SlideShare a Scribd company logo
1 of 29
Download to read offline
Tobie Langel, Principal, UnlockOpen
tobie@unlockopen.com
Open source contribution
policies that don’t suck!
Do you have an open source policy?
No
48%
Don't know
13%
Yes
39%
< 250 employees
61%
11%
28%
> 10,000 employees
25%
10%
65%
Source: The New Stack & Linux Foundation/TODO
Group 2018 Open Source Program Management
Survey (https://github.com/todogroup/survey)
Remember this is a biased sample!
What does not having a policy mean?
Contrary to popular belief, it does not mean that you don’t have an
open source policy at all.
It means that you don’t have a written one.
You have a policy, whether it is written
down or not. It could range from “no
open source at all” to “anything goes.” 
—Heather J. Meeker, Open Source Licensing Specialist,
author of Open Source for Business.
What does having a policy mean?
Think you’re in the right camp because you have an open source
contribution policy? Think again!
• You can have a very restrictive open source policy.
• You can have a very bureaucratic process to obtain approval.
• You can have a very opaque process to obtain approval.
None of these are fun!
PermissiveRestrictive
Implicit
Explicit
Startups
SMEs
Non-tech
enterprise
Old tech
company
Trend setters
Tech
companies
What is a policy that doesn’t suck?
Engineering
perspective
Legal
perspective
Business
perspective
What is a policy that doesn’t suck?
Permissive. Allows open source contribution to be an
integral part of the company’s engineering culture and
best practices. Based on trust and autonomy.
Explicit. The decision making process is well documented
and transparent.
Informative. The policy explains the why an helps educate
engineers.
Frictionless. Avoid bureaucracy, red tape, lengthly back
and forth with legal, etc.
Engineering
perspective
What is a policy that doesn’t suck?
Minimizes risk. Avoid:
• giving away competitive advantage,
• giving away IP that can be used defensively (or—shudders
—offensively),
• reputational damages and accidental infringements.
Consistently followed across the company. Keep contribution
under your radar. Avoid compliance issues.
Savvy about written information. Sometimes you want a
paper-trail (e.g. compliance), sometimes you don’t.
Doesn’t drown critical problems in a sea of menial issues.
Legal
perspective*
* IANAL (I am not a lawyer).
Please talk to me if you are
and want to help me
improve this slide.
What is a policy that doesn’t suck?
Engineering to be happy and productive.
Risks minimized and well understood.
Good communication between legal and engineering.
Alignment with Business goals.
Business
perspective
At the heart is a tension
Legal wants to minimize risk.
Prefers oral communication.
Manager’s schedule.
Favors spectrum thinking.
Conservative role.
Engineering wants to maximize velocity.
Prefers written communication.
Maker’s schedule.
Favors binary thinking.
Innovative role.
Coming to agreement
Acknowledge that this tension is normal. It’s just checks and balances.
Listen to both sides.
Remind them that their role is to help achieve common business goals.
• Legal’s role is to minimize risk, but not at the expense of innovation.
• Engineering’s needs can’t be fulfilled at the expense of the company’s survival.
Find common ground. A good policy will improve the life of both sides.
Align your open source activity with your business goals. If you are a patent troll,
then don’t do open source.
Accept that your open source policy will change with your business.
Contributing
open source
What is a policy really about?
Using
open source
Well understood problem, essentially:
• Using software with licenses that are compatible with your
current and future business model.
• Compliance.
Using open source
Tip: a common issue is missing licenses. Equip engineering with a process
