How to Build Open Source Sustainability

Open source sustainability and all these questions were on the table when The New Stack Editor in Chief Alex Williams sat down at our first The New Stack Makers podcast from the KubeCon + CloudNativeCon and Open Source Summit last month from Shanghai, China. He spoke with VMware Senior Staff Engineer Bryan Liles, and Executive Director of the Cloud Native Computing Foundation (CNCF), Dan Kohn,

Jul 3rd, 2019 5:00pm by Jennifer Riggins

KubeCon + CloudNativeCon is a sponsor of The New Stack.

Also available on Apple Podcasts, Google Podcasts, Overcast, PlayerFM, Pocket Casts, Spotify, Stitcher, TuneIn

What makes an open source project from a hobby to an international codebase that the world’s top companies rely on? How do you balance the wishes of the individual, creative contributor with that of corporate-backed finance and governance? How do you make the open source community a welcoming one?

Open source sustainability and all these questions were on the table when The New Stack Editor in Chief Alex Williams sat down at our first The New Stack Makers podcast from the KubeCon + CloudNativeCon and Open Source Summit last month from Shanghai, China. He spoke with VMware Senior Staff Engineer Bryan Liles, and Executive Director of the Cloud Native Computing Foundation (CNCF), Dan Kohn.

Sustainability is all about the intersection of different open source projects within broader ecosystems that have a strong balance of governance and motivated community, Liles said, adding that, while the business of open source can be competitive, “You have people that are working together to make it better because, at a personal level, we don’t want our peers to fail in any way.”

CNCF’s open source governance is the Technical Oversight Committee (TOC), which consists of members from different invested organizations who define and maintain the technical vision and scope of all the projects, while actively collecting community feedback. Liles says the purpose of a TOC is to help nurture exciting tech projects and to provide guidelines — “It’s technical oversight. It’s not technical control or technical demand.” When organizations recognize there’s open source infrastructure that matters, there is a way to build a community that can financially and publicly support it moving forward.

CNCF was founded at the end of 2015 first as a home for Google-founded Kubernetes, but then it grew to become a place for open-source projects that involve big stakes from very large companies who don’t want to own the software or trademark but have invested a lot of money in these projects’ success, Kohn said. CNCF arose as neutral governance of that open source software.

Kohn added that the TOC mimics the decision-making of the European Parliament — following the principle of subsidiarity, where the smallest group of people make a decision whenever possible. This means that open source is similarly organized to empower the contributors, and, as long as a project is running well and following a documented set of rules, the TOC doesn’t get involved unless a community member appeals to them.

CNCF-supported open-source projects are split into three different stages:

Sandbox projects, experimental projects that don’t get marketing funding from CNCF.
Incubation projects
Graduated projects, suitable for enterprise.

Liles mentioned SPIFFE a secure production identity framework and SPIRE the runtime environment for SPIFFE, which he referred to as simple, great ideas but very challenging problems to solve. He says the sandbox stage is there to explore these problems, where various solutions are tested out until one solution is brought forward in the incubation stage.

Liles hesitates at the existence of resistance to corporate involvement in OS projects because often that financial backing is what enables the projects to continue to move forward. He held up the examples Angular, React and, of course, Kubernetes, which all have strong corporate backing. On the other hand, Liles said the third version of independently open-sourced VueJS may be forked, presumably due to lack of funding and united governance.

Finally, this episode addresses the struggles many open source communities have with clarifying the path to move forward with these volunteer-driven projects, how to deal with community burnout, and how to empower under-represented minorities to contribute to open source communities.

Liles says “It’s not ability. It’s opportunity.”

In This Episode:

1:26: What sustainability means.
6:34: What the CNCF ToC does.
10:06: The Sandbox process.
16:20: Compelling sustainability to avoid burnout.
19:03: Model projects.
22:43: Empower underrepresented minorities in tech to become maintainers of open source projects.

The Cloud Native Computing Foundation and VMware are sponsors of The New Stack.

Jennifer Riggins is a culture side of tech storyteller, journalist, writer, and event and podcast host, helping to share the stories where culture and technology collide and to translate the impact of the tech we are building. She has been...