Community Over Code

Maintaining ASF Project Independence

A key differentiator of the Apache Way versus other Foundations is our project independence from vendor control. Users can trust that projects adopted by the ASF will be governed long-term for the benefit of the whole contributor community. ASF projects are also immune from licensing changes away from open source licenses, since the ASF only ever uses the Apache-2.0 license. Even in the case of projects that get deprecated or lose sufficient community to maintain the code, the ASF ensures that all project resources will remain read-only in the Apache Attic forever.

A key question then is, how does the ASF ensure project independence? While independent governance isn’t an issue for many projects, the ASF has certainly had it’s share of projects built in fast-moving commercially successful technology areas. As companies change direction, build up marketing campaigns, and buyout competitors, their messaging has sometimes been seen as being a controlling force around core techologies – including, sometimes, ASF projects.

The ASF has several of methods to ensure independent governance in our projects, even in the face of extreme vendor pressures. While governance changes often take time in broad-based communities, these three pillars are the building blocks of the ASF’s independent ethos – and serve as a backstop to all Apache projects. I wrote about these three pillars for a recent ASF board meeting, lightly edited here.

Three Pillars Of Independence At Apache

1. The ASF Membership

Our hundreds of ASF Members are individuals (never corporations) from around the world and from all walks of life. Members are nominated privately within the existing Membership and elected annually by other individual members. Nominations and elections are based on their positive contributions to ASF projects, and their willingness to promote the public good when making decisions for their projects. A nominee’s employment or contributions outside the ASF are not a factor in electing new Members.

These hundreds of Members provide a technical and community mentoring
backbone to all of our projects, as well as a focus on our mission for
the public good. Many Members continue to volunteer across multiple ASF projects, and across various employers during their careers. Since Membership is permanent, a key cadre of Members from the first 10 years of the ASF’s history are still involved with governance and mentoring, providing a rich and fiercely independent culture.

2. Apache Project Trademarks

The ASF owns all trademarks on behalf of our project communities. The Apache brand benefits our projects and the ASF as a whole, given our strong brand recognition for independent and welcoming communities building software openly. Potential contributors know what to expect from any Apache project, and that with their contributions to the project, they’ll have a fair chance at being elected to a project’s PMC to help govern that project in the future.

Protecting the Apache brand – and the brands of all Apache projects – is a key focus of the ASF as a whole. Since the ASF as a nonprofit owns all trademarks of our projects, we have the ability to ensure that users always know where to get official Apache software products. While users are welcome to fork our code – it’s under Apache-2.0 as always – they may not fork our trademarks.

3. The Apache Board

The nine member ASF Board is elected annually from within the ASF Membership. Board elections are competitive and are based on individual Directors’ contributions to the ASF as a whole, not for outside activities and never for commercial affiliations. Since Board elections are private within the Membership, there is no chance for commercial interests outside the ASF to influence our annual Board elections, or the independent culture that our Board holds dear.

Every ASF project reports directly to the ASF board on a quarterly basis. Directors read all reports, and may have comments or suggestions for project governance when they are needed. This regular contact between projects and the board ensures that project governance is always at top of mind.

From time to time some commercial vendors have abused the ASF’s trademarks and goodwill for a vendor’s sole benefit, at a cost to the community as a whole. At other times, vendors have worked to bend project governance for their own benefit, either by hiring project contributors or by having their employees who are contributors unduly influence project direction.

In each of these cases, the independent ASF Board serves as a backstop to ensure projects are governed for the public good. While the board doesn’t make technical changes in projects (that would be silly, anyway), the board maintains Project Management Committee membership lists, and in rare cases can make corrections when needed. Similarly, the board and VP, Brand Management work to ensure that Apache trademarks are respected and reserved for the actual project communities that have done the work, not associated vendors.

The Board and our many volunteer officers’ efforts to preserve project
independence are not always visible publicly, but rest assured: Apache
projects are governed for the public good. While governance mentoring and corrections sometimes take time, the ASF board will always be here to ensure all our projects are truly working for the public good.

Community Over Code – The ASF Conference!

Community Over Code may be a blog here by Shane – but it’s also the new branding for the ASF’s own conference series! Formerly known as ApacheCon, Community Over Code events are still held every year around the world, and gather community members from across ASF projects to share their stories about communities, technology, and more.

