Open Source Good Governance – GGI Framework presentation & deployment
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Title of Series | ||
| Number of Parts | 542 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/61618 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FOSDEM 2023295 / 542
2
5
10
14
15
16
22
24
27
29
31
36
43
48
56
63
74
78
83
87
89
95
96
99
104
106
107
117
119
121
122
125
126
128
130
132
134
135
136
141
143
146
148
152
155
157
159
161
165
166
168
170
173
176
180
181
185
191
194
196
197
198
199
206
207
209
210
211
212
216
219
220
227
228
229
231
232
233
236
250
252
256
258
260
263
264
267
271
273
275
276
278
282
286
292
293
298
299
300
302
312
316
321
322
324
339
341
342
343
344
351
352
354
355
356
357
359
369
370
372
373
376
378
379
380
382
383
387
390
394
395
401
405
406
410
411
413
415
416
421
426
430
437
438
440
441
443
444
445
446
448
449
450
451
458
464
468
472
475
476
479
481
493
494
498
499
502
509
513
516
517
520
522
524
525
531
534
535
537
538
541
00:00
Information technology consultingGoodness of fitOpen sourceComputer animation
00:18
Computer programOpen sourcePublic domainInformation securityStrategy gameSelf-organizationSingle-precision floating-point formatPoint (geometry)Context awarenessOpen sourceOffice suitePublic domainTwitterProcess (computing)Software developerType theoryStrategy gameComputer programComputer animation
01:55
SoftwareDigital rights managementOpen sourceCommitment schemeType theorySelf-organizationCollaborationismSoftware maintenanceSoftware engineeringOpen sourceType theoryVapor barrierStatement (computer science)Point (geometry)Group actionComputer animation
03:12
Online helpSoftwareOpen sourceInformationEvent horizonElectronic mailing listPresentation of a groupForcing (mathematics)Type theoryInformationSoftwareOnline helpExterior algebraEmailOpen sourceLattice (order)Goodness of fitTask (computing)Computer animation
04:53
Electronic mailing listStrategy gameProcess (computing)Complete metric spaceOpen sourceCapability Maturity ModelGoodness of fitDesign by contractSelf-organizationTranslation (relic)Formal languageRevision controlContext awarenessLevel (video gaming)Lattice (order)WaveletComputer animation
06:43
SoftwareData structureDigital rights managementSide channel attackTemplate (C++)Context awarenessDigital signalLocal ringTask (computing)System identificationTrailInstance (computer science)ImplementationRevision controlWhiteboardWebsiteSelf-organizationElectric currentComputer networkElectronic mailing listEvent horizonComputerTwitterData structureGoodness of fitScripting languageDescriptive statisticsWhiteboardTask (computing)Revision controlSoftwareDigital rights managementOpen sourceAdaptive behaviorElectronic mailing listImplementationVulnerability (computing)System callSelf-organizationPeer-to-peerTranslation (relic)WebsiteSheaf (mathematics)Arithmetic progressionComputer programProjective planeType theoryGeneric programmingProbability density functionComputer animation
12:37
Program flowchart
Transcript: English(auto-generated)
00:06
So my name is Boris Baldassari. I work for the Eclipse Foundation as an open source consultant. And I'd like to introduce the OSPO Alliance and the work we are doing on the Good Governance Initiative.
00:20
So to start with, what is an OSPO? So OSPO stands for Open Source Program Office. And it's a team within an organization that takes care of everything open source within the organization. So it's supposed to be a single point of contact for any question people may have about open source licensing
00:41
and so on. The OSPO is supposed to foster the awareness of open source within the organization, define and implement a strategy regarding open source for the organization, inbound, outbound, and much more than that. So the idea is to make sure that the organization makes
01:04
a good use of the open source they consume, produce, and so on. It also includes things about the ecosystem, the open source ecosystem, and the participation into the open source ecosystem by the organization. It should be noted that it has
01:21
many impacts on many domains. So it's from the legal to the technical to the security, dependencies, development practices, and so on. And it's a strong recent trend. So many organizations nowadays are in the process
01:42
of setting up an OSPO. When I talk about organizations, I talk about any type of organization. So these could be corporations, SMEs, administrations, universities, NGOs, and so on. The point with these organizations is that quite often, they don't know anything
02:02
about open source. It's not in their culture. So they just don't know where to start. That's where the OSPO Alliance comes into the picture. So the OSPO Alliance was launched in 2021 by a group of four European nonprofit organizations.
02:21
And the idea is to promote an approach to excellence in open source software management. We wanted it to be really easy to access, low barrier. There is no fee. There is no commitment. The only thing we ask is a letter of support, a statement of support from the organization to the principles of open source and the OSPO Alliance.
