minimal knowledge of the space. • Make it easy for people to follow-up and get involved.
  37. Communication & Transparency • Develop process to surface both achievements

    and risks. ◦ Published achievements and reports help maintainers justify their commitment. ◦ Everyone will assume things are fine, unless risks are highly visible. • Write everything as if addressing someone brand new to the project with minimal knowledge of the space. • Make it easy for people to follow-up and get involved. BE TRANSPARENT!