Last week, I threw my hat into the ring for the board of the Open Source Initiative. The elections open tomorrow. If you're a voting member, I hope I can count on your vote. (But you should really vote for Aeva Black with your #1 vote as she is amazing.). You can read more about my candidacy on my candidate page.
Luis Villa, former OSI board member and open source legal expert, asked each of the candidates to field some questions. I decided to capture my answers here (though I'll paste them into the comments on my candidate page as well). If you want to know how I'm thinking about my potential board service, these questions from Luis should give you an idea for what I hope to accomplish.
Your time: You have 24 hours in the day and could do many different things. Why do you want to give some of those hours to OSI? What do you expect your focus to be during those hours?
I firmly believe in humanity’s collective ability to come together and collaborate to solve shared problems. We’re not always good at it, but I really do believe in us. When we come together and collaborate to solve shared problems using software, we need a common language for how we decide to share our software solutions (licenses), and we need a common culture that defines how we engage with each other (advocacy). I want to give some of my time to the OSI, because when we grow our ability to collaborate effectively, we grow our ability to solve problems collectively.
When serving the OSI, I expect to focus my hours on supporting fundraising activities, and driving broad advocacy work within the industry.
Licensing process: The organization has proposed improvements to the license-review process. What do you think of them?
Broadly speaking, I’m in favor of any update that results in a clearer understanding of the process for people who want to submit prospective licenses, and that also seeks to reduce the overall burden of discussing and coming to an agreement on licenses. I didn’t monitor the working group’s multi-year discussion, and I’m not a regular reader of the lists where licenses are debated - my interest in serving the OSI falls mainly on the Advocacy side. That said - the improvements look good in principle, and I’d be interested to hear more about how the process changes would be evaluated for success. How do we know that these improvements worked, and how will we adjust them as we learn more about them in practice?
Broader knowledge: What should OSI do about the tens of millions of people who regularly collaborate to build software online (often calling that activity, colloquially, open source) but don’t know what OSI is or what it does?
I think it’s probably fine for tens of millions of people to collaborate effectively to build software using OSI-approved licenses without understanding the ins-and-outs of what the OSI is and what it does. That’s a pretty great sign of success! I’d be more interested in addressing the much smaller subset of these folks who know what the OSI is and what it does, but who don’t recognize the importance of the OSI. However, with the limited resources available to the OSI, I don’t have a specific recommendation for how I’d address the issue today.
Regulation: New industry regulation in both the EU and US suggests government will be more involved in open source in the future. What role do you think OSI should play in these discussions? How would you, as a board member, impact that?
Naming US and EU policy directors was a great start, but I’d be interested to know about OSI’s policy engagements beyond the US Federal Government and the European Union. Government institutions are some of the largest employers in the world, and bringing them into the open source community will help us craft better policy and legislation. The OSI should be prepared to send an experienced representative to participate in policy and implementation discussions when government entities are involved.
As a board member, I would use what I learned as a Technologist Fellow at the National Security Institute to help shape the board’s approach to engaging with government entities. While my experience is specific to the US Federal Government, I hope to grow my own ability to advise on global policy issues.
Solo maintainers: The median number of developers on open source projects is one, and regulation and industry standards are increasing their burden. How (if at all) should OSI address that? Is there tension between that and industry needs?
As an industry, I think we’re having the wrong conversation about solo-maintainer open source projects.
Historically, we’ve talked about solo-maintainer open source projects using terms like Bus Factor, to describe the risk inherent in having only one person holding the knowledge (and the keys) to a critical software dependency. More recently, we’ve started talking about solo-maintainer open source projects through the lens of sustainability and maintainer burnout, describing the risk inherent in having only one person trying to keep up with the demands of an ever-growing user base. But when we talk about mitigating any of these risks, we talk about adding a second maintainer to the project the same way we might talk about adding a second support beam to a sagging roof, or adding a second bus to a crowded transit line, or load-balancing a server by adding more identical servers.
We need to think less about cloning maintainers, and think more about finding effective partners for solo-maintainers. When you talk to a solo-maintainer and ask them what they need, they seldom respond with “A cloning machine” - you’re more likely to hear “a project manager” or “a product manager” or “someone with X skill set that isn’t my core competency.”
I think the OSI can most effectively address the ‘solo-maintainer’ problem by producing and promoting a guide for navigating this thought process. Helping solo-maintainers ask the community for the right kind of help is the first step toward mobilizing effective help for the projects in question.
OSI initiative on AI: What did you think of the recent OSI initiative on AI? If you liked it, what topics would you suggest for similar treatment in the future? If you didn’t like it, what would you improve, or do instead?
The Deep Dive on AI was certainly timely, and I think both the board and ED Stefano Maffulli deserve kudos for the investment. We’re clearly at an important moment for AI tools. I’ll be surprised if the existing legislative landscape around copyright and AI-generated works doesn’t evolve in the next few years. That evolution will have implications for tools like Copilot and others that many of us are only starting to understand. I’m still wrapping my head around my own thoughts, and I have some learning to do in this area.
Responsible licensing: There are now multiple initiatives around “responsible” or “ethical” licensing, particularly (but not limited to) around machine learning. What should OSI’s relationship to these movements and organizations be?
“Is this open?” and “Is this ethical?” are two very different questions, with two very different sets of implications. The OSI has centered itself on Openness as a core value. When other organizations are formed that center themselves on a different core value, then I think it makes sense to look and see if there are opportunities to collaborate to solve shared problems. But we should be clear about the OSI’s mandate, and only grow that mandate intentionally and with purpose.