SlideShare a Scribd company logo
1 of 10
Download to read offline
The Open Source Contribution Policy at DB Systel
DB Systel GmbH | Schlomo Schapiro | Chief Technology Office | @schlomoschapiro | 14.02.2019
Platzhalter für Titelbild – Hier können Sie Bilder aus der Mediathek einfügen!
Placeholder for title picture – You can insert here pictures from the Mediathek!
© Sebastian Scholl / Flickr
2
Use Contribute Sponsor
Governance
Automate
Motivation
• Image
• Benefit from Open Source innovation
• Active participation in Open Source community
• Reduce risks and vendor dependencies
• Developers
• Developers want it – we want Developers
• Reduce cost and effort for maintaining internal
forks
• Affect product direction
• Collaborate on software
• Get external review and improvements for own
software
• Simplify internal processes
3
to Contribute
Just do it?
• Legal risks
• Financial risks
• Compliance risks
• Liability
• Software Patents
• Protect intellectual property
• Leak internal information
• Lost earnings
• Lost business opportunities
• Distraction
• No business value
Trust
our
employees?
4
Learn from others
https://opensource.google.com/docs/
• Creating – Using – Growing
• Internal tool for approval workflow
• No approval and no review required
• For patches to
• Any project which is a public repo on GitHub, and is
under the Apache 2, MIT, BSD, LGPL*, GPL*, MPL,
EPL, ISC, CC-BY, CC-BY-SA, OFL, MS-PL, Boost
Software License, or Artistic licenses, and does not
require you to sign anything not found on the pre-
approved CLA list below, and is not on the list below of
projects that require SVP approval.
• Any repo for which you’ve already been given blanket
approval from OSPO or used the approval form once.
• Any Google-maintained open source project like
Chromium, Android, Go, etc.
• Snippets (<100 lines of code, especially if not checked into
a repo)
• Stack Overflow, bug reports, …
https://opensource.zalando.com/docs/using/contributing/
• “Don’t contribute code which gives us an edge over
competitors”
• “Upstream code contributions are also encouraged and is a
natural extension of our dependency of open source projects
in our tech stack.”
• “Non-code contributions … are all sanctioned and
encouraged as part of your employment at Zalando”
• “[Contributions] are sanctioned and does not require a
review. Simply ensure that the project you are contributing
to is not licensed under AGPL.”
See https://github.com/todogroup/policies for other examples
5
Design goals
• Open Source Steward governs process
• Contribution is a business decision
• Legal and compliance requirements
must be fulfilled
• Line managers and product owners
approve contributions
• 2nd approval for „large“ contributions
• Limits for approval similar to
purchase order limits
• Paperless workflow
• Central tracking and reporting of contributions
• Release early, release often
• Features by user demand
• Public review process
• Pairworking
• External feedback
6
Implementation
Contributions
Contributions and New Open Source Projects
7
Code
Code
Code
Code
Name
License
Check License Check Code
New Open
Source
Project
Policy version 2
Next steps
• Small contributions
• Stack Overflow
• Small patches
• Documentation
• Build Scripts
• < 100 lines of code
• More specific definitions for handling copyright notices …
• Whitelisting approved Open Source projects for future contributions without review
• Approve projects or contributors?
• Code of Conduct
• Inspect and Adapt
February 2019
8
Q&A
DB Systel Open Source Policies
github.com/dbsystel/open-source-policies
DevOps
bit.ly/5pdops
Contact
@schlomoschapiro
schlomo.schapiro@deutschebahn.com
Slides
go.schapiro.org/slides
Vielen Dank für Ihre Aufmerksamkeit

More Related Content

What's hot

London DevOps Meetup - PaaS as a platform for devops
London DevOps Meetup - PaaS as a platform for devopsLondon DevOps Meetup - PaaS as a platform for devops
London DevOps Meetup - PaaS as a platform for devopsJeremy Brown
 
Zürich Saas Meetup: Software as a Service Architecture
Zürich Saas Meetup: Software as a Service ArchitectureZürich Saas Meetup: Software as a Service Architecture
Zürich Saas Meetup: Software as a Service ArchitectureRoman Weis
 
