In open source software the sustainability and growth of projects significantly depend on the diversity and engagement of their maintainer base. This document aims to underscore the importance of fostering a community with maintainers from multiple organizations, a prerequisite for joining the Open Source Security Foundation (OpenSSF). We will delve into the reasons why this diversity is critical, the benefits it brings, and provide actionable strategies to cultivate such a community.
The OpenSSF sandbox requirement, Projects must have a minimum of two maintainers with different organization affiliations, was adopted for the following reasons:
A project solely reliant on a single organization for maintenance is vulnerable to becoming neglected or abandoned if that organization shifts its priorities. Diverse maintainer affiliation ensures the project's continuity and resilience in the case of a single organization no longer contributing to a project.
Maintainers from different organizations, especially those in different fields, bring a wealth of perspectives and experiences.
A diverse maintainer base signals to the community that the project is not just relevant to the organization that maintains it.
You and your project might want to get involved in the open source community but you might not be sure how to start building your community, and look to eventually contribute that project to an open source foundation like the OpenSSF. Luckily there's well trodden paths for this. Here are some common practices that can help you get started:
There is no better way to start building a community than to reach out to existing communities and get involved. OpenSSF has a large number of Technical Initiatives (TIs) which you should consider contacting to advertise your project and interest.
While OpenSSF is financially supported by member organizations participation in OpenSSF is free and open to everyone.
Practically speaking you should consider the following actions:
- Post on OpenSSF’s slack (Follow link from: OpenSSF Get Involved to introduce yourself and your project
- Attend some of the community teleconferences the Technical Initiatives regularly hold. Check the public calendar at OpenSSF Get Involved for schedule and call-in information.
- If you're not sure feel free to reach out to a member of the TAC or an OpenSSF staff member
You should try to identify the most relevant TIs. A good starting point is the TAC README page where you can find the whole list of TIs with relevant pointers. If you're not sure, that's ok, feel free to attend, introduce yourself and don't hesitate to ask if this might be the right place to find people interested in your project. If you want to get a few minutes to present or demo your project during a call, you can simply go to the TI's meeting notes document and add an item to the next call's agenda along with your name. If it turns out that it's not possible to allocate time for your item that week, you'll be given a chance on a future call.
TIs make an effort to be inclusive and welcome newcomers. Don't be shy, we don't bite. :-)