Tidelift sponsored this post.
In June of 2019, Tidelift and The New Stack jointly fielded a survey of professional software developers. Almost 400 people responded with thoughts about how they use open source software today, what holds them back, and what tools and strategies would help them use it even more effectively. In particular, with this survey, we were interested in learning how a managed open source strategy might help developers reclaim time, speed up development, and reduce risk.
In this post, we share the fifth of eight key findings. If you don’t wait to wait for the rest of the results, you can download the full survey report right now at the link below.
Finding #5: Project activity, licensing and maintainer responsiveness are key factors in choosing open source projects.
Given the maintenance headaches respondents described in earlier findings from this survey, one obvious way to avoid them is to make good package choices in the first place. In the next part of our survey, we asked developers to tell us more about how they make decisions regarding which open source packages to use.
The first question on the subject asked how important some key project characteristics are when developers select packages.
When it comes to choosing packages, licensing is the most crucial issue: 61% of respondents said having an acceptable software license is extremely important. An additional 25% report licensing is somewhat important, for a total of 86% rating open source licensing as either extremely or somewhat important. Only 4% of respondents don’t see this as an important issue.
This is particularly meaningful for companies with more than 1,000 employees, where 78% of respondents say having an acceptable open source license is extremely important. These findings clearly show that there are some “dealbreaker” licenses out there that most users attempt to avoid.
When it comes to choosing packages, licensing is the most crucial issue: 61% of respondents said having an acceptable software license is extremely important. An additional 25% report licensing is somewhat important, for a total of 86% rating open source licensing as either extremely or somewhat important.
While activity (e.g., recent and volume of issues, commits and pull requests) tied with licensing in overall importance (86%), it had a lower percentage rating extremely important (43%) than licensing.
Also important when choosing open source packages is maintainer responsiveness, which 80% of respondents view as either extremely important or somewhat important when selecting an open source package to use. This is followed by established policies and documentation (e.g., code of conduct, contributing guide), with 72% of respondents rating this characteristic as important.
The last two items in order of importance were having a welcoming community (65% rated as important) and a number of disclosed vulnerabilities (63%). While neither of these ranked as high as the other options, it is interesting to note that almost two-thirds of respondents still view these as key factors to look at when choosing open source projects.
We wanted to dive deeper into how developers analyze project activity. So for those who rated this as a key characteristic, we followed up by asking them which of the following activity metrics are most important to them.
Overall, 74% consider the number of days since last activity when deciding to use an open source project. While this is a low bar for respondents to think a project is in an active state, it does quickly eliminate many projects.
Another followup question asked what length of time since the last activity (e.g., commit, issue) would concern them when evaluating the health of an open source project. The results plotted in an even distribution curve, with the largest contingent of respondents falling into the “more than three months” category.
Other important factors respondents consider when evaluating an open source project include being recommended by someone they respect (61%), number of contributors (54%) and the maintainer(s) having a good reputation (51%).
Overall, these data points show that developers put a lot of thought into how they choose their open source packages, knowing that good choices will help them avoid maintenance, security and licensing headaches down the road.
But is there another opportunity here to provide developers with additional ways to help them make better choices about packages—and to have better, more actively maintained packages to choose from? We think so.
Want the full survey results in one report? Get them here now.