Community Over Code EU was most recently in Bratislava, Slovakia, a truly beautiful city. I was very happy to attend after a few years of not traveling to get back in touch with all my European ASF friends. The weather was beautiful, we held one of our sessions in a grand hotel ballroom suitable for signing international treaties, and to food was wonderful for the whole week we were there. Plus, we drew in a number of other FOSS luminaries for some excellent sessions on the CRA, PLD, and other legislation – truly eye opening.

Photograph of street art in Bratislava. There is a large wooden panel on the side of a tile building; painted on the panel is a whimsical picture of a cat. Teh cat is mostly yellow, and is wearing a red and green striped shirt, and has big green eyes looking at you.

Community Over Code Asia is coming up right now in July, in Hangzhou, China. This is always a great event, truly groundbreaking in supporting local open source communities and making global connections between many ASF projects and contributors.

And of course Community Over Code NA will be back this October, coming again to Denver. I’m really looking forward to our biggest gathering of ASF people every year, and am happy to be speaking on community and sustainability topics.

FOSSBackstage Awesomeness

Meme image from Princess Bride, featuring Indigo Montoya saying: "Let me explain... no there is too much, let me sum up."

FOSSBackstage in Berlin this year was AMAZING! The quality and importance of the talks to the FOSS ecosystem was surpassed only by the interesting hallway and after conference discussions. Having recovered from jet lag, I figured I’d better start writing down all the contacts I met and collaboration ideas we thought of before I forgot them!

Open Collective Foundation Shutdown Explainer

The open source community was surprised today by the announcement that the Open Collective Foundation is dissolving by the end of 2024. Since OCF is a popular charitable fiscal host for 600 collectives (including a handful of software ones), this is quite a surprise and a large disappointment.

IMPORTANT: Open Collective has written up an excellent comprehensive guide for finding and moving to a new fiscal host, as well as a list of fiscal hosts to consider for any collectives affected.

The OCF has built at matching tool for their collectives – if you work at a fiscal host, especially a public charity, please check it out!

Shane’s Director Position Statement 2024

I’ve written many times on how the ASF board works in my past 10+ years of service. My objective now is: simplifying and improving our governance culture, so that when the next generation takes over, they will be able to scale the ASF in a way we will all still recognize for the next 50 years.

There are two aspects I will focus on in the coming year to improve this:

Making our documentation easier to read, and our processes simpler to follow for all of our communities, especially newcomers (contributors, podlings, potential Incubator donors, anyone).
Ensuring rules and best practices are clear enough – with explanations of “why” behind every rule or practice! – so that it’s simpler for our PMCs and the board to keep helping our projects grow in the Apache Way.

Our membership is an amazing resource: passionate, focused on building community-driven projects, and active in advocating our community norms in the broader ecosystem. This outreach and mentoring by members is it’s own public good, above and beyond the software our Apache projects produce. But culturally, it feels like we are doing this individually, not as a truly coherent and organized community. It’s no wonder why some projects come through the Incubator with slightly different ideas of how to work, either from different mentoring perspectives, or hard-to-understand processes.

If we objectively view our how-to documentation and compare it to other foundations out there, we generally come off the poorer, both in graphic design and in readabilty to the newcomer. While some of us have spent immense effort in building up our published docs over the years, the end result has often been inconsistent in the whole. Historically, we tend to work on docs (or information architecture!) as individuals or small ad hoc groups, not true communities that are focused on continuing to maintain systems. That’s why I love Rich’s Working Groups concept over in ComDev: working to foster a specific communities working as a group on documentation and other improvements.

The above will be my main focus – along with everything else the board does, of course:

Reviewing and mentoring PMCs, with a particular focus on keeping feedback much more focused, actionable, and friendly.
Approving our budget, keeping the organizational lights on, appointing officers, and working on finding the next generation of officers and directors for our future.
Understanding the larger landscape we live in, like finding a VP, Public Affairs to track potential legislation in the US now that CRA/PLD are in progress.
Pushing us to invest – with budget/staff or focused calls for volunteers – in our public presence, to ensure that when we attract projects and contributors, they have an easy time building healthy self-governing communities.
Signposting our long-term strategy for the ASF as a whole. While we’re here to give a long-term home to our project communities (who build our software), the board also needs to help focus some of our individual volunteer energy into specific areas and collaborative working groups.
Working with VP, Brand Management to see if what further improvements we can make either detecting trademark issues, and in dealing with potential infringements politely, quickly, and in ways that protect our reputation, and make it simple for third parties to understand what’s appropriate.
Working with the Incubator to improve the experience. This includes both making it easier for newcomers to understand how the Incubator works, and to improve outcomes, so we have a better shared understanding of how ASF projects work with all of our newly graduated TLPs.

