3^rd Party Outbound OSPO

Outline

• Extrospective OSPOs
• Objectives
• Lessons Learned
• Why?

Extrospective OSPOs

Inbound vs Outbound

Outbound

• Policies around creating OSS
• Promote adoption of own OSS
• Governance
• Code production

But what if…

The projects the OSPO contributes to, belong to a 3rd party organization?

Meet Aiven's OSPO

And more to come…

Some Aiven's OSPO: Facts

• Around 10 people
• Organized in chapters
• Distributed
• Growing phase
• 1 year old!

Principles we run with

• Community first
• Be recognized
• Be transparent
• More than just production of code

Consequences

• IP owned by others
• Little to no control over backlog
• No control over timings
• Collaborating with competitors?

Objectives

Given this…

Would you consider it a risk if one of these modules was maintained by your developers in their free time?

Why are we accepting it when it comes to open source?

We want:

• Critical infrastructure actively maintained
• Projects not depending on a single company or organization
• Diversity of opinions
• Relieve workload of current maintainers

Mission:

Ensure the sustainability and secure the future of the Open Source Software infrastructure used.

Lessons Learned

Hiring

Hiring

Pool is smaller than you think.

How many committers are there?

Hiring

You'll need to hire talent where they are!

Hello multiple time zones!

Hiring

Programs to promote OSS contributions internally

Plankton Program — OSS Contribution = €

Developer traits

Developer traits

Forget about quick turnarounds.

Code, release, observe, fix, release.

Developer traits

Self driven.

Developers should know how to prioritize their work.

Developer traits

Can understand community needs.

Developer traits

Resiliency

Lots of proposed changes will be rejected, and not always because of technical reasons.

Management style

Management style

Areas of impact are limited.

Timing, responsibilities… Suddenly, these are external.

Management style

Not the expert in the room.

Management style

Enabler from the side line.

Performance metrics

Performance metrics

You don't control a substantial part of the process.

Merges, releases, reviews… All these do not depend only on us.

Performance metrics

Internal time scales are arbitrary.

Performance metrics

We came up with:

• Number of issues worked on
• Number of patches reviewed
• Community engagement (blog posts, mailing list, talks)

Why does it matter?

More than money

Monetary donations solve massive problems in OSS projects.

Maintenance burden is reduced only with more people.

Scalable solution

More extrospective OSPOs = More OSS developer mass

More secure

It's not only about preventing incidents, it's about being able to react fast.

Everyone should have one?

NO!

Every company who could afford it should have one extrospective OSPO.

Let's build shared OSS projects, together!

Further information

• Aiven's OSPO, a year later
• Contributing.today: Do you even OSPO?
• How to convince your manager to start an OSPO
• Aiven io

Thanks!

Questions!