Red Hat Forum London 2014 - Delivering Innovation at Speed, A JBoss Perspective
Red Hat Forum London 2014 - Delivering Innovation at Speed, A JBoss PerspectiveRed Hat Forum London 2014 - Delivering Innovation at Speed, A JBoss Perspective
Red Hat Forum London 2014 - Delivering Innovation at Speed, A JBoss PerspectiveJeremy Brown
 
Application evolution strategy - Eran Stiller
Application evolution strategy - Eran StillerApplication evolution strategy - Eran Stiller
Application evolution strategy - Eran StillerCodeValue
 
Jose Quaresma "DevOps in the Enterprise: what I have learned so far"
Jose Quaresma "DevOps in the Enterprise: what I have learned so far"Jose Quaresma "DevOps in the Enterprise: what I have learned so far"
Jose Quaresma "DevOps in the Enterprise: what I have learned so far"Fwdays
 
Berlioz - Delivering Microservices Applications
Berlioz - Delivering Microservices ApplicationsBerlioz - Delivering Microservices Applications
Berlioz - Delivering Microservices ApplicationsRuben Hakopian
 
Writing Slack Bots in JavaScript
Writing Slack Bots in JavaScriptWriting Slack Bots in JavaScript
Writing Slack Bots in JavaScriptNiklas Heidloff
 
Is Platform Engineering the new Ops?
Is Platform Engineering the new Ops?Is Platform Engineering the new Ops?
Is Platform Engineering the new Ops?Philipp Garbe
 
It's all about feedback - code review as a great tool in the agile toolbox
It's all about feedback - code review as a great tool in the agile toolboxIt's all about feedback - code review as a great tool in the agile toolbox
It's all about feedback - code review as a great tool in the agile toolboxStefan Lay
 
Nir Doboviski: In Space No One Can Hear Microservices Scream – a Microservice...
Nir Doboviski: In Space No One Can Hear Microservices Scream – a Microservice...Nir Doboviski: In Space No One Can Hear Microservices Scream – a Microservice...
Nir Doboviski: In Space No One Can Hear Microservices Scream – a Microservice...CodeValue
 
Google deployment manager
Google deployment managerGoogle deployment manager
Google deployment managerLuillyfe Blanco
 
Get Up to Speed with Project Tiny
Get Up to Speed with Project TinyGet Up to Speed with Project Tiny
Get Up to Speed with Project TinyUnity Technologies
 
RHTE 2016 - Four Stories for the Red Hat Cloud Suite
RHTE 2016 - Four Stories for the Red Hat Cloud SuiteRHTE 2016 - Four Stories for the Red Hat Cloud Suite
RHTE 2016 - Four Stories for the Red Hat Cloud SuiteEric D. Schabell
 
Real World Transformation Experiences at StubHub
Real World Transformation Experiences at StubHubReal World Transformation Experiences at StubHub
Real World Transformation Experiences at StubHubVMware Tanzu
 
Documentation-driven development for Python web APIs v2
Documentation-driven development for Python web APIs v2Documentation-driven development for Python web APIs v2
Documentation-driven development for Python web APIs v2José Haro Peralta
 
Combining OpenWhisk (serverless), Open API (swagger) and API Connect to build...
Combining OpenWhisk (serverless), Open API (swagger) and API Connect to build...Combining OpenWhisk (serverless), Open API (swagger) and API Connect to build...
Combining OpenWhisk (serverless), Open API (swagger) and API Connect to build...Joe Sepi
 
Building Serverless Applications on the Apache OpenWhisk Platform
Building Serverless Applications on the Apache OpenWhisk PlatformBuilding Serverless Applications on the Apache OpenWhisk Platform
Building Serverless Applications on the Apache OpenWhisk PlatformJoe Sepi
 
Codemotion Amsterdam 2016 - The DevOps Disaster
Codemotion Amsterdam 2016 - The DevOps DisasterCodemotion Amsterdam 2016 - The DevOps Disaster
Codemotion Amsterdam 2016 - The DevOps DisasterBert Jan Schrijver
 
Pivotal Cloud Foundry et Microsoft: Pourquoi? ... Et pourquoi pas?
 Pivotal Cloud Foundry et Microsoft: Pourquoi? ... Et pourquoi pas? Pivotal Cloud Foundry et Microsoft: Pourquoi? ... Et pourquoi pas?
Pivotal Cloud Foundry et Microsoft: Pourquoi? ... Et pourquoi pas?VMware Tanzu
 

