Presentation by Boris Baldassari, Consultant, Castalia Solutions. Abstract: While Open Source Software has become mainstream, the understanding of its key principles, from ethics and collaboration to governance and community management, is gaining more interest and attention. There is a comprehensive volume of studies and reports backing up our individual and collective experience, yet we still cannot reliably measure these characteristics, and even less clearly define or assess them. In an attempt to build up confidence and foster maturity in this area, this talk will look at the various existing models and metrics related to OSS compliance and governance, and build upon them to propose methods and tools for their evaluation and analysis. We will discuss the requirements and essential questions to ask, offer guidelines for implementation and suggest efficient ways to present results.

1. Ideas, methods and tools
for OSS Good Governance assessment
 Boris Baldassari
 boris.baldassari@castalia.solutions
 http://castalia.solutions

2. 2
Who am I?
● My name is Boris Baldassari.
● Working as a Software Engineer & Consultant
for Castalia Solutions.
● 15+ years experience in the field of software
development methods and tools.
● Involved in several software quality assessment
projects:
– Polarsys Maturity Assessment Initiative for
the Eclipse foundation.
– Maisqual (research).
– Crossminer / Scava
(EU-funded research project).

3. 3
Summary
● Introduction: Goals & Context
● What is Good Governance?
– OSS Core principles: Openness, Transparency, Good practices.
– Community: Diversity, Activity, Support.
– Process: IP Cleanliness, Decision making, Engagement.
● Building a Good Governance Quality Model
– Measurement: goals, metrics, tools.
– Addressing concerns: OSS Core, Community, Process
– Proposed Quality Model implementation
● Conclusion
● References

4. Introduction

5. 5
Introduction
Goals of this talk:
● Nurture discussions on the topic.
● Propose a consistent semantic framework as a starting point for a proof of concept.
● Propose simple yet effective measurements, to be improved and extended.
How are we to achieve this?
● Stay practical even if scope is not complete.
● Rely on existing technologies and tools for immediate implementation.

6. What is Good Governance?

7. 7
What is Good Governance? – OSS core principles
Key good governance areas regarding OSS core principles and good practices:
● Openness, Transparency: the project is open to all
All assets (tools, processes) are publicly available and documented.
● Ethics: initiatives and procedures set up to ensure good behaviour.
Code of conduct, escalation procedures.
Diversity and Inclusion initatives.
● Documentation: helping peope adopt the product and project.
User guides: Readme, Getting started.
Development guides: Contributing.

8. 8
What is Good Governance? – Community
Key community-related areas regarding good governance:
● Diversity: People from different backgrounds and companies.
Increases reliability and sustainability of the project.
Founding principle of OSS: “given enough eyeballs, all bugs are shallow”.
● Activity: Amount of contributions.
A direct indicator of velocity for maintenance and evolution.
An indirect indicator of good governance.
Its evolution over time defines the sustainability of the project.
● Support: Answers to posts & bugs, answering ratio, time to resolve..
A defining criterion for participation and engagement.
A defining criterion for product’s adoption, community growth and sustainability.

9. 9
What is Good Governance? – Process
Key process-related areas regarding good governance:
● IP Cleanliness: Licence checks, IP cleaning procedures.
● Decision making: how decisions are made?
How PRs, Issues, Posts are addressed?
Is the decision-making process publicly documented and transparent?
● Engagement: enabling and fostering participation.
How the community is invited to participate?
How community’s requests and demands are met?

10. 10
Existing initiatives
OW2 Good Governance working group
A new, active initiative to “develop and promote the usage and sharing of free and open
source software governance best practices”.
Linux Foundation CHAOSS working group
An active community working on community health metrics.
Working groups include: Common Metrics, Diversity and Inclusion, Evolution, Risk, Value.
Issue with many metrics related to these areas is they often cannot be easily automated,
e.g. because they rely on a human assessment like ‘how good is the getting started
guide?’.

11. Towards a Quality Model

12. 12
Why a Quality Model?
What are the benefits of a quality model?
● It provides a common semantic framework.
● It conveys important key information instantly…
… while allowing further detailed drill-in.
● It can be put to work on real-life projects when connected to metrics.
Notes:
● It must be thoroughly documented, from quality attributes to metrics.
● Several norms exist for product- and process- oriented quality models.

13. 13
Building a Quality Model – OSS core principles
Key good governance areas regarding OSS core principles and good practices:
● Information: tools and associated processes are documented.
Easily get access and retrieve the information.
● Openness, Transparency: tools and associated processes can be accessed.
Public availability of all major project tools: SCM, ITS, CI, MLS.
● Ethics: public availability of ethic-related documents
(Code of Conduct, Diversity and Inclusion Groups, Escalation procedure).
● Collaboration: public availability of standard collaboration documents
(Readme, Licence, Contributing, Getting Started)

14. 14
Building a Quality Model – Community
Key community-related areas regarding good governance:
● Diversity: People from different backgrounds and companies.
Number of actors involved (SCM, ITS, MLS)
Founding principle of OSS: “given enough eyeballs, all bugs are shallow”.
● Activity: Amount of contributions.
A direct indicator of velocity for maintenance and evolution.
An indirect indicator of good governance.
Its evolution over time defines the sustainability of the project.
● Support: Answers to posts & bugs, answering ratio, time to resolve..
A defining criterion for participation and engagement.
A defining criterion for product’s adoption, community growth and sustainability.
Tooling / Metrics:
● GrimoireLab
● Alambic

15. 15
Building a Quality Model – Process
Key process-related areas regarding good governance:
● IP Cleanliness: Licence checks, IP cleaning procedures.
Use tools like Scancode, dependency-checker, Fossology..
● Decision making: how decisions are made?
Documentation of the governance’s model.
Governance accountability (committee’s minutes, chat transcript..).
● Engagement: enabling and fostering participation.
Analysing the repartition (and diversity) of activity.

16. 16
Building a Quality Model
Proposed Quality Model:
(From quality attributes to metrics.)

17. 17
Building a Quality Model – Report

18. Conclusion

19. 19
Conclusion
● This talk is a naïve attempt to build a workable proof of concept for OSS
Governance assessment.
● The quality model is incomplete and could be enriched with
New or better metrics.
New key area of concerns.
Better assessments means like natural language processing tecniques.
● The result has been implemented in Alambic, an OSS framework for software
project data management.
Check it online: https://goodgovernance.alambic.io
Alambic Home: https://alambic.io

20. References

21. 21
References
● OW2 initiative about Good Governance:
https://www.ow2.org/view/OSS_Governance/
● CHAOSS Working Group from the Linux Foundation:
https://chaoss.community/
● Good Governance Quality Model:
https://goodgovernance.alambic.io
● Alambic Home:
https://alambic.io
● GrimoireLab:
https://chaoss.github.io/grimoirelab/
● ScanCode:
https://github.com/nexB/scancode-toolkit