Logo

dev-resources.site

for different kinds of informations.

Open source at Fastly is getting opener

Published at
3/15/2024
Categories
opensource
governance
fastly
community
Author
triblondon
Author
10 person written this
triblondon
open
Open source at Fastly is getting opener

Like most tech companies these days, Fastly is heavily reliant on open source software and the ecosystem of services and frameworks that modern software development weaves together. We need to talk about what it means to 'be open,' how we can recognize the broader ecosystem we're part of, and how we're making big changes to improve.

We’re working to make our little corner of the open source world the friendliest, most welcoming, easiest to understand, and most inclusive place it can be. You’ll see the results of that work in three key new parts of our open platform we’re sharing today: an updated code of conduct, a new project directory, and clearly-defined support levels for our open work.

Screenshot of open source directory

Making open understandable

Recently, we identified a number of problems that made things unnecessarily complicated for users of our open source work. We had a lot of public repositories on our GitHub but few people could easily understand which were active, whether support could be expected and whether contributions were invited. Many of our customers also use Fastly in conjunction with other tools, frameworks and services (like Gatsby, Heroku, NextJS, Vercel, Splunk, New Relic, Wordpress to name a few random ones), and adapters exist to support those interops, but it was often hard to figure out to what extent we support those adapters, whether they work for particular use cases, and who maintains them. This needed to be cleared up.

Making sure you have a good experience

So, it’s not enough to provide a lot of great open source tools — you need to have a reliable, trusted experience when you use them. We started with the basics. GitHub has a very useful tool under Insights > Community standards on each repo, which provides a checklist for community health. This felt like a good starting point to help people understand the intent and support behind our public code:

Screenshot of GitHub community health dashboard

Then, we took it a step further. We also created a clearly-documented support model to bundle up a bunch of expectations and behaviors into simple, recognisable buckets. Four levels can cover all projects quite well:

  • Product: An official part of Fastly's services. Expect complete documentation and support engineers trained to help you out.
  • Tier 1 OSS: "Active" projects that we are working on frequently and where you can expect enthusiastic engagement.
  • Tier 2 OSS: "Maintenance mode" projects where we keep on top of dependencies and security issues but may not always be able to engage with community interest.
  • Archived: Projects that we don't intent to revisit, which may no longer work, and should be considered out of date and likely insecure.

This can be nicely represented in a comparison matrix. You can see this on our new open source directory:

Screenshot showing table of support levels

To tie all this together, we made an org profile for our GitHub organization page. There are some great examples of these, like Microsoft and PayPal. For Fastly's, we wanted something friendly and human so we used Imagemagick to create a montage of all the avatars of the Fastly team members who have contributed to the open source projects in our org:

Screenshot of Fastly on GitHub

This is also a good spot to link to policies that apply across our open source work, and promote the great work being done by the organizations we support as part of our Fast Forward program. More about that in a minute.

Wow I had no idea we had that!

There's a ton of gold in our public repos, and scandalously, few people know it's there. Sorting through what we've open sourced over the years, we developed a category system, and most things fall into one of these buckets:

  • Tools: Stuff you run in your own environment, usually to help you interact with Fastly, like our compute static publisher utility or the Fastly CLI.
  • Plugins: Things you use inside third party products to help them integrate with Fastly, like our Wordpress plugin or Terraform provider.
  • Demos: Applications that you can run on or with Fastly, demonstrating creative uses of the Fastly platform, like this JavaScript implementation of OAuth 2.0 you can run at the edge.
  • API clients: Dedicated adapters to access api.fastly.com in a variety of languages.
  • Compute Starter kits: The Fastly Compute platform allows you to run your code on our giant edge network in a variety of languages. Starter kits offer complete example Compute applications that are great for scaffolding new projects.
  • Compute SDKs: These run within Fastly Compute apps and allow you to access platform features from your preferred language.
  • Compute libraries: Code you can import into Compute apps to make common things easy or integrate with third party services or frameworks, like our adapters for OpenTelemetry or Next.JS.

Not all our open source repos are Fastly related either, Fastly engineering teams have opened up a bunch of things that we've built just to solve problems within low level parts of our stack. For example utilities for dnstap in Rust, or Prometheus instrumentation for Sidekiq.

Do we really need a 9-year old fork of the Linux kernel?

One of the things that stifles openness is noise. Sifting through our public repos, some are very obviously redundant and just distracting. So we started by archiving a whole bunch of them - over half, in fact. We wrote some Google Apps Script in a spreadsheet to import and analyze the state of all our public repos:

Screenshot of Google Sheets

This allows for some basic filters to be applied to find the most obvious candidates for archiving:

  • No updates in over a year
  • No open issues
  • Does not have forks
  • Primary committer is no longer at Fastly
  • Minimal watchers / stargazers

Repos where all these things are true could be archived in bulk, and we reached out to the team closest to the code to give them the opportunity to delete the repo entirely if it was of no use at all. Archiving works well for everything else - archived repos remain accessible and cloneable, so any unknown project that depends on them will continue to work, and it's reversible, so we can change our minds later if we need to. But archiving also sends a clear message that we are not paying attention to this code anymore, so use it at your own risk and don't expect any help!