(and issue or pull request templates) to request proper OSI-approved licenses.
Contributing
open source
Contributing
at
work
Contributing
outside of
work
Can employees contribute to open source on
their free time?
• Yes, without asking for permission.
• Yes, but must ask for permission. So that sometimes means “no”,
right?
• I don’t know.
• Nope.
Contributing outside of work
Other
4%
Don't know
37%
Must ask
12%
Yes!
47%
“How does your employer's IP agreement/policy affect your free-
time contributions to open source unrelated to your work?”
“Respondents were sampled randomly from traffic and qualifying
activity to licensed open source repositories on GitHub.com and invited
to complete the survey through a dialog box. A smaller sample was
recruited from open source communities sourced outside of GitHub, […]”
Contributing outside of work
Source: GitHub 2017 open source survey
(http://opensourcesurvey.org/2017/).
But again… this is a highly biased sample.
Contributing outside of work
Why so much confusion?
• Depends on the jurisdiction, but not uncommon, especially in the
USA, for companies to own employees’ production 24/7.
• Sometimes, extra criteria apply. For example, in California, IP
developed with company equipment—even outside of work—
belongs to the employer.
• This prevents employees from contributing to open source,
unless they ask for, and are granted permission to do so.
Contributing outside of work
The common solution: ask for permission
• Most companies have a process for this.
• Tends to focus on releasing open source or working on a limited set
of pre-approved projects.
• Breaks down when there’s a high number of dependencies (such as
for Node.js projects).
Contributing outside of work
The better solution: BEIPA
• Balanced Employee IP Agreement
• https://github.com/github/balanced-employee-ip-agreement
• Project created by GitHub, based on its own IP agreement.
• BEIPA only claims control of creations made for or relating to the
company's business.
Contributing
at
work
Patching
Releasing
Releasing open source at work
• Distinguish large open source projects you want to promote from
smaller "day to day” modules. (E.g. Google’s < 100 LoC rule.)
• Offer well oiled and well documented processes, checklists,
templates, and tooling (see: https://github.com/todogroup/policies).
• Offer help.
• Promote working in the open rather than releasing software once
it’s done. (Consider README-driven development to avoid scope creep.)
Patching open source at work
• By far the most common activity and the most important one.
• The experience must be as frictionless as possible for engineers.
• Surface the process by which decisions are made and trust
engineers to do the right thing. This let’s legal focus on the
difficult cases.
• Cache decisions (build approve- and deny- lists) so that the
process gets faster as time goes by.
Outside of
work
Patching
Using
open source
Releasing
At work
Contributing open source
Turn your policy into an app!
• Automatically approve requests that meet pre-established
requirements (e.g. patch an MIT-licensed open source project on
GitHub).
• Automatically reject requests that don’t meet your criteria (but
allow motivated appeals).
• Manually handle other requests and cache the decision so more
gets automated over time.
Using such a system, Adobe was able to shorten it’s review time
from 4.6 days to 4.6 hours.
Turn your policy into an app!
Using such a system, Adobe was able to shorten it’s review time
from 4.6 days to 4.6 hours.
But there’s more. The data collected can help:
• understand your open source activity,
• promote it,
• connect engineers unknowingly contributing to the same projects,
• etc.
Turn your policy into an app!
Thank you!
Tobie Langel (@tobie)
Principal, UnlockOpen
tobie@unlockopen.com