On some personal notes, I will have more time for ASF work in the coming year; last year brought unusual $real-life time challenges for me. I am retired, and have never let employment or personal income sources influence my decisions about what’s best for the ASF. I volunteer at the ASF because this is the most efficient and enjoyable way that I can donate my time for the public good. I truly believe that part of the public good we do is by our example of community-led collaborative projects, along with our software.

Open Source help and ideas wanted!

I’ve been working on a several different projects related to sustainability and governance in nonprofits, trying to explain larger concepts and build up some worthy datasets in some specific FOSS areas. There are so many good ideas, and so little time and coding that I have to give. So I realized… I should just try asking for help!

The appeal of open source for me is that I can contribute when I have time/energy/expertise, and when $real-life gets in the way, I can step back. The other appeal is everything’s in the open, so even if no-one answers, I might as well detail a few tasks I’d love help with figuring out – or even better, building!

FOSS Foundations Metadata Directory

Inspired by the FLOSS Foundations Directory, I wantstemed to start storing some structured data about the non-profit foundations that provide services to much of the open source ecosystem. This, the FOSS Foundation Metadata directory! I’ve currently collected basic organizational data on 50+ notable foundations out there, like board size, where incorporated, links to common kinds of policies, and the like. While there are various other listings of foundations or projects out there, few are structured data and none really track the legal, corporate, and funding details I’m working on. Similarly, while there’s plenty of academic research on community governance, it would be great to explicitly quantify governance models at foundations and major projects, to help see how they differ.

For US-based nonprofit foundations, we can fairly easily get top-level finances through IRS 990 filings. ProPublica’s nonprofit explorer (yay!) makes it easy to get core 990 data, which I’ve organized and incorporated some rough finances into the metadata directory. There’s a lot more visualization we can do here: while 990 forms are high level – total contributions/total revenue and the like – they are an apples-to-apples way to compare funding and expenses of US nonprofits.

Where does funding come from? Sponsorships, mainly: I’ve also reviewed and categorized the sponsorship prospectuses of many foundations to quantify both donation levels, as well as benefits provided for sponsorship levels. Once we can get a broader cross-section of foundations around the world represented, it will be some very interesting data. And thanks to Duane O’Brien who’s done some historical research of FOSS sponsorship prospectuses!

Help Wanted!

There’s interest from practicioners and researchers alike looking at sustainability here. But we need more time in the day – or more contributors! – to keep building out both our data coverage as well as linting, visualizations, and the like. If this is a topic that interests you, please head over to the GitHub Issues page and jump in! We could use help with setting up OpenAPI for the researchers and Ecosyste.ms, as well as linting, basic visualizations, and especially helping to add new foundations and categorize existing ones in new ways. For example, we have several metadata fields for policies, including links to Codes Of Conduct, as well as where a COC link is shown (i.e., is it prominent?).

Do You Work With Nonprofit Finances?

If so, let’s chat. In another life I’m involved with a hyperlocal nonprofit news website, so I’ve been relying on ProPublica and various scraping tools to help build up some pictures of local news organization finances. While ProPublica is great for top-line fields in 990s, it takes work to XPath your way into the guts of 990 schedules. The Giving Tuesday project seems to have a magic data lake project coming soon that might solve all these issues for us – but I’d love to have alternate perspectives on how to extract and analyze IRS 990 data at small/medium scales.

Also – are you a European or other non-US country nonprofit expert? How do you analyze finances across different organizations? While US 990 forms aren’t perfect, at least they’re (reasonably) consistent, and are easy enough to analyze at scale. Are there any similar broad based ways to gather nonprofit finances elsewhere?

Welcome to Community Over Code – in Halifax!

I’m so excited to be in the opening keynote at ApacheCon – or rather, what we now call Community Over Code (COC), the conference where all our project communities across the ASF gather, learn, eat and drink together, and maintain all the personal relationships that truly build communities. For many of us who’ve been working on ASF projects for years, this is truly a conference where we spend time not just with our friends, but folks who have become like family to us in our communities here.

If you’ve never been to an ApacheCon in the past, it’s not like your traditional tech conference. When we rebranded the conference as Community Over Code, it was intentional – because the point of our events are the people. So much of open source work is done online, without direct human contact. ASF events have plenty of technical content, but the real value to the ASF as a foundation are the personal connections people make and strengthen, and the community building that happens. That’s also why we always have a number of non-technical tracks, like Community and Sustainability to really help our contributors better understand how to manage their own communities across the ASF.

