 Welcome to another OpenShift Commons transformation Friday and today we're going to talk about something that's near and to dear to my heart around open source collaboration and we have with us Emma Irwin from the open source program office at Microsoft, formerly from Mozilla. And what started this conversation was a blog post she worked, she wrote and posted back in early September around weaving safety into the fabric of open source collaboration. And if you know me, a lot of the work that I've been doing around OpenShift Commons is trying to create spaces and give away the podium and make sure we have inclusive communities here at Red Hat and in the CNCF and other arenas and foundations where we work and Mozilla and Microsoft have been, you know, places where we've touched and interacted with and collaborated with in the past and the work that Emma's done has been instrumental and bringing some of this this conversation to light and to making sure that we have some good pieces of documentation and good practices for open participation. But safety is always an interesting topic. And I'm just going to have Emma talk a little bit about the gist of what was in her blog post and maybe for 10 minutes or so from the comfort of her car where she's stationed right now and in doing all that. And so Emma, how about if you introduce yourself, give us a little bit about your background, how you came to Mozilla, how you ended up over lovely working over at Microsoft now. And we'll just talk for about 10 minutes maybe. And then we'll have a conversation about this topic. Sure. Thanks so much for having me, Diane. It's a real honor to be here and to be talking about this particular topic. Thanks. Thanks for the invite. And yeah, so hi, Emma. I, as you mentioned, started kind of this journey around our topic area at Mozilla, but being a part of open source for probably 15 to 20 years, I started off my career as an engineer. So I really just followed my kind of curiosity around how things were made. And as I became more advanced in my career and hit kind of those glass ceilings, I really looked at open source as a way to learn more skills that I maybe didn't have the opportunity to my people. Specifically, I always mentioned Angie Byron from the Dribble community was someone that inspired me early on, that I was able to go into communities and learn and build new things was really cool. So open source really was a venue for me early on as an engineer. And as I became like more enamored as part of that experience, I started to also teach others how to get involved. So that became sort of my transition to Mozilla in empowering others to be successful in open source projects. Of course, the thing that became really central to my work, especially around diversity, equity, inclusion in Mozilla was, you know, how do we make sure that open source is actually open? And for me, that means that it's actually inclusive, because you cannot decouple inclusion and open that for me, they're the same thing. And so I, you know, worked on community and open source at Mozilla for a number of years, and had the opportunity during that time to also witness the transition of organizations like Microsoft, who started to have open source program offices, who started to invest in open source and recognize their ability to change the world and innovate. I became, I really saw the transition, especially for Microsoft in that space. And when they hired Stormy Peters a year or so ago, I really started to pay attention. And that became, you know, kind of the next place I wanted to be and to contribute. And I was lucky enough to have that opportunity just starting recently. And that's how I got to where I am now. So one of the things that you focused on in this article that really struck me was this concept about why people who are participating need to feel safe and supported and empowered in their roles. You know, I love the line there and sort of the four areas there. And if you can talk a little bit maybe about these four areas and how you see that playing out and what guidance and support you can, we can as community managers and Ospo's and places can, what we can do to ensure that we are delivering on these promises. Yeah. Yeah. So I think, first of all, like maybe historically or in the beginning in OpenTot, enforcing Rx or Mozilla, Mozilla's case of forcing their community participation guidelines was sort of fell on the shoulders of the community manager or like whoever happened to be at the helm of no maintainer role. And something that I started to see was that actually this was an unfair burden basically on those people, especially if they weren't experienced in open source or the, you know, there's things they hadn't, you know, you hadn't don't learn necessarily in engineering how to, for example, help someone who's threatening self harm like that just isn't part of engineering 101 and maybe it should be. But and so I started to have conversations across the organization. This is really, I guess to answer your question is that I think partnerships are key in organizations. And when I say partnerships, I mean like, you know, the engineering is talking to HR and HR is talking to legal. And you know, there's this this circle of understanding about what the problems are that that staff are facing. And of course, contributors and community are facing. And then to strategize how we might best solve those things together. So safety is so these are the four areas of risk that we identified where safety privacy, legal and brand. And in some ways it felt kind of like, like, the empathy seemed to be missing by categorizing them as risk. But actually, that's a really, I found that was actually very, very empathetic to think about the ways that people might be harmed. And the organization as a term might be harmed. So safety is definitely, you know, whether we're in our physical spaces or online, like safety, and that's psychological perceived or otherwise, right? So