 All right, yes everyone is always attentive and now we're attentive and patient is the one that I really want to lean on here and we will beg much of your patients because we have slides, we have videos, we have a zoom call, we have mass chaos so bear with us because like all of us and indeed like the principles of corporate authentic corporate participation we are all a work in progress. My name is Dwayne O'Brien I am the director of open source and indeed and I'm excited to be co-panelist with you today. And hi hello I'm Alyssa Wright I help lead the open source program office at Bloomberg and first I'm here really excited to be with you. So who here has heard any talk or read anything about the principles of authentic participation? Okay just a few people which is super awesome because it means that the history lesson I'm going to try to give around them and how they came to be will be meaningful and hopefully meaningful for for everybody else. So slides are very thin in this area but in 2020, sorry have to rewind by everything, in 2020 at the last sustain event that we had attached to FOSDEM that year. We started on this journey of trying to articulate a set of principles that could be used to help drive accountability for corporate behavior within the broader open source community and if you imagine on one side of the room there is a set of conversations it's articulating what bad corporate behavior looks like. On the other side of the room there is another conversation trying to articulate what good corporate behavior looks like and we really landed on on four things at the end of a couple of workshops. The first is that organizations would make public commitments to what they're going to give back to the open source community that had some relation to what they were getting out of the open source community. That there was a TBD transparency goal that was sort of hand wavy and then we had adhered to the principles of authentic participation and then we had sort of a basic articulation of those and then the last one was that there was some public accessible way to contact someone at the organization if the company wasn't behaving according to these principles. Out of that working group then there's been a virtual working group that met over the course of the next several months. Alyssa and I were parts of that but it was primarily led by Justin Flory who took the principles that we had articulated in the room and tried to refine them down and boil them down and create a discussion around what those principles could look like. And then everything happened since 2020 that's happened but there was a strong desire coming out of that to to capture these and articulate these principles in a way that companies including our own organizations could make public commitment and I think of this as the the inverse of a code of conduct. A code of conduct describes how you're expected to behave in a project. We want the principles of authentic participation to be a document that your organization can commit to to say this is how everyone from our side is going to behave in the open source community regardless of project regardless of who they are and where they are. And so we've been working over the last several months to work to refine these within the to-do group with the intent of creating a guide that people can use both to to form their public commitment but also a basis for internal documentation. And with that I'm going to hand it over to Alessa who's going to kind of review the principles and talk about them a little more in depth. And one other I suppose addendum to the history lesson. I think in the initial sustained working group event it was a lot about corporations but the regular virtual working group had a much larger kind of like umbrella of what it means for organizations to participate in open source. And so you know Justin Flurry wasn't necessarily coming from a corporation. He was speaking both as a as a university member and a and working at UNICEF. And so you know we are Dwayne and myself and Yosef who you meet a little bit. We're coming from the corporate like entities and our sort of responsibilities as we see it in participating in open source communities. But this is hopefully a first step towards how other organizations may see that their kind of roles might be there quite the same. Maybe there are things that are distinct but we hope that this is not something that's driven solely by a corporate you know engagement but really a much like broader engagement about how organizations participate in open source communities. So with that the principles that sort of like surfaced in the discussions from the sustained initial meeting and again this is when we say 2020 we mean really like January 2nd 2020 you know it's like really a million years ago and six principles kind of emerged that are documented and it read the docs link that we'll share with you later. And these include start early don't just like show up having your answer and you know check out really recognize that the community is paramount paramount and that you know your involvement your company's involvement like in open source means that you are now the community to listen to the timeline of the community and then to listen again. Transparent motivations this has a whole bunch of different complications we were just talking about it the other day about like transparency about what you want to do also where you come from how are you transparent when there are maybe other competitors in the room and so learning like I think the nuances of like being open and honest and transparent and what might always not always be a a simple design is I think part of like one would say even the fun of participating in open source another one that's key that we see as enforcing respect at all levels and to really adhere to a community established codes of conduct and then to end gracefully I like this one a lot in part because I never really thought about it but it is so significant like you don't just come in do something and then mic drop unless that's your style I suppose but but you know your the one is looking participation means like building trust over over time and ending gracefully is