Wednesday, January 30, 2019

Governance on demand

I have talked about the Spectrum of Open Source Governance Models before. After rereading Nadia Eghbal's excellent post Governance without foundations I feel tempted to add one more: Governance on demand.

Why that?

Nadia suggests a theory in the last footnote of her post, "that projects only need to define governance at the first sign of conflict". Intuitively, this makes immediate sense. We have all seen the projects which seem to work very fine without any thoughts about governance, and we also have seen those projects where attempts to set up formal governance have brought things to a halt instead of serving the project. So doing it at the last responsible point in time, when you actually need it, sounds like a very attractive model.

Being able to add governance on demand needs a high level of awareness and reflection. It also needs a culture which is open to the idea of governance, has the means to facilitate discussions about it, and is able to come to a conclusion. It is the point where you have to "decide to decide".

This is not easy, especially in the context of a conflict. It can be paralysing. Making decisions without having defined structures, without having precedence, takes responsibility and courage. Maybe not everybody will go along with it. You don't know because you haven't done it before.

One model which seems to be a quite natural outcome of such a "we need governance, now" situation, is the "benevolent dictator". When conflict arises, the founder or another exposed person steps in and takes a decision. This sets a trajectory for the project, which might be right or not. It depends on the project, on the people, on the environment.

Another model which comes naturally is to follow the "those who do the work decide" principle. This adds local, high context governance. It has to be underpinned by common values and a common sense of direction, though. Otherwise it will fail to solve the kind of conflicts where active people seem to stand against each other.

If you have a strong culture, it might appear you don't need governance. If you have shared values, if you have a common mission, if people learn by imitating healthy behavior from others, then it's easy to take decisions and to preempt conflicts. This could also be called a state of implicit governance, because it is there, but it's not formulated.

If you have a strong culture, then you are also prepared to add governance on demand. This can become necessary because of growth, a changing environment,  or other factors which can't be addressed by existing intuition.

From this point of view: Build culture first and governance will follow.

These are my thoughts. I would be more than happy to hear about your thoughts as well.

Foot note: In some way "governance on demand" is not a governance model in itself, but more a meta model. It doesn't tell how the governance regarding the project then has to look like but only answers a part of the question how to get there. It is in the nature of governance models to also cover this meta level, though. Maybe "governance on demand" is more a governance element than a model in itself. It governs the evolution of governance models.

Wednesday, January 9, 2019

Beautiful GitHub labels with Terraform

Managing issues is part of the daily life of most software projects. Reacting to bug reports, feature requests, pull requests, tracking what's going on and where to put attention, all that is usually handled in the bug or issue tracker of the project's choice.

On GitHub there are the GitHub issues, and they have become quite powerful over time. Just recently GitHub added the capability to show related issues, pin issues to repositories and to move them between repositories.

One important tool to manage issues on GitHub are labels, those nicely colored badges you can add to issues to get a better overview, to filter lists and queries, or to build further automation such as the presentation of good first issues to people new to the project.

If you have a lot of labels it tends to become a bit of effort to manage them well, especially if you want to keep colors consistent and descriptions up to date. It becomes even more effort when you try to do so across different repositories. We have all seen the psychedelic potpourri of colorful labels which tends to happen when you use labels generously.

Last year I saw Mitchell Hashimoto's excellent talk about anything as code at the Open Source Datacenter Conference in Berlin. He showed there how to use Terraform to manage infrastructure as code beyond the typical management of computing infrastructure such as servers or networks. He showed how to use it for more administrative tasks such as managing teams on GitHub.

This is a great approach because it replaces clicking around in a user interface by a more programming-like approach of maintaining configurations, preferably version controlled, and applying the same rules on them as on code. So you can do pull requests, review changes, have the history of what happened in git, run tests and other automation easily, etc.

The GitHub provider for Terraform also handles labels so I thought I would give it a try to manage labels as code. Directly doing this in the Terraform configuration is possible but it's a bit cumbersome and limited in what you can do with the data in this format. So I decided to put the data into a good old YAML file and writing a bit of Python code to deal with it.

The result is beautiful-labels, a small tool to manage GitHub labels from a YAML description via Terraform. It scans your repository for existing labels and their data, creates a YAML description from it, and then provides you the tools to turn it into a Terraform configuration.

Terraform is great in handling the state of things in the cloud, it takes care of operating the API in an effective way, figuring out what needs to be updated, and gives the user control, for example by providing a dry run which tells what would change without applying the changes yet. This is all quite convenient and powerful.

One thing beautiful-labels is supposed to make easy is the management of label colors. In addition to the convenience of managing them in YAML instead of having to use the UI, it also adds the option to generate an overview of the labels as SVG, nicely grouped in categories. This helps in grouping things together using colors and generally can augment documentation about how you intend labels to be used.