More Related Content

What's hot

Impactful SE Research: Some Do's and More Don'ts
Impactful SE Research: Some Do's and More Don'tsImpactful SE Research: Some Do's and More Don'ts
Impactful SE Research: Some Do's and More Don'tsGail Murphy
 
Global Complex Project - How to deliver efficiently.
Global Complex Project - How to deliver efficiently.Global Complex Project - How to deliver efficiently.
Global Complex Project - How to deliver efficiently.Sunny Menon
 
Publishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic PublishersPublishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic PublishersCraig Miller
 
Mark Graban Deming Red Bead 2016 SHS
Mark Graban Deming Red Bead 2016 SHSMark Graban Deming Red Bead 2016 SHS
Mark Graban Deming Red Bead 2016 SHSMark Graban
 
The Real Lessons of Dr. Deming’s Red Bead Factory
The Real Lessons of Dr. Deming’s Red Bead FactoryThe Real Lessons of Dr. Deming’s Red Bead Factory
The Real Lessons of Dr. Deming’s Red Bead FactoryMark Graban
 
Winnipeg ISACA Security is Dead, Rugged DevOps
Winnipeg ISACA Security is Dead, Rugged DevOpsWinnipeg ISACA Security is Dead, Rugged DevOps
Winnipeg ISACA Security is Dead, Rugged DevOpsGene Kim
 
DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...
DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...
DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...Gene Kim
 
[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...
[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...
[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...Ho Chi Minh City Software Testing Club
 
Agility from First Principles
Agility from First PrinciplesAgility from First Principles
Agility from First PrinciplesTathagat Varma
 
Managing international software projects interactively using scrum
Managing international software projects interactively using scrumManaging international software projects interactively using scrum
Managing international software projects interactively using scrumPeter Horsten
 
Webinar - Design thinking 101 - 2018-07-24
Webinar - Design thinking 101 - 2018-07-24Webinar - Design thinking 101 - 2018-07-24
Webinar - Design thinking 101 - 2018-07-24TechSoup
 
Kim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev ops
Kim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev opsKim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev ops
Kim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev opsGene Kim
 
Implementing Licensing— A Journey
Implementing Licensing— A JourneyImplementing Licensing— A Journey
Implementing Licensing— A JourneyFlexera
 
How to get what you really want from Testing' with Michael Bolton
How to get what you really want from Testing' with Michael BoltonHow to get what you really want from Testing' with Michael Bolton
How to get what you really want from Testing' with Michael BoltonTEST Huddle
 
Using Periodic Audits To Prevent Catastrophic Project Failure
Using Periodic Audits To Prevent Catastrophic Project FailureUsing Periodic Audits To Prevent Catastrophic Project Failure
Using Periodic Audits To Prevent Catastrophic Project Failureicgfmconference
 
2012 05 corp fin 1c
2012 05 corp fin 1c2012 05 corp fin 1c
2012 05 corp fin 1cGene Kim
 

What's hot (20)

Impactful SE Research: Some Do's and More Don'ts
Impactful SE Research: Some Do's and More Don'tsImpactful SE Research: Some Do's and More Don'ts
Impactful SE Research: Some Do's and More Don'ts
 
Global Complex Project - How to deliver efficiently.
Global Complex Project - How to deliver efficiently.Global Complex Project - How to deliver efficiently.
Global Complex Project - How to deliver efficiently.
 
Publishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic PublishersPublishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic Publishers
 
2016 metrics-as-culture
2016 metrics-as-culture2016 metrics-as-culture
2016 metrics-as-culture
 
Mark Graban Deming Red Bead 2016 SHS
Mark Graban Deming Red Bead 2016 SHSMark Graban Deming Red Bead 2016 SHS
Mark Graban Deming Red Bead 2016 SHS
 
Lean Security
Lean SecurityLean Security
Lean Security
 
The Real Lessons of Dr. Deming’s Red Bead Factory
The Real Lessons of Dr. Deming’s Red Bead FactoryThe Real Lessons of Dr. Deming’s Red Bead Factory
The Real Lessons of Dr. Deming’s Red Bead Factory
 
Winnipeg ISACA Security is Dead, Rugged DevOps
Winnipeg ISACA Security is Dead, Rugged DevOpsWinnipeg ISACA Security is Dead, Rugged DevOps
Winnipeg ISACA Security is Dead, Rugged DevOps
 
Getting your work funded
Getting your work fundedGetting your work funded
Getting your work funded
 
DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...
DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...
DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...
 
[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...
[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...
[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...
 