like a very significant way that we have like kind of grounded these principles I suppose ending gracefully is an important part to like rounding out what we see as authentic like participation so that's like kind of the arc of these six principles that we see around what it means for organizations and specifically here companies to participate in open source communities in respectful transparent community during ways and so we put together a GitHub repo before we before we go further into that if you if you think about the the conversation that was happening in the room and sort of how we got to here we began by asking people to sort of inventory bad behaviors that you've seen from from organizations in the past right if you've ever seen bad behavior yeah so so showing up with a fully formed feature in the communities never heard of you right clearly putting your company's interests in front of the community's interests showing up without listening to people who are already in the community and and not taking their feedback and integrating it putting a lot of pressure behind a feature that maybe you need for your product but not communicating the need to the community so it creates this tension between maintainers who don't understand the urgency of what you're trying to land and for agreeing to adhere to the code of conduct publicly as a company and then ending gracefully like there are a few well-traveled stories of large tech organizations who had you know 10 20 30 developers on a project who one day decided they're just not going to do it anymore and the impact that has on a project is so significant that we really wanted to communicate you should terminate those kinds of engagements with some grace and give some ramp time and some communication to the project so that's sort of how the the conversations from the bad behaviors to the good behaviors to the principles that we'd hope would help enforce them um we didn't include this one principle which is don't be a jerk with to figure out how to do that this may be the epilogue or i don't know but it's uh you know a kind kindness space i don't know perhaps this fits under respect but like you know all of these are also under the umbrella of like we we look towards supporting one another to be like our best in these collaborative spaces as well ready yeah yeah okay so we've a couple of resources here one is a github where we're kind of been like the how we've designed like building this um um guide and it's not going to be a book um it is a short guide that is an externally facing document to be used for um both for uh people to um stand behind as well as use it for internally for their own um designs you can find that on the github that we've at least shortened here um please join us we're really interested in like a whole bunch of different stories and if um those principles like kind of uh like follow what you've seen um number two here is who are we you see myself elissa and this is dwayne um yosa pratt has been like another um who you're here from innocent in the second he's also um been a major driver of this um from the to-do group and is an aspo um at a company based in i don't know if it's based in but i know he is based in Germany and then deb nicholson um and richard lid tower we thought it was really important that it's not just a bunch of auspice like sitting around and then you know tearing what whiskey or something um we think it's really important that from the very beginning as we start early that we include um a a breath of perspective and so deb nicholson um coming from the python software foundation and you know and her many other roles and hats as well as richard lid tower who um is a major um organizer in the open source summit um as currently um part of open source collective um and is connected with a lot of maintainer communities um we we are looking for their voices um in this in the development of this guide as well and you can if you want to read more um you know there's a lot of things that you also find on the github repo but um the first link that you'll see there is the original documentation um from the um the summit um guidelines as well as the full summit report um underneath and the um that that top link underneath read more the authentic participation read the docs was the the output of the working group that justin florie was leading um and it captures a clean articulation of of the principles and maybe a sentence or so but it doesn't have much narrative to it or explain the thinking behind that um the guide that we're working on for the to-do group is intended to do just that and with the best of intentions we submitted this panel saying this is going to force us to have it done by we by the time we get to june and that just didn't happen we're about halfway through i think but there's plenty of opportunity for people to come in help us form the language around the principles as we put it together um the uh bitly link goes directly to the github project where we're having those discussions it's unfortunately about this long so we didn't want to try to cram it into into the slide there and i'm convinced like one weekend sprint we would be done we've been convinced of that for several months but each weekend something happens yeah so it will be my understatement of the year yeah um okay are you ready oh is there a question on hand it's under the to-do github yes sorry the question was is is the working project under sustain or the to-do group uh the working project is under the to-do group are we ready for videos yeah or any other questions like the questions before you meet our other guests okay they are waiting at the bit they are here alive yeah so here's the way this this will work we have uh video introductions from our three guests who aren't in the room and we'll go through and play those and then we're going to bring them into the zoom and we'll step out in the front here and just sort of cross our fingers and hope everything goes well what about the dancing but if it doesn't i might have to yeah all right so so with that feel free all right i'm the executive director at the python software foundation and i want to say thanks for having me i'm really excited