What's hot (20)

London DevOps Meetup - PaaS as a platform for devops
London DevOps Meetup - PaaS as a platform for devopsLondon DevOps Meetup - PaaS as a platform for devops
London DevOps Meetup - PaaS as a platform for devops
 
Zürich Saas Meetup: Software as a Service Architecture
Zürich Saas Meetup: Software as a Service ArchitectureZürich Saas Meetup: Software as a Service Architecture
Zürich Saas Meetup: Software as a Service Architecture
 
Red Hat Forum London 2014 - Delivering Innovation at Speed, A JBoss Perspective
Red Hat Forum London 2014 - Delivering Innovation at Speed, A JBoss PerspectiveRed Hat Forum London 2014 - Delivering Innovation at Speed, A JBoss Perspective
Red Hat Forum London 2014 - Delivering Innovation at Speed, A JBoss Perspective
 
Application evolution strategy - Eran Stiller
Application evolution strategy - Eran StillerApplication evolution strategy - Eran Stiller
Application evolution strategy - Eran Stiller
 
Jose Quaresma "DevOps in the Enterprise: what I have learned so far"
Jose Quaresma "DevOps in the Enterprise: what I have learned so far"Jose Quaresma "DevOps in the Enterprise: what I have learned so far"
Jose Quaresma "DevOps in the Enterprise: what I have learned so far"
 
Generative models in the arts
Generative models in the artsGenerative models in the arts
Generative models in the arts
 
Berlioz - Delivering Microservices Applications
Berlioz - Delivering Microservices ApplicationsBerlioz - Delivering Microservices Applications
Berlioz - Delivering Microservices Applications
 
Writing Slack Bots in JavaScript
Writing Slack Bots in JavaScriptWriting Slack Bots in JavaScript
Writing Slack Bots in JavaScript
 
Is Platform Engineering the new Ops?
Is Platform Engineering the new Ops?Is Platform Engineering the new Ops?
Is Platform Engineering the new Ops?
 
It's all about feedback - code review as a great tool in the agile toolbox
It's all about feedback - code review as a great tool in the agile toolboxIt's all about feedback - code review as a great tool in the agile toolbox
It's all about feedback - code review as a great tool in the agile toolbox
 
Nir Doboviski: In Space No One Can Hear Microservices Scream – a Microservice...
Nir Doboviski: In Space No One Can Hear Microservices Scream – a Microservice...Nir Doboviski: In Space No One Can Hear Microservices Scream – a Microservice...
Nir Doboviski: In Space No One Can Hear Microservices Scream – a Microservice...
 
Google deployment manager
Google deployment managerGoogle deployment manager
Google deployment manager
 
Get Up to Speed with Project Tiny
Get Up to Speed with Project TinyGet Up to Speed with Project Tiny
Get Up to Speed with Project Tiny
 
RHTE 2016 - Four Stories for the Red Hat Cloud Suite
RHTE 2016 - Four Stories for the Red Hat Cloud SuiteRHTE 2016 - Four Stories for the Red Hat Cloud Suite
RHTE 2016 - Four Stories for the Red Hat Cloud Suite
 
Real World Transformation Experiences at StubHub
Real World Transformation Experiences at StubHubReal World Transformation Experiences at StubHub
Real World Transformation Experiences at StubHub
 
Documentation-driven development for Python web APIs v2
Documentation-driven development for Python web APIs v2Documentation-driven development for Python web APIs v2
Documentation-driven development for Python web APIs v2
 
Combining OpenWhisk (serverless), Open API (swagger) and API Connect to build...
Combining OpenWhisk (serverless), Open API (swagger) and API Connect to build...Combining OpenWhisk (serverless), Open API (swagger) and API Connect to build...
Combining OpenWhisk (serverless), Open API (swagger) and API Connect to build...
 
Building Serverless Applications on the Apache OpenWhisk Platform
Building Serverless Applications on the Apache OpenWhisk PlatformBuilding Serverless Applications on the Apache OpenWhisk Platform
Building Serverless Applications on the Apache OpenWhisk Platform
 
Codemotion Amsterdam 2016 - The DevOps Disaster
Codemotion Amsterdam 2016 - The DevOps DisasterCodemotion Amsterdam 2016 - The DevOps Disaster
Codemotion Amsterdam 2016 - The DevOps Disaster
 
Pivotal Cloud Foundry et Microsoft: Pourquoi? ... Et pourquoi pas?
 Pivotal Cloud Foundry et Microsoft: Pourquoi? ... Et pourquoi pas? Pivotal Cloud Foundry et Microsoft: Pourquoi? ... Et pourquoi pas?
Pivotal Cloud Foundry et Microsoft: Pourquoi? ... Et pourquoi pas?
 

