Open Stack

On Mon, 2016-08-01 at 13:43 -0400, Sean Dague wrote:
> On 08/01/2016 12:24 PM, James Bottomley wrote:
> > Making no judgments about the particular exemplars here, I would 
> > just like to point out that one reason why projects exist with very
> > little diversity is that they "just work".  Usually people get 
> > involved when something doesn't work or they need something changed 
> > to work for them.  However, people do have a high tolerance for 
> > "works well enough" meaning that a project can be functional, 
> > widely used and not attracting diverse contributors.  A case in 
> > point for this type of project in the non-openstack world would be 
> > openssl but there are many others.
> 
> I think openssl is a good example of what we are actually trying to
> avoid. Over time that project boiled down to just a couple of people.
> Which seemed ok, because everything seemed to be working fine, but 
> only because no one was pushing on it too hard. Then folks did, and 
> we realized that there was kind of a house of cards here, that's
> required special intervention to address some of the issues found.

The original problem was lack of security audits leading to heartbleed
mistakes.  Now that that's been remedied by investment from the CII,
the project is still very monoclonal and run by a small group ... and
still just as essential.

> Keeping a diverse community up front helps mitigate some of this. 
> It's not a silver bullet by any means, but it does help ensure that 
> the goals of the project aren't only the goals of a single product 
> team inside a single entity.

The point I'm making is that Company led projects tend to be much
better connected with the end user base (because companies want
customers) which, ipso facto, means they tend to fall into the "good
enough" bucket and fail to attract many more outside contributions.

James