Agility from First Principles
Agility from First PrinciplesAgility from First Principles
Agility from First Principles
 
Fables fantasies and facts
Fables fantasies and factsFables fantasies and facts
Fables fantasies and facts
 
Managing international software projects interactively using scrum
Managing international software projects interactively using scrumManaging international software projects interactively using scrum
Managing international software projects interactively using scrum
 
Webinar - Design thinking 101 - 2018-07-24
Webinar - Design thinking 101 - 2018-07-24Webinar - Design thinking 101 - 2018-07-24
Webinar - Design thinking 101 - 2018-07-24
 
Kim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev ops
Kim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev opsKim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev ops
Kim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev ops
 
Implementing Licensing— A Journey
Implementing Licensing— A JourneyImplementing Licensing— A Journey
Implementing Licensing— A Journey
 
How to get what you really want from Testing' with Michael Bolton
How to get what you really want from Testing' with Michael BoltonHow to get what you really want from Testing' with Michael Bolton
How to get what you really want from Testing' with Michael Bolton
 
Using Periodic Audits To Prevent Catastrophic Project Failure
Using Periodic Audits To Prevent Catastrophic Project FailureUsing Periodic Audits To Prevent Catastrophic Project Failure
Using Periodic Audits To Prevent Catastrophic Project Failure
 
2012 05 corp fin 1c
2012 05 corp fin 1c2012 05 corp fin 1c
2012 05 corp fin 1c
 

Similar to Open source contribution policies, OW2online, June 2020

'Open source contribution policies that don’t suck!'
'Open source contribution policies that don’t suck!''Open source contribution policies that don’t suck!'
'Open source contribution policies that don’t suck!'Shane Coughlan
 
To Open Source or Not to Open Source...Where is the ROI?
To Open Source or Not to Open Source...Where is the ROI?To Open Source or Not to Open Source...Where is the ROI?
To Open Source or Not to Open Source...Where is the ROI?Ted Haeger
 
InnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyInnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyEric Caron
 
Open Source Craft at Twitter
Open Source Craft at TwitterOpen Source Craft at Twitter
Open Source Craft at TwitterChris Aniszczyk
 
IDCEE 2013: How to do a successful company around open source - Michael Widen...
IDCEE 2013: How to do a successful company around open source - Michael Widen...IDCEE 2013: How to do a successful company around open source - Michael Widen...
IDCEE 2013: How to do a successful company around open source - Michael Widen...IDCEE
 
Cannibis Program Webinar Series - Roman Arzhintar on Collaborative Product B...
Cannibis Program Webinar Series -  Roman Arzhintar on Collaborative Product B...Cannibis Program Webinar Series -  Roman Arzhintar on Collaborative Product B...
Cannibis Program Webinar Series - Roman Arzhintar on Collaborative Product B...Vator
 
Micheal Monty Widenius - Free Open Source Software Entrepreneurship
Micheal Monty Widenius -  Free Open Source Software EntrepreneurshipMicheal Monty Widenius -  Free Open Source Software Entrepreneurship
Micheal Monty Widenius - Free Open Source Software EntrepreneurshipSouth Tyrol Free Software Conference
 
Questions On Technical Design Decisions
Questions On Technical Design DecisionsQuestions On Technical Design Decisions
Questions On Technical Design DecisionsRikki Wright
 
Onboarding Freelancers LinkedIn Group Deck
Onboarding Freelancers LinkedIn Group Deck Onboarding Freelancers LinkedIn Group Deck
Onboarding Freelancers LinkedIn Group Deck Business901
 
Open Source Product Management with KEMP Tech's PM
Open Source Product Management with KEMP Tech's PMOpen Source Product Management with KEMP Tech's PM
Open Source Product Management with KEMP Tech's PMProduct School
 
Make Your Payroll Selection and Implementation a Success
Make Your Payroll Selection and Implementation a SuccessMake Your Payroll Selection and Implementation a Success
Make Your Payroll Selection and Implementation a SuccessNet at Work
 
From Technical Debt to Technical Health
From Technical Debt to Technical HealthFrom Technical Debt to Technical Health
From Technical Debt to Technical HealthDeclan Whelan
 
OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)
OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)
OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)FINOS
 
Open Source Horror Stories and Lessons Learned
Open Source Horror Stories and Lessons LearnedOpen Source Horror Stories and Lessons Learned
Open Source Horror Stories and Lessons LearnedOpen Source Strategy Forum
 