sometimes people get caught up in, Oh, is that actually going to happen? Are they really going to get dogs? But, you know, so that's a part of safety as well. Privacy, of course, in when we're, you know, taking reports from people or we're storing data, you know, since like data classification and, you know, like privacy is something that that permeates all different areas of work. Legal, of course, is, you know, applicable laws. For example, you can't have, you can't report sexual harassment in a digital format in India. Like there's like these really like interesting laws and also anonymous reporting is not allowed in somewhere like Denmark. So understanding all these different things that can be risky is the legal category. And of course, brand is like, you know, if you're not handling, you know, your complaints and you're not supporting your staff, well, they might just take that narrative outside your organization. And that's, you know, a huge brand risk and, you know, hurtful to the people that are actually doing a really great job within those organizations. In conversations internally with companies, that brand is usually the thing that comes up. And that's the thing that on boards them into paying attention to this space. You know, it's like if they think something goes awry, it's like badly on your brand. And then you can get your corporate management and other teams involved in doing better partnering, better education. You touched on something earlier too about the role that we normally in open source projects, the role of the community manager, especially in the past historically, and it's still true for a lot of projects, it's lands on the maintainers, the folks who are leading the project and the engineers. And I think what we're seeing in the arc of open source community development is this understanding that the maintainers maintain and that for the most part, if they're maintaining from an engineering perspective, doing code contributions, you know, roadmaps and, you know, figuring out the technology innovations, that there's a new role that's sort of emerging, I think now in projects where non-engineers are becoming part of steering committees to bring in new mechanisms to the projects to allow for end user participation, the folks that are doing community developments to have a voice in what is the management of the community side, maybe not so much the code side. So I think in addition to all of the partnerships, are you seeing this as well over at Microsoft and at Mozilla, this sort of changing of the guard of who is in charge of community or who is responsible for making this new people coming in? Yeah, so I think definitely involving all, you know, I do see the transition in open source more broadly at Mozilla and I'm starting to learn at Microsoft, so I can't speak too much there yet, but that there is this like empowerment of all, you know, all backgrounds and all contributions, that's what you're doing yet, I think that there are different roles for people in an open source project and that recognizing the importance of other roles, we talk a lot about like the easiest way to get a contribution is maybe to on board to write documentation, but we also now are seeing, and I talk about this extensively in other places, the rise of end users participating side by side in open source projects. I was just talking with the metal cubed folks and though it may have sprung from the head of Red Hat, like out of some whatever vendors head and got put into the sandbox over in CNCF, it's now really folks from Erickson, an end user community that's driving that project, so the engineers, so you have this other thing too that's happening I think around who's participating and the brand piece of this, which I for some reason I'm stuck in my head right now on that, is that not only is it our brand, but now that our communities are so closely tied with our end users customers, we have to even make more of a focus on making sure that our communities are open and inclusive and we don't mishandle or worse off not handle any issues that might arise because that could be simply the easiest way to lose a customer as well, not only just this, so I think one of the things that has been a challenge for me is getting, and it shouldn't be, it isn't really at Red Hat, but at lots of other startups and places that I have worked at, getting the company on board at resourcing this aspect of community management. Yeah, 100% to everything you just said, and I know especially at Microsoft, putting developers first and our users first is central, so 100% to everything you just said and that building those safe and inclusive places of course directly aligns with that, 100% what you just said. I think the question is how do we get organizations to recognize that? I definitely, I found that was one of my biggest challenges at Mozilla initially was think it's important for people to be safe, right? No matter what their role and open source part, everyone will nod and say it's important that everyone feels safe and feel inclusive, that's hard to get, and what is hard to get sometimes is those parts of an organization or company to go, oh, that's me that should own that, right? Or that this isn't something that can just be a nice intention, but it has to have, for example, safety at Mozilla, we had a safety group that didn't have a DRI, like a directly responsible individual for a little while, and so what that meant was, yes, there's all the people from Info Security and HR that had the skills and capabilities to support somebody who was, you know, in some way threatened, but if it happened on a Saturday, for example, right, like without a DRI then there was a chance, I mean it didn't happen, but there was a chance that we might fail someone. So I think storytelling is probably an important part of that, getting people to recognize that sometimes things actually have to happen, unfortunately, to change those hearts and minds, but