Oh, look: it’s a new year! So what should we expect in the open source world? 2023 had more than its share of shock waves. But we haven’t seen the full impacts yet. While 2024 might have some new shocks that we can’t foresee here in mid-January, we’ll start seeing real effects from the past year’s events. Here are the open source trends I’m looking for in 2024
You can barely read any tech article right now without a mention of artificial intelligence (AI). It has completely taken over the tech world. We can reasonably say that we’re in an AI bubble. So while the bubble will burst eventually, open source projects will have to grapple with AI this year.
Some generative AI projects and companies have called themselves “open”, but there’s no agreement on what that means. Certainly it’s not enough for the model itself to be open if the training data isn’t open as well. The Open Source Initiative is working on a definition of open source AI, but for now it’s up to projects who want to develop an open source AI to figure out what it means for them.
Projects that aren’t producing AI models or tooling will still be affected by the sudden boom in AI. Developers now have access to a variety of tools to help them write code — or entirely write the code for them. Community members can use AI to answer questions on fora or mailing lists; those answers might or might not be accurate. You have to decide what your community’s policy will be there. Particularly with code submissions, the legal uncertainty about the copyright issues around AI-generated code can be a challenge. OpenAI says it’s impossible to have generative AI without incorporating copyrighted works. What implications will that have for your project?
Red Hat’s changes to how they publish source code and Hashicorp’s switch to the Business Source License made a lot of people very angry. This may be the year if we see whether or not that matters. The practitioners who are angry about these aren’t always the people who write the checks. Both Red Hat (as a part of IBM) and Hashicorp are public companies, so we’ll be able to see how their revenue goes this year. If they don’t take a hit, it will give cover to other companies to shift their open source projects away from the community.
These changes weren’t made for fun, they’re the result of pressure from investors. With interest rates rising, borrowing money is no longer free(-ish). As a result, the capitalist machine demands better results from companies. That means that companies who don’t have a solid understanding of how their open source investments connect to the business may find themselves making cuts. If you’re running a project, foundation, or event that relies on corporate funding, brace yourself for a tighter budget. Now’s a great time to be making the case for how supporting you is good for business, not just a good thing to do.
The importance of software supply chain security has been increasing over the last few years, but open source projects have largely been able to avoid thinking about it. I think that changes this year. We saw some signs of this in 2023, like with GitHub requiring contributors to use two-factor authentication. We’ll see more changes like these in 2024, along with greater attention at companies on the security of the open source code they consume.
The challenge for open source projects is that this attention will often lead to unfunded mandates. For volunteer projects, unfunded mandates are ignored at best and burn out maintainers at worst. In typical supply chains, suppliers know they’re in a supply chain. They enter agreements. Open source projects don’t always know (or want to be) they’re in a supply chain. But there are low-effort things projects can do to improve security, which benefit not just the downstreams, but the project itself. Except to see more of that in 2024.
An added bonus
I think 2024 is the year that everyone buys a dozen copies of Program Management for Open Source Projects. Hey, a guy can dream, can’t he?