Open Source Summit North America 2022

Aeva, an emeritus member of the Kubernetes Code of Conduct Committee, will examine difficult topics related to enforcement and provide concrete suggestions to better support contributor communities through complex incidents.

Standard business approaches to interpersonal risk management (such as “just let HR handle it” and “don’t do anything that could make us liable”) do not translate effectively to open source community management, where liability extends outside organizational authority and interpersonal dynamics are fundamentally different. Conversely, ignoring community health leads to poor -- sometimes catastrophic -- outcomes for technical projects, and ultimately an increase in business risk in your software supply chain.

In this talk, Aeva will examine difficult topics related to Code of Conduct enforcement in large and diverse contributor communities. They will discuss what it means to shape a community through a values-driven approach to leadership, and provide concrete suggestions for open source projects -- and their corporate sponsors -- which can improve community health and diversity. These suggestions will be based on real examples, though all identifying details will be anonymized to maintain the confidentiality of those involved.

There’s so much more to open source than what fits into a license. It does not cover development philosophies, social structures, governance, or anything else that makes open source the rich ecosystem that it is today. Some take the position that software is not open source unless it accepts contributions, or has a governance structure, or has maintainers actively engaged with their users. Instead of overloading the technical model of open source (the criteria defined by the license), we can overlay a social model that adds nuance and further describes aspects of a project. The social model of open source describes the sociotechnical expectations of how open source interacts (or doesn’t) with the larger ecosystem. This model may cover operational details, such as who funds the project or what the governance model is, but it also may include information about release cadence, versioning, community fora, and more. This talk will examine what this social model might look like, its importance to users of open source, and how it can complement existing initiatives around securing the open source supply chain.