yeah, good journey. You touched on a part of it too that's actually interesting to me is the HR side of this, so in the past, I've been like in open source events or just tech events, there's been these huge conversations around codes of conduct, because you can put a code of conduct up there on your page, you have these wonderful words, but one of the conversations I've had in the past is that don't put it up there unless you can act on it, right, like unless you let the DRI piece that you're referring to, but if it's just words on a page and there's no person who's going to take responsibility or action or follow up on it with the right skill set, then that's almost worse than nothing, right? Yeah, it's super dangerous. I mean, I did a survey in 2017 that kind of informed some of this work, and one of the questions that I asked was, and we surveyed over 240 different open source projects, and we had like 75% of those who opted into the survey were themselves in underrepresented groups, so we felt like it a good segment. We just asked a simple question like do you think the code of conduct in your community is enforced, and do you trust? And we saw even among those, just generally speaking, only 50% of people thought their code of conduct was enforced effectively, and effectively is kind of a word that I maybe would have changed, but anyways, and then of those who were under represented, it rose to like 76% didn't believe it was, so whether it actually was, the fact that that many people, and this is 2017, so I'm hoping that that has changed since then, you know, didn't have that confidence is alarming, right? And to your point, yeah, that I think it's great that a lot of people threw up code of conducts when, you know, but the enforcement piece is really critical and to your point, having it there and not enforcing it is actually dangerous for folks. Yeah, I've seen, you know, and I've probably been guilty of it in the past too, until I, until someone called up on the phone and said, this happened to me, and then it was on me to figure out how to do that as the person who was hosting the event. So that was, you know, that's been, that was a bit of an eye-opener too for me, and enrolling, I think the success factor for us was enrolling a partnership with HR, and just making sure that, like whether it was us, the event organizer or the community manager organizer or development person, having prior to the event or prior for the launching of the community a conversation with HR about what will we do if someone reports, right? That, that the workflow even to get it down to breaking that down. So if we put an email here, who is going to answer it? Who is doing that? And I, and I think since 2017, we, I am probably a little bit prior to that, we've seen the HR involvement and the ensuring that there is like a, you were talking about the safety committee, there is a group who are on standby for if this happens. Hopefully nothing happens, but there is actually like a body there. I think that is one of the key things I think that was it. And the other part that has always been an interesting conversation is working with our corporate legal teams, because then there's you're taking responsibility for ensuring the safety. And that, that maybe it's that word ensuring, right? That you will, you're taking responsibility for it. And for companies and organizations, whether they're vendors like us that put on these events or CNCF foundations and Linux foundations, put on these things or Mozilla, that's, we kind of understand that, not all of us, but most of us understand we're taking that responsibility on. But now as we see more end user organizations and corporations coming on to that, maybe they're not the size of Apple or Salesforce, they're smaller companies that are coming in and creating open source projects. They might not have had this conversation yet with their legal or their HR team. And so everybody is at different stages in the spectrum. And as we see this, what I keep referring to as this huge rise of end users, you know, if we look at Uber donating lift and lift donating code to the CNCF or Envoy or Open Tracing in Yeager or Spotify, some of these are newer companies. So they hopefully come out of the startup Silicon Valley for you. But there are some stuff that's coming from older companies, telcos and stuff like that, where they don't have perhaps as strong of as an Ospo culture or support network internally to the company. And you see this, I see this now in the rise of open source program offices or things similarly named inside of our end users and companies as part of almost as part of the digital transformation arc, you know, as they get at being taking on all of this stuff, what we're also bringing to them is this culture and this structure structures for doing more participation in open source. And so that's been part of a lot of things. Can you speak a little bit to what you've seen in that space? So just one thing, if you scroll down this blog post, there's like three circles, there's like two green and one gray, that'll help me speak to the thing a little bit later. I think, I mean, I think if I understand your question, it's really about getting those partnerships to happen. Is that, is that the? Yeah, what should people be doing inside of their internal? Yeah. Okay. So I'll just say like aside, I think it'd be amazing at some point if organizations like Mozilla and Red Hat and others should get together and produce data, because I mean, of course, there's nothing like data to get people to get on board, right? So initially when I worked on the, on our HR partnership internally to Mozilla, you know, what I brought them was like a year's worth of data to talk about, okay, so here's how many cases we've handled as like the community focus team. Here's how many of those were staff requesting support, right? So they're staff going, you know, normally I can deal with this, but I don't know how to deal with somebody