OSS-Health.md

Procuring Open Source Projects

OSS project health check

Four Opens

• Code is fully open source (OSI license)

  • Open Core is not an option
  • License handling clear
  • dealing with non-licensing IPR questions (patents, trademarks, ...)

• Community is open and diverse

  • Distributed over countries, companies, ....

• Development process is open

  • Documented contribution process (how to get started, how to contribute, expected behaviors/CoC, standards, ...)
  • Project trying to invite/encourage contributors
  • Discussions happen in the open (easily accessible)

• Design process is open

  • Process for proposals/blueprints
  • Decision process is clear, accessbile, traceable
  • Requirements are gathered, recorded, prioritized
  • Roadmaps / Goals

Maturity

• Quality
  • Regressions
• Maintenance policies
• Handling security issues
• Tracking & addressing bugs
• Development process maturity (code review, policies)
• CI processes, CI coverage, CI status monitoring
• Implementation of relevant standards
  • Ideally with compliance tests
• Defines own standards that can be implemented independently
  • With compliance tests

Activity

• Active development (and maintenance)
  • Attracting new users & contributors
  • Able to retain contributors
  • Number of Forks, number of contributors
• Adoption
  • Others building on top
  • Products using it
  • Companies offering services ... around it
• Visibility
  • Press
  • Conferences
• Community events, ambassadors
• Collaboration with other communities / projects

Lock-in risk assessment

• Risk of project failure
  • Single Points of Failure (too few maintainers / core contributors / core reviewers?)
  • Conflicting commercial interests of main contributors?
• Effect of failure (damage):
  • How easily could it be forked and taken over?
  • How easily could it be ripped out and replaced?

Links

• https://opensource.com/article/20/3/community-metrics
• https://opensource.com/article/19/8/measure-project
• https://medium.com/@tobie/measuring-the-health-of-open-source-projects-8a54eca9bc2d
• https://nadiaeghbal.com/project-health
• https://www.researchgate.net/publication/261715766_Measuring_the_Health_of_Open_Source_Software_Ecosystems_Beyond_the_Scope_of_Project_Health