I’m doubly, no, triply excited to be back at COC after the long lonely days of COVID in the past few years. It wasn’t just the excitement and learning that I find at ASF events; it was missing all of my friends and family. While many conferences have hallway tracks and evening events, the strength of community in many ASF communities means something different. There are so many different relationships we each have in different projects, and so many truly strong friends to be found here. And it’s not just the folks you have drinks with after dinner; it’s all those people who have become friends in real life, outside of technology – all the people who say “Hey, I’m vacationing in Boston, are you around?” and I get to host them.

For those here at COC, I’m excited to meet you (or see you again, dear friend) at the event. I’m easy to find, I’m wearing a Hawaiian shirt. For those not at COC this year in Halifax, we’ll see you in Europe next fall!

For more about the event named Community Over Code, head over to the .org domain!

❤️

ApacheCon Wants Your Conference Talks!

Are you opnionated about Apache projects? Do you like great tech conferences with no commercial puff pieces, just focused technical and community content about real projects? Do YOU have great things to talk about your project at the ASF?

Submit your talks to the ApacheCon CFP now! CFP is ending in just two weeks, and the conference will be 7-10 October in beautiful Halifax, Canada.

Wait – did I say ApacheCon? Oh, sorry! ApacheCon is now called Community Over Code – The ASF Conference. To better reflect the emphasis ASF projects have on active communities, the ASF’s annual conferences have rebranded to the slogan for ASF processes overall: Community Over Code.

This year, Community Over Code will feature four days of sessions, with tracks focusing on Search, Big Data, Internet of Things, Community, Geospatial, Cassandra, Financial Tech, and many other topics. Each evening will also feature Birds of a Feather (BoF) sessions, where communities will have an opportunity for free-form discussion and planning around our various projects.

I’ll be attending and hopefully speaking at Community Over Code this fall, and hope to see folks there – it’s been a long few years of travel limits due to the pandemic. I’m really looking forward to spending time with my larger ASF family again.

Just a reminder: this blog at a .com domain is Shane’s personal content. The ASF’s official conferences can now be found at https://communityovercode.org/. I’ve worked with the ASF’s VP, Brand Management to ensure that we can each continue to use the Community Over Code phrase in complimentary ways to each other.

I hope to see you in Halifax this October!

Where is sustainability for individuals?

I’ve been reading papers on “sustainability” frameworks of shared definitions, and was struck in many of the sections on Stakeholders. We think about the various FOSS projects, about the big industry players, about the rest of the user base commercial companies, and even about public policy. And yes, we do talk about “pay the maintainers”, and there are several organizations solidly devoted to that problem.

But what about volunteer individual coders as a class?

Much of open source contribution is done in small chunks by individuals “scratching their own itch” to fix a bug or add a new feature they happen to need. While some of this is done in conjunction with a job or a college class, some of it still done just because the coder wanted to get it done, not necessarily to get paid or a better grade.

A poor definition of this class is “everyone who’s contributed to open source without directly getting paid for it”, which doesn’t help much, but does give perspective on the scale. And most people working in software are likely to go back and forth from paid work to some kind of volunteer work (either piecemeal fixes or as part of a larger effort) many times in their career.

How can we classify all these individuals?

Software industry career workers, who will likely have many different roles in a career. They may sometimes lead projects, and often will make significant investments over time. They may often have a holistic perspective on FOSS components in relation to their business, so often are very conscious of what they open source, and what is proprietary.
Software industry-adjacent workers, who will work on specific bugs or features their industry needs from time to time, but primarily focus their work on custom features internally (i.e. possibly not contributions).
Academic, scientific, and policy/government workers who build software. When they open source something – depending on institution policies – they are more likely to be careful to ensure an entire package is included, so that their work can be easily reproduced elsewhere.
College and high school students looking for learning opportunities or connections in industry. Only part of the driver here comes from curriculum; much of the drive likely comes from where the students first feel they can make contributions and get some feedback or recognition.
Hobbyist hackers who have a passion for their work. Yes, they still exist, although it’s certainly a rare individual here who truly drives an entire project these days. But where hobbyists show up, they can be an important part of maintenance and quality control. Hobbyists are likely software industry professionals who truly do open source at night, separately (in some cases deliberately) from their day jobs.
Who am I missing? I know there will be a handful of other sub-groupings that could be useful to consider tracking.

