Monday, October 22, 2018

Open source: Why should we care about project management?


There was a time when key technologies were coming from commercial giants like IBM, Microsoft and Sun. Even as Linux begins to be an important part of its IT infrastructure, businesses still use it only from commercial companies like Red Hat, along with business support licenses. But the rise of open source has changed the industry as companies and users are gradually becoming independent and more self-reliant.
That does not just mean that because of their market problems or code readability, they have improved. It is because the organizations behind the key technologies are no longer big business; they are usually community. So open source projects do not always have the budget to maintain their code.
Heartbleed vulnerability is due to an error already in OpenSSL since 2012; The small group of people who maintain OpenSSL are also struggling to find a contract for a living because their product is purely for the community, not for profit. As Jim Zemlin, managing director of the Linux Foundation, joked at this year's Open Source Leadership Summit , "that is when we discovered the Internet was protected by two people named Steve"
So that the form of funding available to sustain open source projects has become extremely diversified. Some of the projects are fortunate enough to have been involved with companies for many years, while others have been modeled for selling business versions or providing cloud services for that project. Many important open source projects are part of the platform that provides support, from the Apache Foundation to the Cloud Native Computing Foundation; Others also have their own platform, like .NET.
But still many projects have very little support; Includes a long list of open source tools that many other projects rely on, including a package called left-pad that decides to pull all 250 of their packages from NPM after a name dispute. The package, which conflicts with React, Babel and other packages based on them.
The Core Infrastructure Initiative support project from the Linux Foundation was started in the wake of Heartbleed to provide budget and human resources support for under-resourced projects but with many projects dependent. In addition, the security scanner has been improved to help eliminate malicious code as backdoed containers have been removed from the recent Docker Hub.
But when there is no formal operating structure as a company or platform, you will face problems beyond the bug and security. Behavioral standards in open source communities can change a lot and have a huge impact on the participants.

Community building

What is the leader of a company or community when the behavior of a contributor makes colleagues uncomfortable or unwilling to work with them? With a business, they will have a clear structure to address this issue, from the rules in the employee manual to their HR department. At the same time, the company has a legal team to assess whether the terms of the employment contract allow them to dismiss unsuitable members. In the meantime, a community may have a code of conduct and a committee or working group to review complaints, but codes of conduct - and especially the enforcement of them - are often inconsistent.
Even multiple members dropping a project because of disagreements can not finish it. But at least it causes stagnation in progress. In the long run, as we rely more and more on open source tools, the more we have to think about the processes, the procedures and the organization tighter to support those tools.
GitHub is not the only party that maintains open source, and it's not just used for open source, but the fact that it can be viewed as an Instagram (or LinkedIn) with Microsoft. That speaks volumes about the potential of open source to Microsoft customers. There is a lot of technical discussion at the Open Source Leadership Summit this year, but there is also a clear focus on increasing the professionalism of open source so that it can appeal to businesses that invest capital.
Kubernetes has also been mentioned several times at the conference as an example of an open source project that puts professionalism and clarity at the forefront. Google's engineering director for containers and Kubernetes says the project's efforts are meaningful efforts as it moves from a Google project to a community, but it's important: Join this community to know and follow our work. "
"We grow so fast that we do not know what we need," said Sarah Novotny, Google's leader of the Kubernetes community program. The highlight is how to evaluate contributions based not just on the code written by anyone. In other words, individuals in the Kubernetes community can become prominent contributors, but "companies can do more with the ability to make things run smoothly."
That's why Microsoft's Brendan Burns (co-founder of the Kubernetes project) presented the Azure Kubernetes service group earlier this year with the "Hall of Fame" and "wood and carry water" awards. He said the award was to honor the quiet people who helped us each day but did not need flashiness. "
IT teams will make decisions about which open source projects to use for technical reasons, but good governance and a healthy community are what keep the project going for a long time. As Nell Shamrell-Harrington, chair of the conference, said, "technical and communication skills are inseparable and essential in every project. Parts of an open source project touch both the technology and the people that are always the hardest and the most important. "

No comments:

Post a Comment