This captured a lot of fun examples, like a fork of the linux kernel that we last committed to 9 years ago and last merged from upstream 11 years ago 😅. But once these really obvious ones are out of the way, the real work begins.

Code of conduct and responsible disclosure

Once we finished cleaning up our repos, we wanted to add one more essential piece: A code of conduct. As a values-driven organization, we hold ourselves and those we interact with to a high standard of behavior. (That even extends to the kinds of customers we allow on our network because we choose to do business with those who reflect our values.)

But… which one to adopt, or should we write a new one? With so many excellent options, we quickly decided adopting an existing code of conduct would be the best path forward.

The best way to build for our community is to build in collaboration with the community, so we simply asked for input on our community forum. We received so many excellent responses and suggestions from community members and even other Fastly employees. People suggested the Contributor Covenant, the Django Code of Conduct, and Elastic’s CoC.

After reviewing the suggestions against our needs, we chose to fork Python’s Code of Conduct, which is a fork of the example policy from Geek Feminism wiki, created by the Ada Initiative and other volunteers, and is under a Creative Commons Zero license. (This felt particularly fitting, considering Python is among our highest-traffic and longest-standing Fast Forward program members.) From there, we edited the Code to suit our circumstances and community needs. Our version is published on our GitHub profile.

Finally, we needed a working group to help enforce the code of conduct, review possible violations, and determine a plan of action when infractions happen. So we formed Fastly’s OSS governance group, pulling from different backgrounds and disciplines across Fastly, including our inclusion and diversity, legal, engineering, and marketing teams. You can see the members and enforcement policies on our GitHub.

Fast Forward

Fastly is deeply committed to the open internet: we use open source software throughout our stack, contribute to open standards, and encourage employees to participate in and use open-source software.

Given the benefits we derive from open source and standards, we must give back to open source builders and communities. That’s why we created Fast Forward — Fastly’s mission to build the open internet together. This broad-reaching initiative comprises four key programs and policies: Our OSS contribution guidelines, our Customer Community Policy, our contributions to open standards, and the Fast Forward program.

Through the Fast Forward program, we give free services and support to open source projects and the nonprofits that support them. We support many of the world’s top programming languages (like Python, Rust, Ruby, and the wonderful Scratch), foundational technologies (cURL, the Linux kernel, Kubernetes, OpenStreetMap), and projects that make the internet better and more fun for everyone (Inkscape, Mastodon, Electronic Frontier Foundation, Terms of Service; Didn’t Read).

We are always looking for new projects and ways to support the open internet. If you’re an open-source project that needs help scaling and protecting your website or applications, apply to the program.

Looking forward

At Fastly, open source is a part of our heritage, essential to our operations, and central to our future. What’s more, we’re on a mission to build the good internet — whether you're building or browsing, an internet that is accessible and safe for everyone.

Take a look at our open source homepage, Fast forward program, or join us on our community forum!

governance Article's
30 articles in total
Favicon
Implementing Kubernetes Security with Kyverno: A Journey Through Resource Management
Favicon
Cloud Cost Optimization
Favicon
Data Governance… when there's no Data nor Governance
Favicon
Gobierno de Datos… cuando no hay Gobierno ni Datos
Favicon
5 Signs You’ve Built a Secretly Bad Architecture (And How to Fix It)
Favicon
Building a Robust Data Governance Framework: Best Practices and Key Considerations 
Favicon
The Pitfalls of Philosopher King -Why Morality Alone Isn’t Enough for Effective Leadership
Favicon
Understanding Data Governance in the Digital Age
Favicon
Identifying the Risks Organizations Face - Key Considerations for Risk Governance
Favicon
Crafting a Balanced Governance Strategy for a Growing Fintech Startup
Favicon
Conventional Use of AWS CDK
Favicon
The AI Alliance: Shaping the Future of Artificial Intelligence Together
Favicon
The Power of Storytelling in Digital Business Case Development
Favicon
Navigating the Future of Business in the Digital Age
Favicon
Improving Cloud governance using an automated naming generation tool.
Favicon
Data Governance in Modern Data Engineering
Favicon
Integration of Apache Iceberg in S3, Glue, Athena, Matillion, and Snowflake – Part 2
Favicon
Integration of Apache Iceberg in S3, Glue, Athena, Matillion, and Snowflake – Part 1
Favicon
Rapidly Ship Industry-Standard APIs
Favicon
Why your performance work is not seen
Favicon
API Security Best Practices: Enable Good Governance
Favicon
Understanding the governance of Cilium.
Favicon
Open source at Fastly is getting opener
Favicon
The 5 Disciplines of Cloud Governance
Favicon
Top GRC Trends for 2024 and Beyond
Favicon
New Features: Snowflake International Tags & Shared Tags
Favicon
The Dawn of Technocracy
Favicon
Cybersecurity frameworks
Favicon
Risk management frameworks
Favicon
Why your DevOps Toolchain Needs a Governance Platform

Featured ones: