Communities aren’t an accidental collection of strangers with a common interest

The 2024 Tidelift State of the Open Source Maintainer Report is full of interesting survey results and analysis, but one paragraph stood out to me in particular. One unidentified maintainer, speaking about the impact of the xz social engineering attack said this:

This incident really highlighted for me that technology is not the problem—culture is. Without authentic, trustworthy support from a real community (not merely an accidental collection of strangers who have a single common interest) this kind of thing will only continue. Security is a wetware problem first and foremost—we need to care about actual, living humans, not just certs and hashes and chains of custody.

Too often, we assume a community will naturally form around a useful thing that people care about. If we build it, they will come. That’s not true. It is true that useful and interesting projects can spontaneously collect a group of users and maybe even contributors, that doesn’t make it a community.

A community is more than a collection of individuals with a common interest; a community is a collection of individuals with a common interest and a shared sense of ownership. A community is a collection of friends (or at least acquaintances), not strangers. Not everyone who participates in a project is a part of the community.

My local baseball team is a good example. On any given night, you can expect to see 1,500–2,000 people in the stands. Some show up, root for the home team, and go home. Others show up, greet the staff by name, and make sure all of their trash gets picked up because “this is our stadium.” Neither is better; they’re just different.

To bring it back to open source projects: if you’re moderately successful, you’ll have both a community and a collection of strangers. They both help your projects, whether it’s by feedback/bug reports, code contribution, telling others about your project, or whatever else. But it’s the community that will be sustainable. Not only does community imply some degree of commitment to stick around for a while, but the bonds of friendship can make the project a more enjoyable place to be.

Ben formerly led open source messaging at Docker and was the Fedora Program Manager. He is the author of Program Management for Open Source Projects. Ben is an Open Organization Ambassador and frequent conference speaker. His personal website is Funnel Fiasco.

Share

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.