to be having this conversation about authentic participation in open source uh it's something that i've given a lot of thought to over the years and had some even some sessions discussing this topic on how companies and communities can get along better and understand each other better and kind of uh really get each other's motivations a little bit better i was really gratified to see the six principles for authentic participation in open source and look forward to seeing those fleshed out and normalized across the field so um i think it's it's important to also say that we've come a long way uh one of the things that i've noticed is that a lot of companies employ core developers on key projects and that's really great they give them time within their work week to participate in meetings have conversations do leadership development in the open source communities that they're part of and that's extremely valuable my challenge to those of you in the room is to figure out how we can do that for newer folks i get why you want to hire someone who's already a core developer but i'm looking at where is the next generation of core developers coming from where are tomorrow's leaders in open source coming from and i hope that companies and communities can work together to support people on their journey to expand kind of who we think of as a potential core developer right now we have a little bit of a problem with diversity in open source still despite lots of energy and lots of great initiatives we still have a long way to go and one of the best ways that we can make the pool of folks that can participate in open source like as core developers is by creating jobs that do that pathway so that someone who's newer can be supported along to becoming a person who does participate in meetings does you know spend a lot of their time during their work day talking with other open source community members so i hope that we can get there i hope that you will be part of that work to even things out and make open source stronger and more diverse i'll be in the chat and i'll look forward to hearing from you hi i'm Joseph and i work at Ivan and i'm the manager of the open source program office over there as you can see i'm a recording and you might be wondering why somebody from europe who hasn't ever met alisa dwayne richard or that is even involved in all of these so the answer is pretty simple i believe that companies need to opt their involvement in open source projects but we need to do these in a sustainable way so at Ivan for example we contribute to several third party open source projects and it's really clear to us that these kind of guidelines are totally necessary these also means another thing that either i was meant to be writing a guide like these alone or i could join some brilliant minds doing it and obviously the choice was made i joined the brilliant minds also another thing is that alisa's enthusiasm is contagious and actually when she shared with me these are the principles of authentic participation you want to create a guide around them i said wait a minute who is reading my mind right now so it was completely obvious to me that i needed to join this and be involved in this project and cutting a guide like this one i think it's necessary for two main reasons so the first one i think it's really needed because we help we need to help create a frame where a trustworthy relationship between projects and corporations can arrive and if these two parties can work together effectively we can achieve wonderful things the open source projects will benefit from lots of dedicated developers and companies will see the projects they rely on well supported and maintained and the second one is for the employees to understand how to navigate the conflicts that arise when we put the open source projects and the community needs together because let's be frank is two do not always match and sometimes the alignment is really complicated so having a common understanding on how to resolve those conflicts is needed and i can see the work that we started with these as something much much much bigger so project governance is now helped by the call of conduct on the project so every single project around has a cut of conduct that helps build the communities around so this guide is the dual of these is a contract on how the company's employees will behave and actually also the promise of the company to keep these true and i believe that's worth aspiring to hello names richard litauer i wear a lot of different hats um been helping over the past few years with sustain mainly working on building a better sustainable open source ecosystem and i work with the open source collective on the four thousand projects that use open collective as their physical host which are open source projects and also digital infrastructure dot fund i've also been running a consultancy for the past six years or so helping companies figure out how to basically have an aspo didn't call it that but that's what i was doing so it's you know a lot of inauthentic behaviors so i think that this movement towards having an authentic guide to how to help corporations work with open source projects is incredibly timely and useful um corporate involvement in open source isn't going anywhere uh so it's really helpful to be able to sort of have a way of saying which corporations are going to try and give back and which ones aren't that helps reduce flood uh on behalf of the maintainers who work on those projects which is so useful for the projects in the ecosystem at large because then that means they can work on longer term say roadmaps or don't have to worry about uh scuppering projects or projects being abandoned later they could have some idea of like here's what's going on this corporation is investing this much here um helps with diversity um in the sense that they now have time to do that sort of things helps with more sustainable practices like giving back to dependencies in the long run if you know what your budget is for the next year or something or you know how a corporation is going to involve you're more likely to be able to say okay what can we do to make this project more sustainable long run how can we shore