 Then, hello, my name is Marcel, I'm from this time from the to-do group, I would say. I tell you in a minute and I welcome you to this talk and thank you for your patience and being really, I think it's one of the latest or even the final one that we have now. But we are also glad that we got this slot because in the to-do group we prepared a guide explicitly and here is really the place to go, OspoCon for other Ospos, so we are from Ospos to Ospos, that's a little community that we started here within the to-do group Europe and we thought okay what what can we do to help out other Ospos and we had a list of topics and one of those topics was then the outbound open source. So first of all you might be a little bit puzzled because here you have Siemens on the slides, here you have someone else from another company and here I'm really presenting to do exactly today the to-do group and here the guide itself, here also all the merits to Anna and Michael Cornelius and Josep and Oliver, Oliver who wanted initially to present here but unfortunately didn't have the possibility to come here. So I'm kind of jumped in and so I'm happy that we can also present and give you the news what happened and also share the link so it's all online. So and in the presentation we will just go through the chapters a little bit so that you get an overview and also that you can judge how you can use it. So as you see I'm really one of those reviewers but I'm then also glad that I can contribute something to the community by presenting this here as Cornelius would also have like to join but he had to catch his flight so he's so this slot was just too late. It's CC by SA-40 so everyone is also then can use the stuff and also feedback so it's really meant also to be potentially it's a run-zero if you find any bugs if you have any additions then then you will come. And the agenda is very simple because in the guide we have an introduction. We have one part where we talk about contributions to existing projects so this is typically as what you start with. So you come from usage you potentially know these cascades you use it then you have a lot of developers coming to your office and say hey we also need to contribute we need to contribute then we try to compile some hints in this section and then starting an open source project so either yeah for whatever reason so we go through this also in the introduction what could be motivations also perhaps that could help you also to judge that rather within your organization. And yeah let's directly start there with the motivations and perhaps before I go through this list a motivation what could be the have been the motivation for us as you have seen all the contributors there very sad okay on the one side it's for the community a win if we can enable all the organizations to have also the possibility and do not have the same learning curve than we had but potentially we can help you with this guide to have a steeper learning curve there that you do not need to do the iterations that we did so therefore you're welcome to look at this on the one side so that we have even more organizations companies that could then join in our communities on the other side this is the second effect also for the second part of it creating and maintaining new projects because then all of us as consumers might be concerned like because if we can start them from the beginning with a high quality then we also profit all of it because then in the consumption the OSM reviews will be much easier if that's already nicely yeah formatted if we have the licenses in place and so on and we can really trust in the material so that has those two two aspects but for you as as a as an organization so there you have you might have different reasons why you want to either contribute to existing projects or say okay now we need also to yeah to launch our own project or we see a reason or ideally our business says hey that would be a good idea to really use open source as a business I think that would be one topic in our to-do group lists that we should tackle in the next month so also to approach our business owners and the budget owners so and also to get a better feeling how what what makes sense to open source and whatnot but here they're also the range of reasons that you can read here just like okay yeah the developers they do not want to maintain internal patch branches but they want to contribute upstream so that would be a very well obvious reason or motivation to do this or you have here the ideas in yeah pushing standardization or getting influence in existing or new topics building ecosystems right away and there's in the introduction you will find that's a nice compilation it's potentially not complete but yeah you have there also some some arguments potentially think about in your company for me my my favorite is the fourth bullet point on the left side improve quality and boosts developer skills by peer reveal so my personal observation there is and this is by core experts so this is what I observe on the developer side that there's a big motivation for developers because they they love to learn from seniors right and if you have really good projects and and with with a lot of seniors also as the maintainers this is really where they can grow up and learn and and evolve their their skills and I think this is something as an argument within a company say okay also for your HR so why are we not an attractive employer right so why do we have that situation I think that's something that's slowly coming as a big argument than also in the in the whole community now to the first part of the guide about contribution to existing projects so here why do we need here also to to have something here as yeah most of the contributors from Germany so we know Germany very well but also as a disclaimer none of us is a lawyer right so please also if you want to use that within your organization please also check that with you if your lawyers it's just a compilation of kind of good practices but here this is the point that in case we contribute that something it's also considered as a gift right and we do not give away what doesn't belong to us right and as an employee the employer IP doesn't belong to us right as all by these by these laws for example that everything you do in your work scope the scope of work belongs to your employer in Germany and therefore you need to well then get also an approval and this is what you need to understand because also perhaps new developer to this topic might see that or observe that yeah why do other organizations do this this in that way so this is also important and