(PROJEKTURA) agileadria agile for corporations
(PROJEKTURA) agileadria agile for corporations(PROJEKTURA) agileadria agile for corporations
(PROJEKTURA) agileadria agile for corporationsRatko Mutavdzic
 
Open Source Product Management
Open Source Product ManagementOpen Source Product Management
Open Source Product ManagementDanny Rosen
 
Build your Own Technology Roadmap!
Build your Own Technology Roadmap!Build your Own Technology Roadmap!
Build your Own Technology Roadmap!Sascha Wenninger
 
Os Nolen Gebhart
Os Nolen GebhartOs Nolen Gebhart
Os Nolen Gebhartoscon2007
 
Scaling Software Delivery.pdf
Scaling Software Delivery.pdfScaling Software Delivery.pdf
Scaling Software Delivery.pdfTiffany Jachja
 

Similar to Open source contribution policies, OW2online, June 2020 (20)

'Open source contribution policies that don’t suck!'
'Open source contribution policies that don’t suck!''Open source contribution policies that don’t suck!'
'Open source contribution policies that don’t suck!'
 
To Open Source or Not to Open Source...Where is the ROI?
To Open Source or Not to Open Source...Where is the ROI?To Open Source or Not to Open Source...Where is the ROI?
To Open Source or Not to Open Source...Where is the ROI?
 
InnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyInnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your company
 
Open Source Craft at Twitter
Open Source Craft at TwitterOpen Source Craft at Twitter
Open Source Craft at Twitter
 
IDCEE 2013: How to do a successful company around open source - Michael Widen...
IDCEE 2013: How to do a successful company around open source - Michael Widen...IDCEE 2013: How to do a successful company around open source - Michael Widen...
IDCEE 2013: How to do a successful company around open source - Michael Widen...
 
Cannibis Program Webinar Series - Roman Arzhintar on Collaborative Product B...
Cannibis Program Webinar Series -  Roman Arzhintar on Collaborative Product B...Cannibis Program Webinar Series -  Roman Arzhintar on Collaborative Product B...
Cannibis Program Webinar Series - Roman Arzhintar on Collaborative Product B...
 
Micheal Monty Widenius - Free Open Source Software Entrepreneurship
Micheal Monty Widenius -  Free Open Source Software EntrepreneurshipMicheal Monty Widenius -  Free Open Source Software Entrepreneurship
Micheal Monty Widenius - Free Open Source Software Entrepreneurship
 
Questions On Technical Design Decisions
Questions On Technical Design DecisionsQuestions On Technical Design Decisions
Questions On Technical Design Decisions
 
Onboarding Freelancers LinkedIn Group Deck
Onboarding Freelancers LinkedIn Group Deck Onboarding Freelancers LinkedIn Group Deck
Onboarding Freelancers LinkedIn Group Deck
 
Open Source Product Management with KEMP Tech's PM
Open Source Product Management with KEMP Tech's PMOpen Source Product Management with KEMP Tech's PM
Open Source Product Management with KEMP Tech's PM
 
Make Your Payroll Selection and Implementation a Success
Make Your Payroll Selection and Implementation a SuccessMake Your Payroll Selection and Implementation a Success
Make Your Payroll Selection and Implementation a Success
 
From Technical Debt to Technical Health
From Technical Debt to Technical HealthFrom Technical Debt to Technical Health
From Technical Debt to Technical Health
 
OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)
OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)
OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)
 
Open Source Horror Stories and Lessons Learned
Open Source Horror Stories and Lessons LearnedOpen Source Horror Stories and Lessons Learned
Open Source Horror Stories and Lessons Learned
 
(PROJEKTURA) agileadria agile for corporations
(PROJEKTURA) agileadria agile for corporations(PROJEKTURA) agileadria agile for corporations
(PROJEKTURA) agileadria agile for corporations
 
Open Source Product Management
Open Source Product ManagementOpen Source Product Management
Open Source Product Management
 
Build your Own Technology Roadmap!
Build your Own Technology Roadmap!Build your Own Technology Roadmap!
Build your Own Technology Roadmap!
 