up the dependencies that we also depend on so that's super cool um another good thing about having some sort of say contributor covenant esque covenant between corporate stakeholders and open source is that it gives projects a way of naming shaming and more importantly praising corporate investment or corporate you know cooperation and open source right now there's just a lot of okay every corporation is going to be interacting in some way or other and you sort of have to go off of well we're going to hope they don't do x you know by having at least something that says no we're signing up for x and saying oh yeah they've honored their agreements over the last year five years super useful for projects because then it just allows them to have that security and work from a place where they know what's going on obviously not all open source projects need that a lot of them are just fine on their own a lot of them are fine with having corporate sponsors dip in and out of their roadmaps or other projects but for those projects which are good at boundaries setting which know how to interact with corporations or are able to use this to learn how to interact this sort of movement is just really exemplary of how the open source ecosystem is maturing as a whole maturity comes with all sorts of benefits so I think it's great i'm really excited to see this work move forward especially as it came out of sustain so that is awesome and and uh yeah i'm rachel atower i approve of this message so thank you apologies i wish i could be there in person i hope you're all having a great time thanks bye all right and and now we get to the potential for breaking the internet um as i'm going to turn i'm going to like physically pick this up and turn it around and hopefully give um our remote participants a view of the audience well elissa and i come and sit up in the front here hey look at that a lot of people in this room y'all they can be heard all right panelists can you hear us yes wow i don't want to jinx it but that went so much easier than i thought why don't you take the insects no i like that oh okay all right okay um um a lot of material um material kind of all over the place there's there's to be ample room for people uh to ask questions here at the end we'll need to repeat them for the panelists are you okay you're not you're not going to show up on camera we're just gonna stay out of their way um the the questions yeah yeah i've got the questions aren't good yeah way prepared um i will i will throw this one out to our remote panelists or to elissa as well why should companies adopt these principles in the first place because i asked the question i i think it's good to give people a sense of what your intention is going to be um and if you want a shorthand to do that without trying to craft your own like i wonder what they want to hear or what we should be doing um then it's it's nice to go with a no-climbing yeah i i guess the answer i would give here is is that when when we talk about holding companies accountable the next question you have to ask is accountable for what and if you don't have a what you don't really have a place to start uh and so um the idea of of getting companies to commit to a a public set of principles that they're adhered to i think serves as the starting place for for accountability without having a clear foundation it's much harder to improve and so by having people work together on the same thing it'll help us be able to figure out what works and what doesn't what authentic participation looks like and what it doesn't look like in a way that's much more managed and approachable and easily more easier sign-on by other companies in the future what were you gonna say elissa i was going to say that i think there's um this combination of a lot of freedom that having certain principles affords uh one to know how to participate like okay i know i am expected to be transparent about my motivations you know and i i can come with that um with that in mind in my you know conversations um and you know actual you know code contributions and and review and so i i feel like um it's uh it may not be perfect and we will require like iterations but i think it provides some guidelines as opposed to having a um a black box for a lot of people where you know contributing to an open source ecosystem is a much uh can be a very big space and and very far into the organization that they spend their day to day in typically actually the transparent motivations joseph i'd like to throw over to you because there's this inherent tension both in transparent motivations and in in putting the community needs in front of the company needs especially when you're representing a corporate ospo how do you think about that tension yourself for ivan yeah so that's one thing that we we usually put the community first so one of the things that we that we discuss as well and we how we decided how we want to approach our contributions to open source was not from the lenses of the company but from the lenses of the community we want to be part of the community show so we should behave as part of the community of course um the company might have some requirements or feature requests and then we need to make sure how those ones play together with the current requirements of the projects the current vision and and like where where the projects want to go and when those things match then it's then it's a match many have and then we can just go for it but when it's when we need to tweak something that's clear we need to be tweaking our internal needs the community needs of course that will make raise some questions for the company saying why then i should do this the edge is one this feature but again that's not a sustainable way of contributing to open source projects and one thing that we might be from different so coming from the company as well from organizations and corporations is that suddenly the people who want to put working in open source might not be listened to that much because we don't again transparent motivations people will think oh yeah do you do this thing because you want to listen to those or what's behind it so by by going front and clear and being transparent i think