therefore I love this this guide because you can also point developers or people that want to know the background of that just point them to this and see and then they can read also in this chapter look this is what we need and this is nothing that you tell them or someone tells them but this is really now a collection that we did from other companies from other organizations that it's not a homemade thing but this is just the the environment in where we need to work in and we need to adhere to the to the law and we we need to be compliant and and that's what I observe is also something where the awareness at the developer side is is quickly rising and then they accept it and then the question is okay now how can we do that more efficient so here we also mainly stay at the what and why level but for the how level I think there we still have potential also to in the community to work on things and here's an example for example how something intro only could look like so here you see this is very interesting because if you talk about contribution developer put put would potentially think about okay I contribute to a project so I make a pull request pull request is reviewed and it's emerged to the repository right from a company perspective that looks like this and if you go from the left side to the right side you have a lot of steps that you need to go through you need to check a lot of things and you didn't do not any step here that really is the pull request to the upstream project right and this is also something you need to take into account that while you have to have this transparent to be safe not only to protect your organization and that's what the developers also need to know it's also for protecting them to have that that's very transparent and here this is what you can say okay here look this is from another company or another organization is nothing that we invented to to make you annoying but this is something that needs to be done here we have a lot of roles that need to be involved we need to check potentially contract things like that always depending on the on the situation but there are a lot of steps upfront that you need to be that need to be prepared and here we're not talking about creating a new project right this is if you want to contribute to an existing project and as this might really be a hassle or not very efficient to do that for every contribution there's also in the in the guide also a section that talks about different models that could use right so here on the left side you see wallet would all developers right for all developers you would need to go through all those steps but on the right side we see then the senior developers then have already where we have potentially already trust in them and they have a lot of experience so where you can also in your organization set up a model where you can say okay now here we can make that a little bit leaner and have a major to major release or even a full-trust model but that's also potentially depending on your management how well they want want to do this is just to do have that complete it's not the one and only but you have also flavors how you can implement that within your company or or your organization and this is also part of the guide in one section and then as I said with these internal procedures we as we are paid also by our organizations we want to protect our organization but on the other side we also need to have an eye on our employees right we need to protect them as well and this is a section that is potentially interesting because we have employees that already work potentially when you hire them they already active in open-source projects or they might find out okay they would be interested in other projects in their while they're working so yeah it's not in scope of their work so they're here in Germany the copyright act is a little bit strange so you have to be read it on your own but what I want to say is okay you need to have transparency when is the developer working for the company and therefore producing company or organization IP and when does it does he or she produce own IP right because then you need in case of that's organization IP we have seen an example you have to go through all those steps if it's the developers own IP then he can do well whatever he wants with his IP the problem is if this is very or the challenge let's say like this if it is very obvious I always take this as an example for example you have a software developer who's also in a photographer and he's in a photographer community and his work has really no overlap at all with this sharing about ideas and specialist things about photography yeah then it's very clear so nevertheless might be potentially make sense to nevertheless make that transparent but if the closer those those topics get the more you need to check that you have this transparency that you have to documentation also in the interest of the of the developer right let's say that he knows okay I that's really my IPA that I contribute to that to that project and here as you can see that you can make it very formal or not but here I would say from what you read my my main point here is really this transparency that you should have in this case in your organization and the more you can mature this process is even possible to say okay you have potentially a project that is that the developer contributes in his private time and then you might have a face where he wants to contribute in his work time and then switching back to private time so we had situations like that and then exactly there it's it's very important to say okay I have the transparency until this date it was company IP until from this day to that date it was his own IP and so on so this this is possible but you need to well keep that in mind and also have a good process and the documentation to have that transparent and so you see that's part of our learning curve right when we started this we potentially didn't think at all of this so therefore the guide could also help you to keep that in mind to if you set up something for your organization so now contribution is also something that you will need in the last in the second part about starting an open source projects because once you started that you will potentially also have your developers contributing to this but starting an open source project has then also additional yeah things you need to care of and then we thought about how to structure this and I think the guide is is used now with a very nice structure because we use the life cycle of such a project as in a chapter so here in the planning phase it will start