who's threatening self harm, you know, or this person's getting into my DMs and being really creepy. I don't know how to, you know, like really like themselves reporting, actually, right? Like there's not always this recognition that the community managers felt like they're trying to solve other people's problems, but at the same time, they're also experiencing, you know, different levels of trauma or upset. And so I brought that data like something like 55% of the people reporting are staff, right? So that's, that's a number that HR and, you know, HR your roles to support staff. So that was really sort of helpful in the narrative. And I give them a couple stories about what, what those types of, how those played out. So I think that that approach is really good. If you don't have data yet, then this is why I was thinking at some point it'd be awesome if multiple organizations could get together and do some of that storytelling. Maybe we're at a threshold now where, you know, the privacy of those folks involved wouldn't be threatened, of course, but anyways, that maybe that's a little bit of, I've heard that in our, we have a DNI and open source telegram channel that folks are also more than welcome to join. It's like a bunch of different open source communities if you're not already part of it. And that's, is something that's come across. So, you know, so to get those partnerships, definitely data, definitely showing what other organizations are doing. And, you know, one mistake that I made or that I found was a little bit didn't work is trying to make it like call it a strategic partnership or make it sound like a really weighty thing that someone had to add to their board clothes. Instead, something like these three circles that I've, that are on the screen here, breaking down like with each department, you say yes, right? It doesn't have to be in like a big set of okayers or something. And so this was, you know, employee support, you know, was going to cover that, you know, if an employee reports that they're going to acknowledge the experience, they'll talk to their manager, the manager might need coaching, you know, let the employee know what they'll do and the resource for support. And they'll also invest, you know, cover the investigation. That's actually a whole skill set, right? Like, you know, we can go and look into things, but I've discovered, you know, there's a whole probably set of talented people in your organization that were trained in investigation. So that's also something that that I proposed the HR department did. And then offering our support, as far as a community team or those focused on external contributors, it's like, you know, we can work on system, disabling systems, communication, we have templates, we have like our consequence ladder, which shows, you know, how you can assign a consequence and really like making them feel supported at the same time as asking them for support, I think is critical. And then again, just not making it sound like a big weighty thing that's gonna, you know, because especially I think in the current economy and everything, you know, making it sound like you need resources is just like a bad idea altogether. So that was nice. I think it's interesting too because you and I have probably both been in community management and community development for a long time. And both of us were previously software engineers on other projects. But we didn't maybe, and most of us who are engineers, when someone in community management says, Oh, we need to put this into place, it on top of your engineering role. Yeah, that's also like a huge ask. So it's interesting. It's like balancing it out. And these these systems pretty much inside of every company should exist already. There are experts in this at your company somewhere. And so yeah. And but I think that like for a lot of new projects, it's the beginning awareness that this has to be part of their thought process too. So a lot of the focus that we see in new projects that that arise and there are like, you know, a million plus GitHub repos popping up now out there. And so every new thing is we tell them they need to have a license in place, you know, pick your license, you know, have some open governance, you know, do these, you know, make sure you have a contribution ladder. So people know how to become what the road is from newbie to maintain or make like all of these things. And we're really good at that. And like, I give a huge shout out to the CNCF contributor strategy, say again, Paris Pittman and Steven Augustus and Josh Burkus are doing great work around that. But this is another aspect that we're putting on open source projects, especially, you know, and part of the reason that there is a benefit to joining a foundation, because they have this infrastructure in place, and they can add that to your your processes. So the burden isn't on the, the engineers or the maintainers or, you know, the people who are the end users of these things. So, you know, I might not have been always the most vociferous supporter of foundations in the past. I think who listen to me might hear me rant and rave about that. But the price that we as vendors pay for memberships and everything else supports bringing that this sort of these sorts of infrastructure and support systems to your projects. So that's another aspect that people don't really think about what foundations are bringing. So I and kudos to them for doing that. And then, so if you're in a in a foundation, look to that foundation to see what their processes are. If you're in a large company, or even a small one, talk to your HR folks, and find out what already is pre existing, and what they can help you with. So, my, my, go ahead. Employment legal. Sorry. Employment legal. I just add on to HRs was one of my biggest allies in telling that story. Yeah, I think that here at Red Hat, we have some amazing Richie Fontana and a whole bunch of other folks in the Red Hat legal department