Similar to Open Source Contribution Policy

Breaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullBreaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullGreat Wide Open
 
Financial Services Open Source Participation
Financial Services Open Source ParticipationFinancial Services Open Source Participation
Financial Services Open Source ParticipationFINOS
 
Rise of the Open Source Program Office for LinuxCon 2016
Rise of the Open Source Program Office for LinuxCon 2016Rise of the Open Source Program Office for LinuxCon 2016
Rise of the Open Source Program Office for LinuxCon 2016Gil Yehuda
 
Your Open Source Program Office
Your Open Source Program OfficeYour Open Source Program Office
Your Open Source Program OfficeGil Yehuda
 
Best Practices in Starting an Open Source Project for Companies
Best Practices in Starting an Open Source Project for CompaniesBest Practices in Starting an Open Source Project for Companies
Best Practices in Starting an Open Source Project for CompaniesAll Things Open
 
Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014
Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014
Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014Zivtech, LLC
 
JDA: Building an Open Source Center of Excellence
JDA: Building an Open Source Center of ExcellenceJDA: Building an Open Source Center of Excellence
JDA: Building an Open Source Center of ExcellenceBlack Duck by Synopsys
 
ProductCamp Berlin 2015: Agile Failure Patterns In Organisations
ProductCamp Berlin 2015: Agile Failure Patterns In OrganisationsProductCamp Berlin 2015: Agile Failure Patterns In Organisations
ProductCamp Berlin 2015: Agile Failure Patterns In OrganisationsAge of Product
 
Guide to open source
Guide to open source Guide to open source
Guide to open source Javier Perez
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
 
Secure development 2014
Secure development 2014Secure development 2014
Secure development 2014Ariel Evans
 
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016Mindtrek
 
Hybrid Development Workshop Presentation (San Francisco)
Hybrid Development Workshop Presentation (San Francisco)Hybrid Development Workshop Presentation (San Francisco)
Hybrid Development Workshop Presentation (San Francisco)Brian Dawson
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...Paris Open Source Summit
 
How to Open Source an Internal Project
How to Open Source an Internal ProjectHow to Open Source an Internal Project
How to Open Source an Internal ProjectAll Things Open
 
Joget workflow v3 - Software Business Made Easy
Joget workflow v3 - Software Business Made EasyJoget workflow v3 - Software Business Made Easy
Joget workflow v3 - Software Business Made EasyTien-Soon Law
 
InnerSourcing - Worldwide enterprise development teams collaboration
InnerSourcing - Worldwide enterprise development teams collaborationInnerSourcing - Worldwide enterprise development teams collaboration
InnerSourcing - Worldwide enterprise development teams collaborationJulian Werba
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
 
Robert Coop, Stanley Black & Decker - Optimizing Manufacturing with Driverles...
Robert Coop, Stanley Black & Decker - Optimizing Manufacturing with Driverles...Robert Coop, Stanley Black & Decker - Optimizing Manufacturing with Driverles...
Robert Coop, Stanley Black & Decker - Optimizing Manufacturing with Driverles...Sri Ambati
 

Similar to Open Source Contribution Policy (20)

Breaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullBreaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational Pull
 
Financial Services Open Source Participation
Financial Services Open Source ParticipationFinancial Services Open Source Participation
Financial Services Open Source Participation
 
Rise of the Open Source Program Office for LinuxCon 2016
Rise of the Open Source Program Office for LinuxCon 2016Rise of the Open Source Program Office for LinuxCon 2016
Rise of the Open Source Program Office for LinuxCon 2016
 
Your Open Source Program Office
Your Open Source Program OfficeYour Open Source Program Office
Your Open Source Program Office
 
Best Practices in Starting an Open Source Project for Companies
Best Practices in Starting an Open Source Project for CompaniesBest Practices in Starting an Open Source Project for Companies
Best Practices in Starting an Open Source Project for Companies
 
Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014
Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014
Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014
 
JDA: Building an Open Source Center of Excellence
JDA: Building an Open Source Center of ExcellenceJDA: Building an Open Source Center of Excellence
JDA: Building an Open Source Center of Excellence
 
ProductCamp Berlin 2015: Agile Failure Patterns In Organisations
ProductCamp Berlin 2015: Agile Failure Patterns In OrganisationsProductCamp Berlin 2015: Agile Failure Patterns In Organisations
ProductCamp Berlin 2015: Agile Failure Patterns In Organisations
 
Guide to open source
Guide to open source Guide to open source
Guide to open source
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
 
Secure development 2014
Secure development 2014Secure development 2014
Secure development 2014
 
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
 
Hybrid Development Workshop Presentation (San Francisco)
Hybrid Development Workshop Presentation (San Francisco)Hybrid Development Workshop Presentation (San Francisco)
Hybrid Development Workshop Presentation (San Francisco)
 
Automation and Technical Debt
Automation and Technical DebtAutomation and Technical Debt
Automation and Technical Debt
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
 
How to Open Source an Internal Project
How to Open Source an Internal ProjectHow to Open Source an Internal Project
How to Open Source an Internal Project
 
Joget workflow v3 - Software Business Made Easy
Joget workflow v3 - Software Business Made EasyJoget workflow v3 - Software Business Made Easy
Joget workflow v3 - Software Business Made Easy
 
InnerSourcing - Worldwide enterprise development teams collaboration
InnerSourcing - Worldwide enterprise development teams collaborationInnerSourcing - Worldwide enterprise development teams collaboration
InnerSourcing - Worldwide enterprise development teams collaboration
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
 
Robert Coop, Stanley Black & Decker - Optimizing Manufacturing with Driverles...
Robert Coop, Stanley Black & Decker - Optimizing Manufacturing with Driverles...Robert Coop, Stanley Black & Decker - Optimizing Manufacturing with Driverles...
Robert Coop, Stanley Black & Decker - Optimizing Manufacturing with Driverles...
 

More from Schlomo Schapiro

The Role of GitOps in IT-Strategy v2 - July 2022 - Schlomo Schapiro
The Role of GitOps in IT-Strategy v2 - July 2022 - Schlomo SchapiroThe Role of GitOps in IT-Strategy v2 - July 2022 - Schlomo Schapiro
The Role of GitOps in IT-Strategy v2 - July 2022 - Schlomo SchapiroSchlomo Schapiro
 
Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...
Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...
Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...Schlomo Schapiro
 
Want Digitalisation, have Cloud - DevSecOps Days 2021 - Schlomo Schapiro
Want Digitalisation, have Cloud - DevSecOps Days 2021 - Schlomo SchapiroWant Digitalisation, have Cloud - DevSecOps Days 2021 - Schlomo Schapiro
Want Digitalisation, have Cloud - DevSecOps Days 2021 - Schlomo SchapiroSchlomo Schapiro
 
DevOps ist normal - DevOps Essentials 2019 - Schlomo Schapiro
DevOps ist normal - DevOps Essentials 2019 - Schlomo SchapiroDevOps ist normal - DevOps Essentials 2019 - Schlomo Schapiro
DevOps ist normal - DevOps Essentials 2019 - Schlomo SchapiroSchlomo Schapiro
 
The Devops Driving School - DevOps Gathering 2019 - Schlomo Schapiro
The Devops Driving School - DevOps Gathering 2019 - Schlomo SchapiroThe Devops Driving School - DevOps Gathering 2019 - Schlomo Schapiro
The Devops Driving School - DevOps Gathering 2019 - Schlomo SchapiroSchlomo Schapiro
 
DevOps + Continuous Delivery + Cloud: The Three Drivers of Enterprise Agility...
DevOps + Continuous Delivery + Cloud: The Three Drivers of Enterprise Agility...DevOps + Continuous Delivery + Cloud: The Three Drivers of Enterprise Agility...
DevOps + Continuous Delivery + Cloud: The Three Drivers of Enterprise Agility...Schlomo Schapiro
 
Root for all - measuring DevOps adoption - microxchg 2018 - Schlomo Schapiro
Root for all - measuring DevOps adoption - microxchg 2018 - Schlomo SchapiroRoot for all - measuring DevOps adoption - microxchg 2018 - Schlomo Schapiro
Root for all - measuring DevOps adoption - microxchg 2018 - Schlomo SchapiroSchlomo Schapiro
 