we'll have both both parts and again improving the project improves the company needs so and does it add them on that too like and it's it's interesting to use a word transparency because it's both transparency about like one's goals while working within an open source like environment but i think also in vice versa it's important to have transparency about as a corporate employee transparency back into the company about what you're what you're doing there do you know like i mean that you're you're not just plopping in like a new feature request because that's just not the way things move so but you might be building trust like you might be learning you might be building leadership like and voice i mean so there's lots of different ways that like transparency can can flow and it's not just a one way from like company to an open source project i think um you know it must circle back into um a company like understanding of how open source like works as well i just realized that our three remote panelists here elissa and myself as disembodied voices in a room you can't see us so we're looking up at you every time we're talking i i think there's 10 minutes left in the time slot and i have ample other questions but i want to throw out for questions out in the audience and i see a hand there i'll repeat the question so the the question for people on the stream and also for for our remote panelists they they like the model that we're assuring some good behavior on behalf of corporations in the open source community um how do we ensure protections that corporations won't get blackballed out of the community by malicious actors within the community itself and wonder what the panel has to say i think you had a question or comment well i don't have an answer to this but i i feel like you're like right at the juxtaposition of a really good like next stage for this um an entire uh dialogue it's like what does what i just like the the word enforcement so i'm gonna like consciously stay away from that but like you know we have these principles like how do we stand for these principles you know and um and i think that um ourselves who uh companies that like are committed to to um being these you know six uh these six things in open source communities um need to have a conversation about like what does it mean when maybe one of us are not and i think in complementary like what does it mean when you know we see uh when we see things that make it really difficult for an accompanying contributor to participate in open source community um i do think there's like more of a history of of you know of codes of conducts you know and and you know governance models in open source communities that we can like rely on on the open source side but i still think that there's a um a conversation that's like just the precipice that we need to have to have this not done because i think we can make move forward with this very far but i think for this to continue to evolve i see i see comments from richard and from deb as well go ahead richard yeah i was um frankly gonna say it doesn't offer protection that way um companies are already exposed to that sort of issue all the time what this does is it gives you a really good framework to say no we've acted authentically we here's what we said we would do and this is what we're doing and your malicious actor go away which is better than what we have right now where you have to sort of explain that long hand every time for every single company the other thing that's different about this is that corporations are not people and whatever it is in the united states um corporations have undue power in open source because they have say money that a lot of open source containers don't have and so it's important for them to in some sense have more accountability than say malicious actors in the community who can always just join run into the room yell a lot stop and leave um we have other ways of making that making those communities better like codes of conduct what this does is it helps out the long-term health of the projects and that in turn helps the corporations um because they want stable projects as well so i would say it doesn't necessarily harden that vector but it does at least make it a bit less watery i don't know i'll work on that metaphor dip i was gonna add to that that um i kind of on my other thing of like if you're hiring developers and you're going to be using open source uh that it's not enough i mean it kind of never was to just have people who could code uh you need people who can collaborate and communicate their work goals and uh communicate what their timeline is to their co-workers whether their community co-workers or in-house co-workers uh you just like i think companies just have to really own that that they are not you know hiring machines that write code they're hiring human beings that can function in the ecosystem and accomplish goals communicate goals and then set new ones based on what happened the last time so uh yeah and if and if people can't do that and it's part of the job then maybe they aren't a good fit to be employed by you anymore so a flurry of hands for other questions as soon as i asked for them so uh vinson vinnit vinnit sorry sure so um vinnit's question for the panelists and for the stream is that he appreciates the ends gracefully principle and do we have models that we can lean on or or demonstrate positive examples for what that looks like and do we anticipate friction between the community and and the company uh as as part of that process and i have a off the cuff answer and then i'll throw it off to the panelists absolutely friction it would be anticipated i think the goal but but i but i think the goal is to not experience that friction suddenly right and i think if we're going to look for a model the the model that we already use for communicating the end of life of a piece of software is a fine model for how we should communicate end of life for our involvement in a piece of software right so um knowing giving the project however many months you're going to give and that's like there's no one size fits all answer for that like if it's a if it's a 10 file javascript module your commitment is