02:44
All our activity is open, public, and freely accessible. No need to register to get access to our outcomes. We are entirely governed by open source principles. So you can just come, join us, collaborate. And if you are active contributor,
03:04
then you will become a maintainer and so on. And once again, it's for all types and sizes of organizations. Our mission is twofold. So firstly, help the organizations make sure
03:20
that they better use the open source software and ecosystem and properly take care of open source and also make them good citizens of the open source ecosystem. So not only consuming and producing, but also participating and financing and being there
03:42
and openly asserting their use of open source. So things like that. To achieve these goals, we have set up different sub-task forces. The first and the most visible one is the Good Governance Initiative Handbook,
04:00
which is a blueprint to help organizations define and build their OSPO. We also provide a safe place to exchange information so people can ask any type of question when they're trying to replace some proprietary software by an open source alternative that they can ask for what others did.
04:23
We have mailing lists, meetings, regular meetings. We participate to events, and we also have a monthly session which is called the OSPO Unwamp Sessions where some of our members present how they did with their OSPOs and share their good practices, their mistakes too.
04:45
And we also have a task force for evangelism and dissemination of our initiative. Thank you. So the Good Governance Handbook, as I said, is a blueprint to help organizations define,
05:01
so build a roadmap, and actually build their OSPO and make it a success. For that, we propose 25 activities which are good practices that you want to implement when you build your OSPO and when you want to grow the open source awareness within your organization.
05:22
These 25 activities are organized into five goals which are kind of levels of maturity. So the first one will be identify the open source you use and identify the skills that you have. Start changing your contracts with your employees
05:41
so they can actually contribute. Set up or educate the legal team, educate the executives. Contribute back, contribute upstream, assert publicly your use of open source and so on. We also provide the methods to implement these 25 activities.
06:00
So we recommend an agile-like process where you will pick a few activities, complete them, select a few other activities and so on until you have completed the scope. And we had quite some success. So the first edition of our handbook was in 2021.
06:23
Last year, we did an update, the 1.1 version. And we also have translations. So German and French are already available and a few others are on their way. So Portuguese, Spanish, Italian, and whatever your language is, please join us.
06:40
We use Wavelets and we, of course, welcome contributors. So talking about the activities, they have really a wide range and scope. So it's from, as I said, identifying the open source you use, doing software composition analysis, dependency management, vulnerability management.
07:01
It's also about implementing the good practices that we use in open source, so setting up peer reviews and things like that. Training the people, HR, so the contract, allowing people to contribute. Funding the ecosystem, the project that you use and the foundation and the organization
07:21
that make the open source ecosystem. And yeah, up to executive education and potentially making open source strategic asset for your organization. Each activity has the same structure. So we have a description that states what this activity is about.
07:42
Opportunity assessments, why would you implement this activity, what it will bring to you. Progress assessment, so you know where you are and that enables to track your progress and know when you can say that it's a complete activity and you can switch to the next.
08:02
Recommendations, so feedback from the field, experienced people saying, well, you might have a look at this, that will help and also some tools and recommendation and resources that you might find useful. As I said, the Good Governance Initiative is for any type of organizations.
08:22
So there are activities that will not fit within your organization. The first thing that you will do actually when you will implement the handbook is look at all the activities and select the one that you want or reject the one that do not apply to your context, that's okay.
08:41
And from there, the activities are kind of generic. So what you want to do from there is for each activity create a scorecard which will be the local adaptation of the activity to your own organization. So that will imply stating the teams,
09:00
the internal teams that you may reach out to, the competencies, skills that you may need, the processes, tools and resources that you can use and that you will have to deal with, and also identify some specific tasks that are relevant to your context and that this task will help you
09:21
track your progress on the scorecard. We provide the scorecards in two versions. One is the PDF that you can simply print and fill in with paper and pen, good old style, and also a digital one. So last year when we did the 1.1 version of the handbook,
09:40
we introduced a new feature which is a deployable GGI program. So basically it's a GitLab project that you clone in your own GitLab or in any GitLab. And from there, there will be a bunch of scripts that will be executed, creates 25 activities as GitLab issues.
10:02
So create a board so you can visualize them. You can click on an issue and see the description, opportunity assessment and so on. From there, you can edit the description to fill in your own scorecard. And once you have that, so you have all your issues,
10:23
you can visualize them in the board, you have defined your scorecard, so you can just start working on them. So you select a few of them, you work on them, you complete them, you select a few other one and so on. And each and every time, so it's a nightly script actually, but the MyGGI will create a GitLab pages,
10:45
a static website that will reflect where you are, what are your current activities, your past activities, and will even provide a simple dashboard. So the list of activities when you have implemented
11:02
the MyGGI looks like that. And the simple dashboard that you get and static website looks like that. So you have the full description of the activities that you are working on and also the scorecard. So it really tracks your own adaptation and implementation of the GGI program.
11:24
So that's all. Once again, we are an open source initiative so you can access all our resources for free, not even need to register whatsoever. You go to our website, ospro-alliance.org. From there, you can download the Good Governance Handbook.
11:44
There is a HTML version. You get access to all the translations that are available. And there is also a section about contributing. You can just simply join our calls. We have weekly calls and you just connect. Everything is there.
12:05
We, so we are European-based because our contributors are European. So it's really based on the European values and way of doing things and so on. But we are open to absolutely everyone. So just come, join us. You can help on the translations,
12:21
on the updates of the handbook, on the dissemination. And if you want to follow us, it's here. And that's it. Thank you.