The tool is in an early state but it works. I use it to manage the labels in the inqlude repository on GitHub.

You could add another step of automation by letting CI run Terraform on commits to the YAML file. Maybe something to try for the future. As managing labels is not something you usually do on a daily basis, some manual step might also be good enough.

One caveat with labels is that GitHub uses the name of the label as identifier. That usually works great but can be a bit tricky when changing the name of a label. For this case I recommend to do it in the GitHub UI for now.

There are some other approaches how to do this kind of stuff. One of them is labeler which is a nice tool written in Go to manage labels from a YAML description. It directly operates the GitHub API. The advantage is that it's self-contained but it lacks the power of Terraform in terms of state management. Another is Zach Dunn's post "How we organize GitHub issue: A simple styleguide for tagging" which introduces the notion of color-coded categories.

It's wonderful when pieces come together, such as the GitHub API, Terraform, YAML, git, and people writing open source code around that. They result in a way to beautifully manage labels without having to put in too much effort.

If you have feedback or input please don't hesitate to drop me a line. I would be happy if beautiful-labels would be useful for you as well. Let me know how it goes. :-)

Wednesday, September 5, 2018

My open source career

When I started doing free software in 1999, I came for the technology. I wanted to practice my C++ skills. I was fascinated by developing graphical user interfaces with Qt. I wanted to scratch my itch of organizing my life digitally. I started to work on KOrganizer.
I stayed for the community. I stayed for the friends I met, for the amazing people I work with, for the people using my software. There is this feeling, when you go to an event such as a conference, and you meet the people you have worked with over the internet for the first time in person, and it feels like meeting old friends. No matter how diverse their backgrounds are, there is something which holds the community together. This is why I’m still there.
And while I didn’t plan it, doing free software became my career. I did free software because I was curious, because I could apply and hone my skills, because I could learn, because there were real challenges, because I could shape what I did and how I did it, because I could work in a brilliant team, because I got direct feedback from other contributors and from people using my software, because what I did mattered to others. Putting all that together made the ideal job, and it turned out that this is something companies need and pay for.
My learning experience in the free software community went beyond technology. I also learned a lot about people, about how they work together, about organization, about leadership. I became a member of the board of KDE e.V., the foundation behind the KDE community, and this was the ideal place to learn about a lot of the non-technical aspects.
I’m an engineering manager and distinguished engineer at SUSE today. My free software work was essential in developing the technical skills which make me a distinguished engineer and the leadership skills which make me a manager. I’m still contributing to free software. It’s part of my job. It still is a way to learn, and it keeps me grounded.
I have written and talked about this before, and somehow I feel this comes together nicely in three key points which summarize what I consider to be most important:

Wednesday, July 25, 2018

I'm going to Akademy, again

A little bit less than a month and I will be at Akademy again, KDE's annual conference. This is the place where you can meet one of the most amazing open source communities. To me it's kind of my home community. This is where I have learned a lot about open source, where I contributed tons of code and other work, where I met a lot of awesome friends. I have been to most Akademy events, including the first KDE conference "Kastle" in 2003. But I missed the one last year. I'm more than happy to be back this year in Vienna on August 11.

Akademy will start with the conference on the weekend, August 11-12. I was in the program committee this year and I think we have put together an exciting program. You will see what's going on in KDE, what the community is doing on their goals of privacy, community onboarding, and productivity, hear about the activities of KDE e.V., get to know some of the students who work as part of one of the mentoring programs such as the Google Summer of Code, and much more.

It's a special honor to me to present the Akademy Awards this year together with my fellow award winners from last year. It was hard to choose because there are so many people who do great stuff in KDE. But we have identified a set of people who definitely deserve this prize. Join us at the award ceremony to find out who they are.

Being at Akademy is always special. It's such an amazing group of people hold together by a common idea, culture, and passion. You could never hire such a fantastic group. So I feel lucky that I got and took the opportunity to work with many of these people over the years.

It's also very rewarding to see new people join the community. Akademy always has this special mix of KDE dinosaurs, the young fresh people who just joined, and everything in between. The mentoring KDE does with great care and enthusiasm pays off, with interest.

Vienna is calling. I'll quickly answer the call. See you there.

Wednesday, July 11, 2018

Freedom and Fairness on the Web

There is an ongoing debate about freedom and fairness on the web. I'm coming from the free and open source software community. From this perspective it's very clear that the freedoms to use, share, and modify software are the cornerstones of sustainable software development. They create the common base on which we can all build and unleash the value of software which is said to eat the world. And the world seems to more and more agree to that.