that have years and years of experience with these things. And not so much with this side of it, but with all of the legal stuff and their they the storytelling that they could do after, you know, some of these people have been in these in this game at Mozilla and Red Hat and IBM and Microsoft and other other places. There's a whole lot of experience. So you don't you're not you're not reinventing the wheel here. And that's I think what I thought was so nice about this blog post was it really kind of mapped out where we you know where we were coming from what what we could do and and and perhaps you talked a little bit about in the blog post about the program for enforcement that you guys put in place. What did that take to actually do create that? And I think I'm talking about the CPG program enforcement section here. That was great. Yeah, I'll just add on to your as quickly on to your comment about foundation. So just mentioning the chaos project, which is a project of the Linux foundation and a lot of the the DNI metrics were deeply rooted in some of my research. So the the if you're looking for metrics around code of conduct enforcement or even assessing your code of conduct that that you can go to the chaos project and look there you'll find I there's like even a tool we built to to look through. Anyway, so that's to your point. Yeah, found you're doing great work. The chaos folks are absolutely awesome looking at community health and helping build out best practices and share lessons learned and actually create metrics around community health that these pieces of the of the puzzle. And I think that was kind of where I was moving with your the program that you built out. So maybe I'll slide down to that and so you can talk a little bit about. I mean, it really was it was kind of cool. I'm not sure the right word, but when we really stepped back at the end of this viewing over the last two years was building a program that was very much like piece by piece. And so, you know, the components of the program, our enforcement program where, you know, policy, obviously, but in, you know, by policy, you know, we're talking about standards like a code of conduct or our community participation guideline itself are, you know, standards and policy and and not just that, you know, we in a corner of the project or corner of the organization say matters, but that others recognize so that, you know, the fact that we have a consequence ladder that the HR department is also using when they are making recommendations, you know, that's a policy that's like in place that the code of conduct itself is a policy and we make that what's the word relevant by constantly updating it. So last year we added CAS to that after we, you know, talk to somebody for getting the organization name, but, you know, that basically opened our eyes to the fact that CAS discrimination was a thing that happens, you know, in open source communities and what that looks like. So we added that. So always updating this policy, internal partnerships, you know, mostly informal, as I mentioned with HR, but just the deliberate the those partnerships are key. So that's legal, that's working with safety, that's working with workplace resources. So I don't know what that's called in other organizations, but, you know, people who work in offices and run events, you know, having partnerships with those folks. So for example, if you have someone that has been banned from your communities, it turns up an event, you know, having that partnership, make sure that that is stopped in its tracks. We have two different working groups speaking of tracking data. The first was actually merging the records of HR, the community records for violations of enforcement and legal and making those, not the records themselves accessible, but making sure that we weren't giving Moss grants or hiring people or giving leadership roles to people who might have been, you know, banned from the community. Something we recognized early on was that we had scattered records and so it was actually possible for a while that, you know, somebody might get hired that being banned from the community. So we have a working group that accepts requests to review those names, almost like a background check, but for community, which didn't exist before. Wow. Yeah, I mean, we, yeah, I mean, but it's not like, because people, how do you deal with people rehabilitating themselves or, you know, bringing that there's a lot of, there's a lot that must go on in that community working group. Yeah, yeah. So, speaking of bringing people back, that would fall in our policy. We do have like on our consequence ladder, we have temporary ban, it's level five or six, and we have a process, CPG onboarding, which is where, you know, people are offered to come, we offered to bring them back where there's my own where they have to have a conversation. We set them up for success. It's very positively oriented, but also might have some restrictions. And so we do, we did have a policy for that, which is about a 5050 success rates the last time that I checked. So the other working group is safety. So we have, you know, if someone's being doxxed or someone, you know, feels unsafe or like we have InfoSec and HR and legal and workplace resources and all like the C level people and, you know, VP's on that so that, you know, someone emails that we can act quickly. That's the other working group education. We have two courses which have actually been really critical. The first is for staff and it just covers, it's like a first aid course for enforcement. So it's not like teaching people to be very, you know, to know all the things that I might know or you might know, but that they know, okay, this is how you take a report and you don't try and get someone to change their story. And you, you know, you make sure that the data is like labeled confidential and there's all these different steps and then, you know, what to expect and yeah, and their