Let's talk FOSS!
Let's talk FOSS!Let's talk FOSS!
Let's talk FOSS!
 
Os Nolen Gebhart
Os Nolen GebhartOs Nolen Gebhart
Os Nolen Gebhart
 
Scaling Software Delivery.pdf
Scaling Software Delivery.pdfScaling Software Delivery.pdf
Scaling Software Delivery.pdf
 

More from OW2

OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in RomaOW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in RomaOW2
 
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...OW2
 
GLPi v.10, les fonctionnalités principales et l'offre cloud
GLPi v.10, les fonctionnalités principales et l'offre cloudGLPi v.10, les fonctionnalités principales et l'offre cloud
GLPi v.10, les fonctionnalités principales et l'offre cloudOW2
 
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...OW2
 
FusionIAM : la gestion des identités et des accés open source
FusionIAM : la gestion des identités et des accés open sourceFusionIAM : la gestion des identités et des accés open source
FusionIAM : la gestion des identités et des accés open sourceOW2
 
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...OW2
 
SFScon'20 Bringing the User into the Equation
SFScon'20 Bringing the User into the EquationSFScon'20 Bringing the User into the Equation
SFScon'20 Bringing the User into the EquationOW2
 
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
Towards a sustainable solution to open source sustainability, OW2online20, Ju...Towards a sustainable solution to open source sustainability, OW2online20, Ju...
Towards a sustainable solution to open source sustainability, OW2online20, Ju...OW2
 
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...OW2
 
Open Source governance and the Eclipse Foundation, OW2online, June 2020
Open Source governance and the Eclipse Foundation, OW2online, June 2020Open Source governance and the Eclipse Foundation, OW2online, June 2020
Open Source governance and the Eclipse Foundation, OW2online, June 2020OW2
 
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...OW2
 
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020OW2
 
Open Source Compliance at Orange, OW2online, June 2020
Open Source Compliance at Orange, OW2online, June 2020Open Source Compliance at Orange, OW2online, June 2020
Open Source Compliance at Orange, OW2online, June 2020OW2
 
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020OW2
 
Intelligent package management with FASTEN, OW2online, June 2020
Intelligent package management with FASTEN, OW2online, June 2020Intelligent package management with FASTEN, OW2online, June 2020
Intelligent package management with FASTEN, OW2online, June 2020OW2
 
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020OW2
 
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...OW2
 
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...OW2
 
Cacti and Big Data at Orange France, OW2online, June 2020
Cacti and Big Data at Orange France, OW2online, June 2020Cacti and Big Data at Orange France, OW2online, June 2020
Cacti and Big Data at Orange France, OW2online, June 2020OW2
 
Open Source Geographic Information System at Orange, OW2online, June 2020
Open Source Geographic Information System at Orange, OW2online, June 2020Open Source Geographic Information System at Orange, OW2online, June 2020
Open Source Geographic Information System at Orange, OW2online, June 2020OW2
 

More from OW2 (20)

OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in RomaOW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
 
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
 
GLPi v.10, les fonctionnalités principales et l'offre cloud
GLPi v.10, les fonctionnalités principales et l'offre cloudGLPi v.10, les fonctionnalités principales et l'offre cloud
GLPi v.10, les fonctionnalités principales et l'offre cloud
 
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
 
FusionIAM : la gestion des identités et des accés open source
FusionIAM : la gestion des identités et des accés open sourceFusionIAM : la gestion des identités et des accés open source
FusionIAM : la gestion des identités et des accés open source
 
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
 
SFScon'20 Bringing the User into the Equation
SFScon'20 Bringing the User into the EquationSFScon'20 Bringing the User into the Equation
SFScon'20 Bringing the User into the Equation
 
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
Towards a sustainable solution to open source sustainability, OW2online20, Ju...Towards a sustainable solution to open source sustainability, OW2online20, Ju...
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
 