But how does this look like with software we don't run ourselves, with software which is provided as a service? How does this apply to Facebook, to Google, to Salesforce, to all the others which run web services? The question of freedom becomes much more complicated there because software is not distributed so the means how free and open source software became successful don't apply anymore.

The scandal around data from Facebook being abused shows that there are new moral questions. The European General Data Protection Regulation has brought wide attention to the question of privacy in the context of web services. The sale of GitHub to Microsoft has stirred discussions in the open source community which relies a lot on GitHub as kind of a home for open source software. What does that mean to the freedoms of users, the freedoms of people?

I have talked about the topic of freedom and web services a lot and one result is the Fair Web Services project which is supposed to give some definitions how freedom and fairness can be preserved in a world of software services. It's an ongoing project and I hope we can create a specification for what a fair web service is as a result.

I would like to invite you to follow this project and the discussions around this topic by subscribing to the weekly Fair Web Services Newsletter I maintain for about a year now. Look at the archive to get some history and sign up to get the latest posts fresh to your inbox.

The opportunities we have with the web are mind-boggling. We can do a lot of great things there. Let's make sure we make use of these opportunities in a responsible way.

Tuesday, July 10, 2018

Mapping Open Source Governance Models

I already posted the Seven Lessons of Open Source Governance from my talk at FOSS Backstage. Another part of the talk was about a project to map open source governance models. The idea is to have a machine-readable collection of data about how different projects implement their governance and a web page showing that as an overview. This should help with learning from what others have done and provide a resource for further analysis. It's meant as a map, not a navigation system. You still will have to think about what is the right thing to do for your project.

The project is up on GitHub right now. For each project there is a YAML file collecting data such as project name, founding date, links to web sites, governance documents, statistics, or maintainer lists. It's interesting to look into the different implementations of governance there. There is a lot of good material, especially if you look at the mature and well-established foundations such as The Apache Foundation or the Eclipse Foundation. I'm also looking into syncing with some other sources which have similar data such as Choose A Foundation or Wikidata.

The web site is minimalistic now. We'll have to see for what proves to be useful and adapt it to serve these needs. Having access to the data of different projects is useful but maybe it also would be useful to have a list of code of conducts, a comparison of organisation types, or other overview pages.

If you would like to contribute some data about the governance on an open source project which is not listed there or you have more details about one which is already listed please don't hesitate to contribute. Create a pull request or an open an issue and I'll get the information added.

This is a nice small fun project. SUSE Hack Week gives me a bit of time to work on it. If you would like to join, please get in touch.

Wednesday, June 27, 2018

Seven Lessons of Open Source Governance

At the FOSS Backstage conference two weeks ago I talked about the spectrum of open source governance models. Watch the video for all the details. One key part was the seven lessons I learned during my now almost twenty years of experience working in open source projects:

Be conscious about governance, not formal

Governance is important. Your project does have a governance model even if you don't think about it or if you don't write down the rules. It governs how your project will work and how people will be able to collaborate. It will also define a big part of your culture. You don't want to leave these things to chance. So be conscious about governance.

That doesn't mean that you have to write rules and policies for everything. Often a healthy culture where people learn by following the example of the leaders and other members of the community works well. It might be tempting to create a formal structure to cover all kind of possible scenarios. But creating and maintaining policies is an expensive process. Don't be formal where you are not sure it's needed.

Spell out the fundamentals

There are some non-negotiables which have to be spelled out and written down. The license is the most important one for an open source project. You also might want to spell out some other aspects which define your culture such as values of your community or a code of conduct.

Learn from others

There is a huge number of open source projects out there. They cover many different use cases, types of technology, and flavors of community. Learn from them. Most things have already been invented.

Don't create foundations

You will know when to ignore this advice but generally don't create foundations. It's a lot of effort and needs ongoing work to keep up with the responsibilities and obligations you create by that.

There is a number of umbrella organizations your project can join. This gives most of the benefits of having an own organization such as being able to handle money but with much less work.

Beware of growth

Different stages of an open source project need different types of governance. Growth will change the dynamics of your project. Be conscious and watch out for changes in the project which require changes in the governance.

Also think about if you want to have growth at all and what kind of growth. Having many users is great but it also comes with responsibilities and expectations.

Keep your sanity

Your are working in the open. A lot of what you do is public. People will contact you and will want things from you. This can be overwhelming, especially if your project is successful. Find ways how you keep your sanity, how to avoid being stressed out by your open source work, how to keep a healthy balance between your open source work and the other parts of your life.

Be kind

That might be the most important advice. Be kind. Be respectful. Be aware of cultural differences. Make sure that people feel well and are happy in your community.

It's software development. It's all about people after all.

Governance on demand

I have talked about the Spectrum of Open Source Governance Models  before. After rereading Nadia Eghbal's excellent post Governance with...