different than if it's a 10 gigabyte you know massive application right so communicating you know according to what the project really needs a amount of time for them to make a plan for what they're going to do with the project with this sudden de-investment of resources whether it's people or time or hosting services uh you suddenly can't host our meetups here anymore like whatever that is don't just pull the rug out from under people um steven i see your steven's steven's comment was uh that uh if you look at the way we end of life pieces of software like browsers there tends to be quite a lot of runway and sometimes we move those if we need to we don't always have the luxury of doing that when business priorities change like you might get a directive hey this unit has been reorged and suddenly these people are somewhere else right but the more you can communicate that with the project i think the better for everybody joseph i see your hand up there yeah i wanted to say like i agree completely what you said great and but basically when companies want to enter open source business like i will bring people to collaborate on projects they need to also plan the exit strategy something happens so uh creating a team to work on open source yeah it's a cost of the thing it needs a lot of planning and probably a lot of money as well but we need to make sure that we keep some just in case what happens when we need to stop this thing if we need to stop so that needs to be you know plan at the front so what's our exit strategy for these projects and you know there's doesn't need to be the same one for each of one but i think when we enter we need to enter with that thing in mind how and if we don't ask this question we will not have the answer and then everything will be rushed and hurried but we ask this thing when we enter it if i yeah good if i may say two things one um i was part of some of these original discussions like two years ago you know in another lifetime um and uh relatively recently newt to the aspo at bloomberg and something that i found um i found uh really interesting in this kind of like juxtaposition though i think i'm gonna miss the major point but one is is that communities are people like these projects are people you know and you sort of forget that i think when we you know drop things not gracefully you know so um i feel like the grace is really an acknowledgement that these that we're um we are a community not of like just code exchange but of people and so for me it is a reminder um all the way at the end to to keep that part a prominent in in in how we um and things and to continue to establish and um keep a priority the uh the trust that we have built as a community um as people um and the second thing is that i i feel like um again as i've learned a lot about aspo communities we we've spent a lot of time talking about like how to make everything work like you know legally and with security and like what are the tooling and the system and and i think uh richard was saying like you know we're at a space of maturity to also kind of speak about this in parallel and i'm glad it's not we're doing this you know 10 years down the line like i'm glad we're doing it you know now this i think at the beginning of an industry but like these are i feel like the um and others have used this term before as well i hope i'm using in the same you know context but like the social framework of what it means to be part of um an open source community and part of the aspo space it's like this is a lot of the art and nuance of like how do you how do you really collaborate like with with people um is like not so easy you just don't throw like i'm on you know developers into a sandbox and be like yeah let's know how it goes just just make sure you sign like the ccla okay thanks speaking of ending gracefully which breaks my heart because julia i see your hand like ready to rock it up throw it out really quick and then um we'll do our best to wrap up the the question the answers at the end my challenge for the panelists and you're gonna you're gonna love this because i already got the one minute sign and i know it was two minutes late what i didn't i'm i i did i'm gonna repeat julia's question and we each have a sentence to answer the question and i'll do my very best julia's question is given that all projects have their own norms for transparency how do you honor the transparent motivations principle while honoring the community's principles while also trying to honor your company's principles richard you've got the first answer one sentence it's supposed to more like guidelines okay that's richard's answer deb how about you yeah i think you have to you you can offer more than you uh expect and that's a great way to build trust as far as transparency joseph i will try to find a common denominator or intersection between those and when not i will try to are on the side of the community and not on the company elissa i think you have to find your own inner north and then be transparent with everybody else the choices that you've made um my answer cool uh didn't by myself nearly enough time to no no no no no i think so um i i think at the end of the day our responsibility as leaders in the open source program offices that we run or advocates for open source and the companies that were advocates is to hold the space and hold that tension between company motivations and community needs and in my professional opinion when those are in direct conflict you have to side with the community and that's going to put you in a challenging position with your employer sometimes but that's the responsibility we took on when we stepped into the role and that's my answer so with that thank you everyone for bearing with the the panel of the videos thank you remote panelists um this went so much better than i thought it would and from a technology standpoint and and thanks for coming and thank you especially to the av folks in the back who found out not too long before our talk that we had videos and a zoom and slides and we were doing everything they did a great job so yeah and please join us so you know on on the flag and i hope that we can continue to have this conversation so thank you