TL;DR The idea is to establish a checklist of best practices for sustainable open source communities. We could follow the same model that the CII Best Practices Badge has for security best practices. Communities voluntarily sign up to achieve a badge and provide public evidence for following sustainable best practices. The Sustainable Best Practices Badge application tracks this information, serves as a place for checking the status of a community’s badge, and provides badges that communities can display on their repositories, websites, blogs, newsletters, and marketing material. With wide adoption, this badge becomes a quality signal for open source communities. Foremost, the badge serves as a checklist for communities to review their practices and improve where necessary.
Open source communities have no uniform way to signal that they are sustainable. An observer has many different signals to look for, for example: What is the bus factor? How is the community financed? How diverse are the contributors? Are there security policies? Is there a code of conduct?
Communities want to signal that they are sustainable because it attracts users, developers, designers, translators, advertisers, and in short new contributors. Users need to know they can count on the community to support an open source software long term. Especially, corporate users face risks when an open source software to go unmaintained after it was integrated in their innovation stream, product development, and service offering. Contributors want to contribute to a community that is welcoming, values their contributions, and serve as a credential on their open source resume. In short, all stakeholder incentives align to benefit from signals about the sustainability of open source communities.
We, as the open source ecosystem are lacking a reliable way to signal the sustainability of an open source community. We may look at the size of a community, what companies are backing it, whether it has a code of conduct, how active the members are, when the last release was, or whether it gets positive press coverage. Sustainability is a many-sided problem and to date, only one-sided solutions exist.
We have a Sustainer Manifesto with principles that sustainers believe in (Adam Jacob’s established similar principles). However, these principles need to be translated into specific actions and best practices.
Academic research has not identified what best practices make an open source community sustainable. Researchers report that communities have a variety of different governance models and establish their own practices. Tracking various metrics to predict whether a project will be sustainable and continues to be active in the future yielded inconclusive findings. Many of these studies were conducted with Sourceforge.net but GitHub is now the norm. These older studies are also unable to speak to the new reality considering the recent influx of corporate community members. In short, research does not have an answer but rather poses many unanswered questions.
Several resources exist for open source communities to learn about sustainability issues and how to address them. These are based on anecdotal evidence.
Incomplete list in alphabetical order by author first name:
The problem with these resources is that they are input for communities but do not translate into signals for observers to know whether a community is sustainable.
The CHAOSS project collects different metrics for assessing open source communities. The problem is that as an observer, who is not part of a community, data for metrics can be difficult to collect. CHAOSS is useful for communities to figure out how to measure themselves and prepare metrics as signals for outsiders. CHAOSS is addressing the problem that communities signal in inconsistent ways and thus observers have no baseline for comparison.
The CII Best Practices Badge advanced security practices in open source. Communities can self-certify to follow security best practices from a checklist and have to provide public evidence. Many communities report having changed their practices in an attempt to earn the badge. As a reward, communities can display the badge to signal that they follow security best practices.
Sustainable Best Practices Badge
The idea is to combine the above existing work. We borrow the idea from the CII Best Practices Badge and create a checklist of sustainable best practices. We may even fork the web app that CII developed. We derive best practices from the resources available today and common sense. We vet the list of best practices through a community review process with long-standing members of the open source ecosystem. We use CHAOSS metrics to measure outcomes from appropriate best practices and provide evidence. We follow a scientific approach to track which best practices are more indicative of sustainable communities.
Each Sustainable Best Practice has to be actionable for communities to implement them. The checklist serves as a tracker of how many best practices a community is already following. A sustainable community may have little to change to check all best practices and earn a badge.
Communities can use the Sustainable Best Practice Badge to signal that they are following these best practices. This is not a guarantee that a community is indeed sustainable. A checklist cannot eliminate all risks and danger. However, airplane safety has improved thanks to checklists pilots go through before every flight. Similarly, communities can be more sustainable if regularly checking that they are following known sustainable best practices.
Communities have an incentive to earn a Sustainable Best Practices Badge because of the signal it provides and because it helps them establish proven practices.
I am putting this idea forward for discussion and would love to hear feedback, criticism, support, and suggestions on the SustainOSS forum.
While the idea for a Sustainable Best Practices is mine, it is shaped by conversations at the Sustain Summit, metrics work in the CHAOSS project, co-authoring the Sustainer Manifesto with Justin Dofman, and a Twitter thread with Adam Jacobs. This proposal is based on my own experience. In the spirit of transparency, I will declare my involvement. I co-authored the paper on why we need more research into open source. I co-founded the CHAOSS project and am a member of its Governing Board. I translated the CII Best Practices Badge to German and participated in the discussion for adding silver and gold badges. I know there is more work out there and I look forward to the conversation this blog post hopes to start.