Being part of a community is what humans are largely designed for. People cluster up. We support each other and provide companionship by coexisting in shared spaces. The fact that today these spaces are increasingly virtual, online and asynchronous does not change the foundational workings of human groups.
But no one said it’s easy. Every community has its issues that arise from how human beings act towards each other. Besides companionship, there’s jockeying for position; in addition to support, there’s scrambling for status; and always--always--there are conflicts.
An outsider might think that, as a loose conglomeration of volunteers, the open source community is exempt from all that. Not so. The open source community absolutely has the same power games, harassment, arguments and abuse as any other community where bad behaviour goes unchecked.
And since humans are such social, communal animals, poor community experiences have a profound impact on our mental well-being. In this article, we’ll take a look at the less salubrious side of the virtual open source community and its very real-life consequences.
For quite a long time, it was pretty much taken for granted that the maintainer of an open source project would be expected to work 24/7, fixing or adding functionality to their project on demand. They’d have to put up with tons of negative feedback, sometimes even downright abuse. And they'd have to do all this unpaid!
It wasn’t just maintainers, either. Regular members of the community also had to be on their toes because online discussions were not, by and large, safe places to speak up.
I’ve seen a sea change during this past year and a half. Because of the pandemic, working life for many people shifted online, and suddenly there was a surge of interest in online well-being. I’m not claiming problems in the open source communities are now solved, but at least they are acknowledged by a larger part of the internet population.
Despite the great improvements, there are still many unsolved problems. One of the biggest ones has been, and will continue to be, the voluntary basis of open source work – the vast majority of which is made in the contributor’s free time.
Open source maintainers start their projects with lots of enthusiasm and motivation. They invest their personal time doing work for no monetary compensation, simply because they love doing it and love seeing the fruits of their labor harvested and baked into bigger, beautiful open source pies.
Yet far from receiving thanks, appreciation and goodwill, contributors are frequently served harassment and abuse. Users demand a premium service from the maintainers, but are not willing to pay for it. This creates a toxic environment where maintainers are expected to satisfy anonymous demands in record time for free.
While giving up their holidays to do it.
As time passes and they encounter increasing demands and abuse, that motivation starts to flag until they finally end up crashing and burning out. Many maintainers abandon their projects.
And they are fully within their rights to get out of a toxic situation. Wouldn’t you? No one has the right to demand or expect permanent 24/7 commitment from volunteers.
If you’re not an open source project maintainer or contributor, this may all sound a bit distant. Of course it’s a shame, you may think, and someone should do something, but it’s really nothing to do with me.
You’d be wrong.
The internet as we know it depends massively on open source projects. A good chunk of those projects depend on a single maintainer’s work. Remember Heartbleed in 2014? That vulnerability was tracked down to OpenSSL, an important library used in the foundations of the secure internet – and maintained by just one person.
And if that one key person decides they’ve had enough of the thankless volunteer treadmill and quits, what do you suppose happens to online shopping and social media?
This is not just a hypothetical what-if scenario. In 2016, web development experienced a serious hiccup because one programmer deleted 11 lines of code comprising the ´left-pad´ package from npm.
But that’s not the worst of it. We’ve seen cases of straight up crime. In 2018, a maintainer of a popular Node.js library decided to step away from the maintainer role. One developer contacted him offering to be the new maintainer, and the handover was made in good order. Some time later, however, the new maintainer inserted some malicious code into the library that stole from bitcoin wallets.
These things will keep happening if we don’t change the status quo.
One big step that the community has taken is to adopt Codes of Conduct. With these, maintainers can enforce rules that make the open source community forums safer environments where participation is rewarding. This helps make communities more diverse and more welcoming.
But the truth is that, thanks to the anonymity of the internet, nothing really prevents bad actors banned from a community from assuming a new identity and returning to engage in the same behavior again.
At Aiven, we’re stepping up with our own Open Source Program Office, or OSPO. Its purpose is to ease the burden on the current open source communities.
All of our OSPO team members are maintainers or long time contributors in several mainstream projects, and they understand the current state of affairs in the open source communities. A common sentence heard in our team is: we made our hobby our work!
We don’t just work to add new features to the various open source projects Aiven uses downstream. We also make these projects more sustainable, for example by removing technical debt. We’re finding this is a great way for a company with its roots in the open source community to contribute back. We like to think we’re maintaining the mental health of the volunteer developers who would otherwise have to do this work without pay or thanks.
However, we also need to take care of our own mental health. We aim to strike a balance between the effort of performing these hard, low-recognition tasks and giving enough challenging, creative and rewarding work to those same engineers.
The OSPO team also aims to bolster the communities that surround their own open source projects. Besides adhering to our Code of Conduct, we discuss things in the open and define reasonable ‘time-to-respond’ expectations. We want to keep our communities safe.
Supporting the mental health of individuals in the open source community space is not just the humane thing to do, it’s also a crucial part of keeping the whole connected world safe. As long as we rely on the free labor of love performed by individuals, the least we can do is keep those individuals safe and sane.
Aiven is committed not just to open source software, but also to the community that creates it.
Not using Aiven services yet? Sign up now for your free trial at https://console.aiven.io/signup!
Feb 22, 2023
They had me at the panel title: “Lessons learned from maintaining 10K+ OpenSearch® clusters in production”
Aug 9, 2022
On 2022-08-23, Aiven will complete its migration away from Elasticsearch. Read on to find out how this affects the backwards compatibility we were providing.
Nov 24, 2022
Find out about what we do at Aiven’s OSPO, the projects we own and the projects we contribute to on a daily basis.