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
 
Open Source governance and the Eclipse Foundation, OW2online, June 2020
Open Source governance and the Eclipse Foundation, OW2online, June 2020Open Source governance and the Eclipse Foundation, OW2online, June 2020
Open Source governance and the Eclipse Foundation, OW2online, June 2020
 
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
 
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
 
Open Source Compliance at Orange, OW2online, June 2020
Open Source Compliance at Orange, OW2online, June 2020Open Source Compliance at Orange, OW2online, June 2020
Open Source Compliance at Orange, OW2online, June 2020
 
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
 
Intelligent package management with FASTEN, OW2online, June 2020
Intelligent package management with FASTEN, OW2online, June 2020Intelligent package management with FASTEN, OW2online, June 2020
Intelligent package management with FASTEN, OW2online, June 2020
 
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
 
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
 
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
 
Cacti and Big Data at Orange France, OW2online, June 2020
Cacti and Big Data at Orange France, OW2online, June 2020Cacti and Big Data at Orange France, OW2online, June 2020
Cacti and Big Data at Orange France, OW2online, June 2020
 
Open Source Geographic Information System at Orange, OW2online, June 2020
Open Source Geographic Information System at Orange, OW2online, June 2020Open Source Geographic Information System at Orange, OW2online, June 2020
Open Source Geographic Information System at Orange, OW2online, June 2020
 

Recently uploaded

Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...ScyllaDB
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPTiSEO AI
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...panagenda
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Hiroshi SHIBATA
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 

Recently uploaded (20)

Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 

Open source contribution policies, OW2online, June 2020

  • 1. Tobie Langel, Principal, UnlockOpen tobie@unlockopen.com Open source contribution policies that don’t suck!
  • 2. Do you have an open source policy? No 48% Don't know 13% Yes 39% < 250 employees 61% 11% 28% > 10,000 employees 25% 10% 65% Source: The New Stack & Linux Foundation/TODO Group 2018 Open Source Program Management Survey (https://github.com/todogroup/survey) Remember this is a biased sample!
  • 3. What does not having a policy mean? Contrary to popular belief, it does not mean that you don’t have an open source policy at all. It means that you don’t have a written one. You have a policy, whether it is written down or not. It could range from “no open source at all” to “anything goes.”  —Heather J. Meeker, Open Source Licensing Specialist, author of Open Source for Business.
  • 4. What does having a policy mean? Think you’re in the right camp because you have an open source contribution policy? Think again! • You can have a very restrictive open source policy. • You can have a very bureaucratic process to obtain approval. • You can have a very opaque process to obtain approval. None of these are fun!
  • 6. What is a policy that doesn’t suck? Engineering perspective Legal perspective Business perspective
  • 7. What is a policy that doesn’t suck? Permissive. Allows open source contribution to be an integral part of the company’s engineering culture and best practices. Based on trust and autonomy. Explicit. The decision making process is well documented and transparent. Informative. The policy explains the why an helps educate engineers. Frictionless. Avoid bureaucracy, red tape, lengthly back and forth with legal, etc. Engineering perspective
  • 8. What is a policy that doesn’t suck? Minimizes risk. Avoid: • giving away competitive advantage, • giving away IP that can be used defensively (or—shudders —offensively), • reputational damages and accidental infringements. Consistently followed across the company. Keep contribution under your radar. Avoid compliance issues. Savvy about written information. Sometimes you want a paper-trail (e.g. compliance), sometimes you don’t. Doesn’t drown critical problems in a sea of menial issues. Legal perspective* * IANAL (I am not a lawyer). Please talk to me if you are and want to help me improve this slide.
  • 9. What is a policy that doesn’t suck? Engineering to be happy and productive. Risks minimized and well understood. Good communication between legal and engineering. Alignment with Business goals. Business perspective
  • 10. At the heart is a tension Legal wants to minimize risk. Prefers oral communication. Manager’s schedule. Favors spectrum thinking. Conservative role. Engineering wants to maximize velocity. Prefers written communication. Maker’s schedule. Favors binary thinking. Innovative role.
  • 11. Coming to agreement Acknowledge that this tension is normal. It’s just checks and balances. Listen to both sides. Remind them that their role is to help achieve common business goals. • Legal’s role is to minimize risk, but not at the expense of innovation. • Engineering’s needs can’t be fulfilled at the expense of the company’s survival. Find common ground. A good policy will improve the life of both sides. Align your open source activity with your business goals. If you are a patent troll, then don’t do open source. Accept that your open source policy will change with your business.
  • 12. Contributing open source What is a policy really about? Using open source
  • 13. Well understood problem, essentially: • Using software with licenses that are compatible with your current and future business model. • Compliance. Using open source Tip: a common issue is missing licenses. Equip engineering with a process (and issue or pull request templates) to request proper OSI-approved licenses.
  • 16. Can employees contribute to open source on their free time? • Yes, without asking for permission. • Yes, but must ask for permission. So that sometimes means “no”, right? • I don’t know. • Nope. Contributing outside of work
  • 17. Other 4% Don't know 37% Must ask 12% Yes! 47% “How does your employer's IP agreement/policy affect your free- time contributions to open source unrelated to your work?” “Respondents were sampled randomly from traffic and qualifying activity to licensed open source repositories on GitHub.com and invited to complete the survey through a dialog box. A smaller sample was recruited from open source communities sourced outside of GitHub, […]” Contributing outside of work Source: GitHub 2017 open source survey (http://opensourcesurvey.org/2017/). But again… this is a highly biased sample.
  • 18. Contributing outside of work Why so much confusion? • Depends on the jurisdiction, but not uncommon, especially in the USA, for companies to own employees’ production 24/7. • Sometimes, extra criteria apply. For example, in California, IP developed with company equipment—even outside of work— belongs to the employer. • This prevents employees from contributing to open source, unless they ask for, and are granted permission to do so.
  • 19. Contributing outside of work The common solution: ask for permission • Most companies have a process for this. • Tends to focus on releasing open source or working on a limited set of pre-approved projects. • Breaks down when there’s a high number of dependencies (such as for Node.js projects).
  • 20. Contributing outside of work The better solution: BEIPA • Balanced Employee IP Agreement • https://github.com/github/balanced-employee-ip-agreement • Project created by GitHub, based on its own IP agreement. • BEIPA only claims control of creations made for or relating to the company's business.
  • 23. Releasing open source at work • Distinguish large open source projects you want to promote from smaller "day to day” modules. (E.g. Google’s < 100 LoC rule.) • Offer well oiled and well documented processes, checklists, templates, and tooling (see: https://github.com/todogroup/policies). • Offer help. • Promote working in the open rather than releasing software once it’s done. (Consider README-driven development to avoid scope creep.)
  • 24. Patching open source at work • By far the most common activity and the most important one. • The experience must be as frictionless as possible for engineers. • Surface the process by which decisions are made and trust engineers to do the right thing. This let’s legal focus on the difficult cases. • Cache decisions (build approve- and deny- lists) so that the process gets faster as time goes by.
  • 26. Turn your policy into an app! • Automatically approve requests that meet pre-established requirements (e.g. patch an MIT-licensed open source project on GitHub). • Automatically reject requests that don’t meet your criteria (but allow motivated appeals). • Manually handle other requests and cache the decision so more gets automated over time.
  • 27. Using such a system, Adobe was able to shorten it’s review time from 4.6 days to 4.6 hours. Turn your policy into an app!
  • 28. Using such a system, Adobe was able to shorten it’s review time from 4.6 days to 4.6 hours. But there’s more. The data collected can help: • understand your open source activity, • promote it, • connect engineers unknowingly contributing to the same projects, • etc. Turn your policy into an app!
  • 29. Thank you! Tobie Langel (@tobie) Principal, UnlockOpen tobie@unlockopen.com