roles. It's very, very first aid. We even have like infographic what to do by P1, P2, P3, P4. You report it, you tell your manager something they can print and put on their wall. And we had 80 or 88 percent of our community facing staff and their managers took that course last year. So that was a huge win that everyone walking around knows what their responsibility is and what to do. And then on the community side, we also had a training course that mirrored that, but it was for community managers, for non staff, community managers and maintainers and that sort of thing. So they also knew, hey, we have your back, right? And here's what you can expect and here's who you can call. And so that's just starting to roll out that was behind the staff one. And that's going to be part of all community onboarding. So that institutional knowledge is super important. You know, you can't have, like if a community manager leaves and we have someone new join, we need to make sure that they're not having to learn by fire again, right? That they are immediately like, here's the course that will tell you how you're supported. And so I think education is being really important. You know, systems are just, you know, tools that help us move faster. So we have a C, sorry, a LMS for delivering that content and a hotline for taking reports digitally, although most come in kind of verbally, they don't, we don't get a lot more spam through the system. And then we really just talk about our customers and users like we would any other service, right? And it's, I think I even write that it feels, you know, calling people in distress or who need help customers, but it really helps us think about what they need and what, you know, we can provide. And so, you know, at Mozilla, we, this program has served us pretty much every project and product in the company from Firefox to hubs to, you know, MDN, and that, you know, non-technical folks, you know, technical writers, engineers in person at, you know, Mozilla all hands, we've covered things that have happened in a lot of different areas. And yeah, that's the program. And of course, it's always evolving, right? You know, it's never done. One of the things about Mozilla that I loved over the years is really you have been sort of at the forefront of making sure these like, not only in technology, but also in community development and making making this stuff available and accessible and almost all of what you've talked about is in Mozilla's template and, you know, not all of it, but a lot of it is there. And the reusability of it, I think is something that as long as it's again going back to the field code of conduct that has nothing backing it up, just copying it from the template isn't enough. It's a good place to start educating your your your companies and other folks that, you know, the work that you guys have done. I'll talk a little bit about, I know you've only been at Microsoft for a very short time. And you did take and Microsoft did bring Stormy Peters over. So we know you're going to get a lot of, you're going to have a great time with her as the next resident Mozilla person. So she's she's she's one of our, you know, open source community heroes. Yeah, or she rose or whatever. And I think how how does this play out in your new role over at Microsoft? And how are you going to take this to the next level? And Microsoft, I'm not saying that they don't have this in place, they do have a lot of this already. So it's just stepping up the game. Where do you think the road ahead is for this? Yeah. So yeah, so it's my third, I just was my third week at Microsoft. But I, and I'm doing a lot of learning around like, how does, you know, what I just built a Mozilla like, where does that fit in Microsoft? Or what are they doing that is also this, I guess, is something that I've answered. And I've been, you know, super impressed by the fact that internally there's, you know, open source champs. So there's a cross organization, which is really big. I thought Mozilla, you know, there's lots of people who care about open source and the their youth, like your point, the users of their open source software and just the the the ecosystem overall. So the program, the program isn't quite like this, but there is this intention across the organization that is really remarkable. And I feel like everything is being handled really well there already, I have to get kind of my hooks into like, exactly how it functions. But from what I can see, it's well in hand as far as safety goes. And that is in law. And that there's some merging culture there that really values values the outcome of what they're building for their customers and users, but also for the broader ecosystem. So the partners that they have, you know, we're part of the X Foundation, you know, to do group and working with others. I think it's probably one of the more remarkable things that I see happening. And so while Mozilla, Mozilla, we had to build this program for enforcement, I see it. Those partnerships is being at those really they're leveraging each other's expertise, you know, outside of the organization. I think it's really exciting to follow how OSPOs are working together on some of these problems. And like, I personally had been doing that anyways, because it was like, wow, like, who would have thought, you know, like Uber and, you know, Salesforce. Everybody is doing this, you know, even if you'd ask me. It's amazing. Yeah, even if you'd ask me, like, we have Josh, who's over at Salesforce and, you know, and also on OSP, what's Josh's last name? Pick myself for that. But yeah, there's when I go back to this, this rise of the end user participation in on that. So we who have been in vendors that have had huge open source leanings have teams of people doing this. And and I think one of the things what I'm so grateful for you coming here today is being able to have this conversation. It may not be hallway, like at conferences where we share best practices