One of the more obscure terms one might hear bandied about in the free and open source software ecosystem is the so-called “bus factor.” The somewhat-informal term refers to the state of a given project based on its sustainability.
Specifically, bus factor is shorthand for the question: what would happen to your open source project if one of your community members were hit by a bus? Would the project survive? Or is so much workflow and institutional knowledge wrapped up in that one person that your project would be damaged, possibly to the point of no recovery?
A less-violent variant of bus factor is “lottery factor,” which poses what would happen if said community member were to get a lucky ticket and go off to buy an island somewhere with little more than a “see ya, suckers!”, never to be seen again?
Not that I’ve been thinking about this or anything.
Kidding aside, a community needs to think about such things, because there are many far more mundane, yet perfectly valid, reasons why someone might have to quit a project suddenly. A new job, a move to a different place, personal conflicts… life has a way of disrupting the best-laid plans. And if a community project is very dependent on one, two, or a small group of contributors, then its bus favor is very low and sustainability is a real concern for the project as a whole.
Sustainability is what Ridecell Infrastructure Engineer Noah Kantrowitz thinks about quite a bit. Open source projects range the spectrum from single-person projects all the way up to massive contributor-level projects like Linux and Kubernetes. But within this spectrum are what Kantrowitz refers to as “mirage projects”: projects that are a very important part of the open source ecosystem but have what he calls “frighteningly few core maintainers.”
[youtube=https://www.youtube.com/watch?v=meGHlI3DfC4&w=560&h=315]
In other words, low bus factors.
Kantrowitz highlighted Python and OpenSSL as part of this mirage group, highlighting the 2014 Heartbleed vulnerability found in the latter project that put the issue of sustainability front and center.
But even large projects without at-risk bus factors can have sustainability issues, Kantrowitz told his DevConfUS audience. Burnout is a key factor in people leaving projects, typically brought on by guilt about letting users down, which leads to dread about working on the project, and sometimes bitterness about the project or its users. Burnout among maintainers of any size project poses a significant sustainability risk.
Open source licenses can keep code available indefinitely, Kantrowitz argued, but without maintainers and core contributors to pick up the banner, projects can be in real danger of languishing.
Kantrowitz believes that the lack of attention paid to maintaining sustainability in projects is related to how we function. When people make things, it is a very single-threaded process. But when they consume tools, it is a fractal process.
“Even in the best scenario,” Kantrowitz said, “there are always going to be more users than contributors, and that imbalance has spiraled out-of-control in most open source projects.”
Adding to the problem, Kantrowitz believed, is the fact the initial pioneers of open source are getting older, and perhaps considering new directions in their lives… without younger developers waiting to pick up the torch. Another contributing factor is that there are far more consumers of open source technology now because startups and their venture capitalists are well aware of the existence of sophisticated open source tools and have therefore had to adjust their budgets accordingly.
Beyond highlighting the issues at hand around sustainability, Kantrowitz gave some solid examples of how to improve sustainability in projects. Paying attention to governance and licensing can help reduces the types of friction that harms sustainability. For more information on the solutions, watch the video from DevConfUS.