GUUG FFG 2017 - DevOps for Everybody - A Workplace Strategy for the Digital Age
GUUG FFG 2017 - DevOps for Everybody - A Workplace Strategy for the Digital AgeGUUG FFG 2017 - DevOps for Everybody - A Workplace Strategy for the Digital Age
GUUG FFG 2017 - DevOps for Everybody - A Workplace Strategy for the Digital AgeSchlomo Schapiro
 
GUUG FFG 2017 - DevOps for Everybody - How the entire company can benefit fro...
GUUG FFG 2017 - DevOps for Everybody - How the entire company can benefit fro...GUUG FFG 2017 - DevOps for Everybody - How the entire company can benefit fro...
GUUG FFG 2017 - DevOps for Everybody - How the entire company can benefit fro...Schlomo Schapiro
 
OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy
OSDC 2016 - Hybrid Cloud - A Cloud Migration StrategyOSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy
OSDC 2016 - Hybrid Cloud - A Cloud Migration StrategySchlomo Schapiro
 
WARNING is a waste of my time
WARNING is a waste of my timeWARNING is a waste of my time
WARNING is a waste of my timeSchlomo Schapiro
 
SE 2015 DevOps Risk Mitigation - Test Driven Infrastructure
SE 2015 DevOps Risk Mitigation - Test Driven InfrastructureSE 2015 DevOps Risk Mitigation - Test Driven Infrastructure
SE 2015 DevOps Risk Mitigation - Test Driven InfrastructureSchlomo Schapiro
 
DevOps, Agile and Open Source at ImmobilienScout24
DevOps, Agile and Open Source at ImmobilienScout24DevOps, Agile and Open Source at ImmobilienScout24
DevOps, Agile and Open Source at ImmobilienScout24Schlomo Schapiro
 
EuroPython 2014 YAML Reader Lightning Talk
EuroPython 2014 YAML Reader Lightning TalkEuroPython 2014 YAML Reader Lightning Talk
EuroPython 2014 YAML Reader Lightning TalkSchlomo Schapiro
 
EuroPython 2014 Devops Risk Mitigation
EuroPython 2014 Devops Risk MitigationEuroPython 2014 Devops Risk Mitigation
EuroPython 2014 Devops Risk MitigationSchlomo Schapiro
 
OSDC 2014 Test Driven Infrastructure
OSDC 2014 Test Driven InfrastructureOSDC 2014 Test Driven Infrastructure
OSDC 2014 Test Driven InfrastructureSchlomo Schapiro
 
PyCon 2013 - Distributed Monitoring Configuration
PyCon 2013 - Distributed Monitoring ConfigurationPyCon 2013 - Distributed Monitoring Configuration
PyCon 2013 - Distributed Monitoring ConfigurationSchlomo Schapiro
 
PyCon 2013 Test Driven Infrastructure
PyCon 2013 Test Driven InfrastructurePyCon 2013 Test Driven Infrastructure
PyCon 2013 Test Driven InfrastructureSchlomo Schapiro
 
PyCon 2013 - Open Source Sponsoring - und den Chef damit überzeugen
PyCon 2013 - Open Source Sponsoring - und den Chef damit überzeugenPyCon 2013 - Open Source Sponsoring - und den Chef damit überzeugen
PyCon 2013 - Open Source Sponsoring - und den Chef damit überzeugenSchlomo Schapiro
 
Viele Server - Wenig Arbeit: Betriebsautomation bei ImmobilienScout24
Viele Server - Wenig Arbeit: Betriebsautomation bei ImmobilienScout24Viele Server - Wenig Arbeit: Betriebsautomation bei ImmobilienScout24
Viele Server - Wenig Arbeit: Betriebsautomation bei ImmobilienScout24Schlomo Schapiro
 

More from Schlomo Schapiro (20)

The Role of GitOps in IT-Strategy v2 - July 2022 - Schlomo Schapiro
The Role of GitOps in IT-Strategy v2 - July 2022 - Schlomo SchapiroThe Role of GitOps in IT-Strategy v2 - July 2022 - Schlomo Schapiro
The Role of GitOps in IT-Strategy v2 - July 2022 - Schlomo Schapiro
 
Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...
Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...
Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...
 
Want Digitalisation, have Cloud - DevSecOps Days 2021 - Schlomo Schapiro
Want Digitalisation, have Cloud - DevSecOps Days 2021 - Schlomo SchapiroWant Digitalisation, have Cloud - DevSecOps Days 2021 - Schlomo Schapiro
Want Digitalisation, have Cloud - DevSecOps Days 2021 - Schlomo Schapiro
 
DevOps ist normal - DevOps Essentials 2019 - Schlomo Schapiro
DevOps ist normal - DevOps Essentials 2019 - Schlomo SchapiroDevOps ist normal - DevOps Essentials 2019 - Schlomo Schapiro
DevOps ist normal - DevOps Essentials 2019 - Schlomo Schapiro
 
The Devops Driving School - DevOps Gathering 2019 - Schlomo Schapiro
The Devops Driving School - DevOps Gathering 2019 - Schlomo SchapiroThe Devops Driving School - DevOps Gathering 2019 - Schlomo Schapiro
The Devops Driving School - DevOps Gathering 2019 - Schlomo Schapiro
 
DevOps + Continuous Delivery + Cloud: The Three Drivers of Enterprise Agility...
DevOps + Continuous Delivery + Cloud: The Three Drivers of Enterprise Agility...DevOps + Continuous Delivery + Cloud: The Three Drivers of Enterprise Agility...
DevOps + Continuous Delivery + Cloud: The Three Drivers of Enterprise Agility...
 
Root for all - measuring DevOps adoption - microxchg 2018 - Schlomo Schapiro
Root for all - measuring DevOps adoption - microxchg 2018 - Schlomo SchapiroRoot for all - measuring DevOps adoption - microxchg 2018 - Schlomo Schapiro
Root for all - measuring DevOps adoption - microxchg 2018 - Schlomo Schapiro
 
GUUG FFG 2017 - DevOps for Everybody - A Workplace Strategy for the Digital Age
GUUG FFG 2017 - DevOps for Everybody - A Workplace Strategy for the Digital AgeGUUG FFG 2017 - DevOps for Everybody - A Workplace Strategy for the Digital Age
GUUG FFG 2017 - DevOps for Everybody - A Workplace Strategy for the Digital Age
 
GUUG FFG 2017 - DevOps for Everybody - How the entire company can benefit fro...
GUUG FFG 2017 - DevOps for Everybody - How the entire company can benefit fro...GUUG FFG 2017 - DevOps for Everybody - How the entire company can benefit fro...
GUUG FFG 2017 - DevOps for Everybody - How the entire company can benefit fro...
 
OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy
OSDC 2016 - Hybrid Cloud - A Cloud Migration StrategyOSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy
OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy
 
WARNING is a waste of my time
WARNING is a waste of my timeWARNING is a waste of my time
WARNING is a waste of my time
 
SE 2015 DevOps Risk Mitigation - Test Driven Infrastructure
SE 2015 DevOps Risk Mitigation - Test Driven InfrastructureSE 2015 DevOps Risk Mitigation - Test Driven Infrastructure
SE 2015 DevOps Risk Mitigation - Test Driven Infrastructure
 
DevOps, Agile and Open Source at ImmobilienScout24
DevOps, Agile and Open Source at ImmobilienScout24DevOps, Agile and Open Source at ImmobilienScout24
DevOps, Agile and Open Source at ImmobilienScout24
 
EuroPython 2014 YAML Reader Lightning Talk
EuroPython 2014 YAML Reader Lightning TalkEuroPython 2014 YAML Reader Lightning Talk
EuroPython 2014 YAML Reader Lightning Talk
 
EuroPython 2014 Devops Risk Mitigation
EuroPython 2014 Devops Risk MitigationEuroPython 2014 Devops Risk Mitigation
EuroPython 2014 Devops Risk Mitigation
 
OSDC 2014 Test Driven Infrastructure
OSDC 2014 Test Driven InfrastructureOSDC 2014 Test Driven Infrastructure
OSDC 2014 Test Driven Infrastructure
 
PyCon 2013 - Distributed Monitoring Configuration
PyCon 2013 - Distributed Monitoring ConfigurationPyCon 2013 - Distributed Monitoring Configuration
PyCon 2013 - Distributed Monitoring Configuration
 
PyCon 2013 Test Driven Infrastructure
PyCon 2013 Test Driven InfrastructurePyCon 2013 Test Driven Infrastructure
PyCon 2013 Test Driven Infrastructure
 
PyCon 2013 - Open Source Sponsoring - und den Chef damit überzeugen
PyCon 2013 - Open Source Sponsoring - und den Chef damit überzeugenPyCon 2013 - Open Source Sponsoring - und den Chef damit überzeugen
PyCon 2013 - Open Source Sponsoring - und den Chef damit überzeugen
 
Viele Server - Wenig Arbeit: Betriebsautomation bei ImmobilienScout24
Viele Server - Wenig Arbeit: Betriebsautomation bei ImmobilienScout24Viele Server - Wenig Arbeit: Betriebsautomation bei ImmobilienScout24
Viele Server - Wenig Arbeit: Betriebsautomation bei ImmobilienScout24
 

Recently uploaded

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Recently uploaded (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Open Source Contribution Policy

  • 1. The Open Source Contribution Policy at DB Systel DB Systel GmbH | Schlomo Schapiro | Chief Technology Office | @schlomoschapiro | 14.02.2019 Platzhalter für Titelbild – Hier können Sie Bilder aus der Mediathek einfügen! Placeholder for title picture – You can insert here pictures from the Mediathek! © Sebastian Scholl / Flickr
  • 3. Motivation • Image • Benefit from Open Source innovation • Active participation in Open Source community • Reduce risks and vendor dependencies • Developers • Developers want it – we want Developers • Reduce cost and effort for maintaining internal forks • Affect product direction • Collaborate on software • Get external review and improvements for own software • Simplify internal processes 3 to Contribute
  • 4. Just do it? • Legal risks • Financial risks • Compliance risks • Liability • Software Patents • Protect intellectual property • Leak internal information • Lost earnings • Lost business opportunities • Distraction • No business value Trust our employees? 4
  • 5. Learn from others https://opensource.google.com/docs/ • Creating – Using – Growing • Internal tool for approval workflow • No approval and no review required • For patches to • Any project which is a public repo on GitHub, and is under the Apache 2, MIT, BSD, LGPL*, GPL*, MPL, EPL, ISC, CC-BY, CC-BY-SA, OFL, MS-PL, Boost Software License, or Artistic licenses, and does not require you to sign anything not found on the pre- approved CLA list below, and is not on the list below of projects that require SVP approval. • Any repo for which you’ve already been given blanket approval from OSPO or used the approval form once. • Any Google-maintained open source project like Chromium, Android, Go, etc. • Snippets (<100 lines of code, especially if not checked into a repo) • Stack Overflow, bug reports, … https://opensource.zalando.com/docs/using/contributing/ • “Don’t contribute code which gives us an edge over competitors” • “Upstream code contributions are also encouraged and is a natural extension of our dependency of open source projects in our tech stack.” • “Non-code contributions … are all sanctioned and encouraged as part of your employment at Zalando” • “[Contributions] are sanctioned and does not require a review. Simply ensure that the project you are contributing to is not licensed under AGPL.” See https://github.com/todogroup/policies for other examples 5
  • 6. Design goals • Open Source Steward governs process • Contribution is a business decision • Legal and compliance requirements must be fulfilled • Line managers and product owners approve contributions • 2nd approval for „large“ contributions • Limits for approval similar to purchase order limits • Paperless workflow • Central tracking and reporting of contributions • Release early, release often • Features by user demand • Public review process • Pairworking • External feedback 6 Implementation
  • 7. Contributions Contributions and New Open Source Projects 7 Code Code Code Code Name License Check License Check Code New Open Source Project Policy version 2
  • 8. Next steps • Small contributions • Stack Overflow • Small patches • Documentation • Build Scripts • < 100 lines of code • More specific definitions for handling copyright notices … • Whitelisting approved Open Source projects for future contributions without review • Approve projects or contributors? • Code of Conduct • Inspect and Adapt February 2019 8
  • 9. Q&A DB Systel Open Source Policies github.com/dbsystel/open-source-policies DevOps bit.ly/5pdops Contact @schlomoschapiro schlomo.schapiro@deutschebahn.com Slides go.schapiro.org/slides
  • 10. Vielen Dank für Ihre Aufmerksamkeit