and lessons learned and what we're doing. And that's what the open source summit would have given us in Europe. And you know, had we been able to meet there and have this conversation and for that. But the the sharing of this information through conversations like this and building awareness of the need for having these safety nets and practices and processes and policies in place as new companies emerge with their own open source ones so that it's more than just talking about making sure that there's open governance and the right license is picked and that there isn't contributor letter. All of these things are incredibly important as well. But this is the other side of the coin. And I'm glad you brought up chaos. But this the idea of ensuring the safety and and the sustainability and the health of a community is almost as important to getting those innovations and in technology in out there in the open. And I think sustainability is also the thing is like if you have an unhealthy community, that community will not be sustainable over time. Yeah, as it matures people will leave it. And I think we've been really blessed in some ways with for myself becoming to the Python community and the Django community and the XML community in the early days and having the experience of they may have been benevolent benevolent dictators for life. Some of the roles that people were in, but folks like Guido and others were amazing at sharing sharing the spaces and creating the space for these conversations. And I think that's what creating spaces to continue to have these conversations, whether they're virtually or in person and sharing the lessons learned in the stories. And what I'd love to do is have something like get the the Apple and the Salesforce and the in the vendor Ospo is together and the Linux foundation does some of that work. But I think there's there's more to be done to share the best practices and like you've done with this blog post which caught my eye because there aren't that many that go into this detail on this aspect. So it was really great to see it and to have it here for us. And I don't worry, I will put the link in the chat and on the video here so everybody can find it. And as well as to the templates that you've created here because I think that's actually one of the best things we can do is document it, share the stories and continue to you know, raise up the level of how we do this so that someone coming with a new project or a company coming for the first time to donate code to and put it into an open source repo and understands what it really takes to do it. It's not just marketing and it's and or great technology. It takes a great community to do these things forward and sustain them. You have any final words of wisdom that you can impart on us about you know how you ensure you know a high standard of safety and that's anything that you really would like to make sure everybody knows and is aware of. I mean I think that you cover collaboration and that deliberate sharing of things you know if you write, if you create something you know put it in the repository and the Mozilla diversity repository like I still maintain that so if anyone wants to improve or contribute those there. I guess I just share like my ambition as a closing you know we keep hearing like open source is less diverse than tech overall which always gets me right in the heart and I feel like a lot of that it centralizes around whether or not people feel included and safe and I think that the potential is for the technology we're building for our customers for innovation that you know we actually become a more diverse and inclusive space for building technology through activities like this and that you know anything is possible so I feel like this is people taking care and investing here is a great thing for all of us. I think you're absolutely spot on there I think the move in this you know weird COVID world that we're in that's so virtual that you're sitting in your car I'm sitting in my kitchen but it also opens up and democratizes the access to participation in our communities and if we have these ladders for contribution and participation and these safety nets in we we should be able to really broaden the reach of our communities and the people who could be included in them and should be included in them and the voices that we hear we hear on not just on the virtual stages but in our community Slack channels and IRCs and everywhere else. I think we're at an interesting time where the technology is broadening the access to participate but it also makes it easy to violate the safety rules and the participation rules so there's some vigilance there and some systems that we need to continue to put in place and continue to work on together so I'm totally grateful for you taking the time today to just did this and for taking the all the work that you did at Mozilla bringing it to Microsoft and bringing it there that's I can't wait to work with you more you're gonna you know have a great time over there there's some wonderful people thank you yeah look I look forward to collaborating with you and and and bringing the Ospo folks from from IBM and Red Hat together and and maybe having sort of a a sharing between vendors and end users who are sitting I'd be curious to see is how that difference differentiates to you know from their perspective so we'll have to get the folks from OSI and other places on sometime soon and maybe have a broader conversation so that sounds great yeah we can do that we can do that on a Friday from your car from my kitchen from the area or from the kitchen that they're sitting in yeah there's lots more to explore here so thank you so much for coming today thanks so much and thanks for dreaming with me I appreciate that it's a dream that that we can fulfill yeah thank you so much take care have a safe drive thank you for pulling over wherever you were and oh thanks for taking me as I am appreciate it take care bye