Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020

1. Ideas, methods and tools for OSS Good Governance assessment  Boris Baldassari  boris.baldassari@castalia.solutions  http://castalia.solutions

2. 2 Who am I? ● My name is Boris Baldassari. ● Working as a Software Engineer & Consultant for Castalia Solutions. ● 15+ years experience in the field of software development methods and tools. ● Involved in several software quality assessment projects: – Polarsys Maturity Assessment Initiative for the Eclipse foundation. – Maisqual (research). – Crossminer / Scava (EU-funded research project).

3. 3 Summary ● Introduction: Goals & Context ● What is Good Governance? – OSS Core principles: Openness, Transparency, Good practices. – Community: Diversity, Activity, Support. – Process: IP Cleanliness, Decision making, Engagement. ● Building a Good Governance Quality Model – Measurement: goals, metrics, tools. – Addressing concerns: OSS Core, Community, Process – Proposed Quality Model implementation ● Conclusion ● References

4. Introduction

5. 5 Introduction Goals of this talk: ● Nurture discussions on the topic. ● Propose a consistent semantic framework as a starting point for a proof of concept. ● Propose simple yet effective measurements, to be improved and extended. How are we to achieve this? ● Stay practical even if scope is not complete. ● Rely on existing technologies and tools for immediate implementation.

6. What is Good Governance?

7. 7 What is Good Governance? – OSS core principles Key good governance areas regarding OSS core principles and good practices: ● Openness, Transparency: the project is open to all All assets (tools, processes) are publicly available and documented. ● Ethics: initiatives and procedures set up to ensure good behaviour. Code of conduct, escalation procedures. Diversity and Inclusion initatives. ● Documentation: helping peope adopt the product and project. User guides: Readme, Getting started. Development guides: Contributing.

8. 8 What is Good Governance? – Community Key community-related areas regarding good governance: ● Diversity: People from different backgrounds and companies. Increases reliability and sustainability of the project. Founding principle of OSS: “given enough eyeballs, all bugs are shallow”. ● Activity: Amount of contributions. A direct indicator of velocity for maintenance and evolution. An indirect indicator of good governance. Its evolution over time defines the sustainability of the project. ● Support: Answers to posts & bugs, answering ratio, time to resolve.. A defining criterion for participation and engagement. A defining criterion for product’s adoption, community growth and sustainability.

9. 9 What is Good Governance? – Process Key process-related areas regarding good governance: ● IP Cleanliness: Licence checks, IP cleaning procedures. ● Decision making: how decisions are made? How PRs, Issues, Posts are addressed? Is the decision-making process publicly documented and transparent? ● Engagement: enabling and fostering participation. How the community is invited to participate? How community’s requests and demands are met?

10. 10 Existing initiatives OW2 Good Governance working group A new, active initiative to “develop and promote the usage and sharing of free and open source software governance best practices”. Linux Foundation CHAOSS working group An active community working on community health metrics. Working groups include: Common Metrics, Diversity and Inclusion, Evolution, Risk, Value. Issue with many metrics related to these areas is they often cannot be easily automated, e.g. because they rely on a human assessment like ‘how good is the getting started guide?’.

11. Towards a Quality Model

12. 12 Why a Quality Model? What are the benefits of a quality model? ● It provides a common semantic framework. ● It conveys important key information instantly… … while allowing further detailed drill-in. ● It can be put to work on real-life projects when connected to metrics. Notes: ● It must be thoroughly documented, from quality attributes to metrics. ● Several norms exist for product- and process- oriented quality models.

13. 13 Building a Quality Model – OSS core principles Key good governance areas regarding OSS core principles and good practices: ● Information: tools and associated processes are documented. Easily get access and retrieve the information. ● Openness, Transparency: tools and associated processes can be accessed. Public availability of all major project tools: SCM, ITS, CI, MLS. ● Ethics: public availability of ethic-related documents (Code of Conduct, Diversity and Inclusion Groups, Escalation procedure). ● Collaboration: public availability of standard collaboration documents (Readme, Licence, Contributing, Getting Started)

14. 14 Building a Quality Model – Community Key community-related areas regarding good governance: ● Diversity: People from different backgrounds and companies. Number of actors involved (SCM, ITS, MLS) Founding principle of OSS: “given enough eyeballs, all bugs are shallow”. ● Activity: Amount of contributions. A direct indicator of velocity for maintenance and evolution. An indirect indicator of good governance. Its evolution over time defines the sustainability of the project. ● Support: Answers to posts & bugs, answering ratio, time to resolve.. A defining criterion for participation and engagement. A defining criterion for product’s adoption, community growth and sustainability. Tooling / Metrics: ● GrimoireLab ● Alambic

15. 15 Building a Quality Model – Process Key process-related areas regarding good governance: ● IP Cleanliness: Licence checks, IP cleaning procedures. Use tools like Scancode, dependency-checker, Fossology.. ● Decision making: how decisions are made? Documentation of the governance’s model. Governance accountability (committee’s minutes, chat transcript..). ● Engagement: enabling and fostering participation. Analysing the repartition (and diversity) of activity.

16. 16 Building a Quality Model Proposed Quality Model: (From quality attributes to metrics.)

17. 17 Building a Quality Model – Report

18. Conclusion

19. 19 Conclusion ● This talk is a naïve attempt to build a workable proof of concept for OSS Governance assessment. ● The quality model is incomplete and could be enriched with New or better metrics. New key area of concerns. Better assessments means like natural language processing tecniques. ● The result has been implemented in Alambic, an OSS framework for software project data management. Check it online: https://goodgovernance.alambic.io Alambic Home: https://alambic.io

20. References

21. 21 References ● OW2 initiative about Good Governance: https://www.ow2.org/view/OSS_Governance/ ● CHAOSS Working Group from the Linux Foundation: https://chaoss.community/ ● Good Governance Quality Model: https://goodgovernance.alambic.io ● Alambic Home: https://alambic.io ● GrimoireLab: https://chaoss.github.io/grimoirelab/ ● ScanCode: https://github.com/nexB/scancode-toolkit

Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020

Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020

Recomendados

Más contenido relacionado

Was ist angesagt?

Was ist angesagt?(11)

Similar a Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020

Similar a Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020(20)

Más de OW2

Más de OW2(20)

Último

Último(20)

Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020