then you will have an active phase the mature phase and then the end of life obsolete phase and so because typically well you have enthusiastic developers that just want to yeah open source something on GitHub or GitLab or whatever and I think in this case and you can also just point them to the life cycle you should also think please to host life cycle so what happens for example after the active phase when you're not there anymore and we have questions and you're I don't know promoted to a managed position whatever so who cares then about that and also then in the end of life so if really well it's gets outdated what happens then so these are all things that you need to care and in each phase you have then also specific points that you need to care of so and if you go through the guide and so I know I'm the planning phase what do I have to check or I'm an active phase what are things that I I need to check you will see in the in the guidance and so here in the planning phase some questions which need to be answered and this is then also perhaps something when typically people come to you in the in the Ospo and say hey yeah we want to open through something then well what do you why why won't you would you do this and what problem do you solve what values provide this project to others so that you please think about that first right and then the fourth point is well did you already check if this is there's already a project or a community that does this no and please please do this because in this case and we can just go back to the first chapter well then we just yeah analyze that project and improve it and then we can contribute an existing and join forces with the existing community and this is I would say high in a high the number what typically happens so if we would have really created all the projects where the people said yeah we want to create a project we would have created much much more but the fourth question typically made it right so that the first three questions typically are not answered by the developer but by your business for example or your your software strategy that credits software strategy an open source strategy where the business says okay yeah we need to create an ecosystem around something or we need to join forces with others and yeah then also as I said so here this is also going beyond compliance I would say yeah because someone needs to run this so it's not that you make a cold drop and then it's out there so you also have to check out all this you will see this in the I think it's also summarized there but in the guide about yeah what license CLA yes no DC or whatever so you have to lot a lot of yeah a kind of framework around the project that you need to to create so you can create at once but it's also it needs to be maintained and the maintenance is not for free right so if you're lucky then well it the community starts through and you can profit then also from collaborative maintenance but nevertheless it's it's good if you have a long-term funding already clarified and then also as I said also the content the ability to contribute in the first section yeah that must be there so because otherwise you will drop your code but none of your developers from the organization is ready is trained whatever so the whole setup needs to be be there and there's also in the in the guide you will find some some hints about what you need to prepare first already in the in the concept phase and then after launch this is something where you may or may not come very very quickly to the last and the last phase of the life cycle if you not have in mind that well such a community doesn't create it itself you really also need to invest not only in the code but you also need to invest in the people and marketing community management so this is also a very important point also yeah I like the last point that that Oliver entered here it's all about transparency predictability visibility appreciation so each of those points I think we can talk about very very long but if for example you just drop the code without any documentation so well it will not be very attractive for others to contribute if they're for example also very important you want to yeah contribute back back fixes and it's very inter-inspirant what happens and why it's it's not accepted things like that so therefore it's also there's a there's a people aspect in this as well so that should not be underestimated okay and so here this is the summary for I opened also the other the guide itself so here just for where's my mouse here that you can see all this is very really small I think I will I will share this later than in the talk but it's in the to-do group in the guides to do troops slash guides slash outbound OSS and here you see we have one online version but you can also here directly go to the PDF I think it was also linked in the in the description and yeah as I said we went through the chapters so the introduction chapter is also I think something worth to read for not only for the OSPOS but developers or your business that could have a look at it and then here as I said the one chapter about the contribution to existing projects and here then the starting a new project and at the end also there was a collection of well technical considerations tooling best practices and I think this is also something where we then I would expect that once you hopefully will appreciate that and and we get feedback so that at that point we can also grow the the collection of good practices then so it's a one-zero I like it to be honest and the best thing I like in it and I can really point to that and say okay this is not coming from me but you can see there's also other organizations that everyone needs to do this this is nothing organization specific and and it's yeah it's a nice compilation and now I would go to the questions if you have any yes yes the merits go to all the authors I'm just presenting that's a very good question so the question was about is there a standard for also for CLA's and we had this discussion in when we prepared this guide and we well no one was really amused from all the participants because a CLA is a contract right and a contract you need then always to involve your your lawyers from your company and and therefore we said okay would have been a dream to just have well a standard contract that's already pre approved by by all lawyers and and therefore we said no but then that somehow for whatever reason you would need this right and because we have this DCO and we thought okay perhaps we we should start also initiative to say I think it nearly everyone in Iran said okay well we