What messaging can we use to encourage individuals?

These groups are obviously quite diverse in other characteristics, and include millions of people, so it’s difficult (except perhaps in public policy spheres over years) to directly influence them. But we certainly need to include this concept in discussions about sustainability.

One potentially practical task is to find ways to promote messaging that can continue to inspire newcomers to open software (or science, or government!) that yes, it is important they contribute, even in a small way. Helping FOSS organizations, projects, and communities find even slightly shared ways to both be friendly, to explain how to do things in their world, and to provide the general encouragement to newcomers seems like a useful practice area to help nudge the actual FOSS world into better sustaining itself.

What’s sustainable in open source? Questions!

Reading about open source sustainability the past few weeks, I’ve been trying to find some pithy and useful quotes to start building out my FOSS Sustainability website. I started with a listing of the obvious resources – key funding sources, some overviews about how governance and funding mesh (or don’t), and the like. But between reading industry blogs and scratching the surface of research papers on sustainability, I haven’t found great answers yet. What have I found?

More questions.

Sustainability as a concept around open source projects and communities is such an overloaded idea that I’m having a hard time finding a specific place to start. So instead, let’s start with a list of some focus areas and questions to ponder, in terms of what perspective or audience we’re starting with. Thankfully, I’m also finding out many other folks are in the same boat, and are working on figuring out how to define this in broader, more useful ways.

Who is our primary focus?

The obvious group are “Pay the maintainers”, individual coders managing widely-used independent projects. The flip side are enterprises – who might pay for the projects they use, and various funding organizers: either grantmakers, collectives working on pooling and releasing funds, or even simple sponsorship buttons you can put on your repo.

The other kinds of maintainers are in community-governed, foundation-based, or corporate-sponsored projects. Plenty of projects are written by a combination of paid employees by one or more leading corporations, plus a constellation of individual coders or smaller companies.

The enterprise perspective is an entire universe of it’s own: often the people who understand the value of software they use are disconnected from people who control funding or strategy in a company.

Governments, NGOs, standards bodies, and the like are another universe of people concered about sustainability. Their perspectives are starting to get broadened by the growning research about both FOSS software impacts, but also risks, security, supply chain issues, and all the other news we read about lately.

Oh, and of course end users. Where do they fit in with sustainabilty? Does the average user even understand they’re using open source inside whenever they touch a smartphone or computer?

What kinds of sustainability do we mean?

How do we keep open source software secure? Heartbleed’s giant security scare eventually turned into Core Infrastructure Initiative, a foundation to help fund quality and development of OpenSSL. But what about security across the hundreds of other critical projects used everywhere?

Are we concerned with keeping certain kinds of projects alive and self-managing and making bugfixes? Or are we concerned with the core infrastructure bits that everyone uses, and keeping them as solid upstream projects – instead of one particular vendor simply making all the fixes to their version, which becomes the de facto one most folks use?

How about long-term sustainability of the code itself, physically? How long are archives guaranteed, will they be findable, include history and releases?

How about keeping tooling current to today’s versions of other software bits in the dependency chain? Is there anyone around who can even recompile Tool X that uses frequently updated Dependency Y to ensure the binaries work correctly?

Of course all these questions might be changed subtly depending on the programming languages, and how projects are architected – or documented. The kinds of long-term tweaks to a UNIX utility are very different than a bit of Java middleware.

Does money come into it?

It’s more difficult, but you can find ways to make some projects sustainable without throwing money at them. But in most cases, we need someone to make a financial investment. And while sharing code has zero cost across any sort of boundaries, sharing financing and legal relationships (of employees, contractors, service providers, or whatever!) have significant costs – and lots of asymmetry in terms of knowledge and capacity to manage transactions – or even know they could ask for transactions (or some funding).

Which organizations are we considering?

Software companies (who build something related here) behave differently than other companies. Enterprises have very different resources and constraints than midsize or smaller companies. What about nationality and local law factors in how companies use or maintain their software dependencies?

By now you can see my theme: each of these general topic areas has a whole host of sub-topics, many with very different concerns even when they might seem similar. And of course the real world is a matrix of matricies of relationships between the who, the what, the money, and the how.

Feeling a little overwhelmed? I’m right there with you. Thankfully, that’s one of the exact questions some smart folks are thinking about right now: how can we define “sustainability” with some concrete concepts and shared terms / categorizations that we can all understand and agree on?

We’ll see! But I’m meeting some people that are making this very, very interesting to work on!