would potentially not invest in this route to go wild legals and doing all this this this if the business will tell us okay there are millions if we may contribute to that project with the CLA then yes but if it's like we want to do a bug fix there you see the the cost-benefit ratio is is not there right so and if you as a as a company or organization want to really keep away organizations contributing to your projects then you make a sale a because this is really an unnecessary additional hurdle for us as I suppose to go through this because this is very very expensive a lot of effort to do this and therefore we said okay we will keep that very short at that point and rather telling okay that's the situation it will stop right and the other thing is when do you potentially have a CLA is okay you you really host something as an organization on your own and here personally I could say okay but why not go to a foundation right that already has for example a global CLA like we use a lot clips yeah so then you do this CLA check once and then you're done for all the other projects same potentially for for other foundations and then you have a neutral a neutral host right so that contributing to open-source project from another organization might also feel a little bit strange for companies like contributing in another company's repository so and as it's open source so and we have those foundations why not leveraging them so therefore we said okay you we could have really go into deep that detail but so the I think there was consensus that we just give a hint okay that exists but we see there are better ways to to handle us from the side if you start an open-source project if your company would really assist insist on this well then go for it and and check it out but I would say the best practice would be okay if I not only have already have a community where I said okay that that fits for example here and this and this eclipse or linux or a patchy community that's already there and that potentially already comes with a legal framework that is was pre-checked by your legals there must be really good good good arguments to set up all this on your own so no CLA's please yeah so the the I tried to repeat it so the teams that CLA ICLA CCLA it's also covered I think in the in the guide and then the corporate CLA is well foundation CLA is still well kind of acceptable but the corporate CLA is potentially a nightmare and so that was it was the the feedback in here but I I would say yes yeah at least from the internal checking because you really have to go through things and and potentially also legals from your organization checking with the legal from the other organization and so on and so on so it's it's really yeah it's I think for the lawyers it's good because then they have a lot of work right but if you really want to yeah bring your your topic forward then it's it's an hurdle where you really need to think about if is it really worth or or there might be reasons why that you need to protect something like that but typically we'll find CLA's in a very specific context where you need to think if if you also want to be in such an ecosystem do a licensing yeah yeah this is the to repeat that so one of those motivators for an organization might be to offer and do a licensing that I say okay I want to have a community addition I guess yeah that the community can work on but in the same time I also want to use that in the enterprise decision my products as an organization so therefore I need to handle that somehow that I get then also the right from each contributor by this CLA signed by his company that the IP from that company may be using my products and so on so this is really something you can make your own studies so the the hint here the feedback was that it's also confusing if it's based for example on existing known CLA's like the like the Apache and then modify right plus I guess your restriction I'm trying to summarize so the problem that in yeah and that's a good hint in case of a CLA made for an open source project where it's very clear what is the product right because it talks about this open source project if you use the same CLA and put it in another context where you need to define first what in this proprietary context means the product right and that might create confusion so as I said there might be easier setups tackle with and and that's what I meant so for us it's it's very clear and I think Ospo's well that's also you come to the office in the morning and say well this is an interesting topic to to work today or the next weeks yeah but then you will have the developers who says but I want to I want to contribute my bug fix it's a one-liner right so and you have fun for weeks but I want to have that fixed for tomorrow and then you need to explain all this right to a developer and so therefore I really love this as you can just make a pointer here and look here that's that's the way it be and then potentially we could have a little info box about this CLA in a in a proprietary context to that a yeah if you're done with reading then you will know why yeah potentially we will not not be able to do this in the next next days but it will rather take more days or even weeks or even months depending on and then also a lawyer is potentially not cheap yeah so it's also then the question who pays all this effort right for this one bug fix then yeah rather rather go with the internal branch in this case okay then have fun reading it and also here as I mentioned your feedback is welcome contact us also you can join us also in the to-do group so where we publish this and yeah hopefully this will be yeah there are already some guides so there we also have references to the other guys big guys because we didn't want to have overlap or redundancy so and I think that's a good start and also to to have that collection so on the one side you will have if you build up really a new Ospo for example then you can start with a specification for open chain on the what and why and then we have guides in the to-do group about how and that could be then also some something in between because we said okay outbound open source in open chain is could have been done but it yeah felt a little bit strange so there we said okay it's better to have that that guide here as an extra guide even if it's rather on the what and why then on the how level but I think it's it's a good start and hopefully it will be helpful to to many Ospo's and new Ospo's to have a steeper learning curve than we had at that time so thank you very much and thank you for joining my final talk here and yeah have a safe trip home