Commonhaus Foundation Launches at Critical Time for OSS
Affectionately remembered by many longtime Java developers, Codehaus combined a Java open source project-hosting service with a community that offers support and mutual aid for the projects it hosted. Inspired by its legacy, the nonprofit Commonhaus Foundation launched last month, promising a new model for established open source libraries and frameworks seeking a neutral home.
The organization’s founders are Erin Schnabel, distinguished engineer at Red Hat, Ken Finnigan, OpenTelemetry and observability engineer, and Cesar Saavedra, senior technical marketing manager at GitLab — serving as chair, secretary and treasurer respectively.
Commonhaus prioritizes succession planning, minimal governance and financial assistance for its member projects, including the capability to receive donations without seeking individual nonprofit status. The open source projects that have joined at launch are ORM Hibernate, JSON-processing library Jackson, refactoring tool OpenRewrite, Java launcher JBang, Java release tool JReleaser and Java MongoDB driver Morphia.
Since the foundation was launched, a number of other projects have expressed interest in joining, including EasyMock, Objenesis and SDKMAN!. While all of these are Java projects, it isn’t the intention that Commonhaus be Java only. “I started with Java because it is the ecosystem that I know best,” Schnabel told The New Stack. “But our doors are open to projects from all languages and technologies that share our vision for a collaborative and sustainable open source future.”
Of course, we already have a number of open source foundations, including Apache and Eclipse, but Commonhaus supports a broader array of OSI-approved licenses than you’d typically find elsewhere. It also allows projects to maintain their own established brand, community identity, infrastructure and governance practices, making it more suitable for mature projects with good governance in place than nascent ones.
Tatu Saloranta, creator and project lead of Jackson, said that “while Jackson components are widely used within the Java software ecosystem, our core project team remains compact and our processes minimal. Over the years, we have occasionally considered the desirability and feasibility of affiliating with well-known open source foundations. However, none seemed to quite align with the preferences of our project and team. After observing the formation of the Commonhaus Foundation, we are confident that we have found our future home. The foundation’s goals align closely with ours, and it emphasizes enabling individual projects to maintain focus on their core competency: the development of high-quality open source software.”
Gavin King, creator of Hibernate and a distinguished engineer at IBM/Red Hat, said that “Commonhaus provides support and continuity for self-governing projects, making it a perfect host for projects which are already well run. Red Hat’s leadership and sponsorship continue to be a source of stability and user confidence, and we now hope to open up more space for other groups and companies to feel included in the project.”
The Challenges of Open Source
Commonhaus’s launch comes at what feels like a difficult time for open source. While it has undoubtedly been a force for good in our industry — with plenty of people reporting positive experiences, both open sourcing their own projects and contributing to others — the model feels increasingly beset by problems.
The recent XZ hack exposed a lack of maturity around supply chain security, but the social engineering aspects that enabled it also highlighted problems with burnout, particularly for single maintainer projects where one person ends up doing all the work for a long time. “You have a library that’s born because someone needs to solve a particular problem,” Schnabel told The New Stack. “But they don’t usually do it with the expectation of being the sole maintainer of the project for 20 years. It can be a lifetime commitment.”
Moreover, there is an implicit assumption that the sole maintainer will perform a wide range of tasks including tech support for the library, maintaining it and creating new features. “It’s a huge volume of work, and it grows,” Schnabel told us. The issue is compounded by what Homebrew’s project leader, Mike McQuaid, has described as a sense of entitlement among users. “Ironically,” he said, “this is often worse coming from large tech companies with fantastic profit margins.”
Given this, it should be unsurprising that, anecdotally, a number of people have told me that they’ve decided against releasing a library as open source, specifically because they don’t want to be lumbered with the ongoing responsibility for it.
Meanwhile, larger projects with multiple maintainers typically have different but related issues. Accepting pull requests can be difficult since well-meaning submitters may not fully understand the wider ramifications of their changes. “It isn’t that they don’t want pull requests, but rather that the effort of training and explaining how a project works is a burden that they can’t manage,” Schnabel said.
At the same time, changes in licensing for popular projects such as Terraform, Redis and Elasticsearch are partly driven by the fact that, as McQuaid said, many of the major companies that rely on them don’t contribute, either technically or financially. In addition, not all projects are welcoming, while many larger projects also have a lack of diversity among those contributing to the culture of the project.
What to do about all this is rather less clear.
Fostering Community
A big part of Schnabel’s goals for Commonhaus center on education and community. She actively tries to foster connections between projects so that they can start to rely on each other. During our conversation, she acknowledged how difficult this can be. Community work typically involves spending a great deal of time and energy on moderation, reinforcing attitudes and working to encourage the behaviors you want. It is unglamorous and often fraught, she admitted. “I’m learning a lot from the way the Obsidian community manages itself,” she told The New Stack. “Maintaining their culture of mutual aid is the hardest and most essential part of it.”
For education, Schnabel recommended working within existing structures. “I want to work with vJUG, for example, to get more information out there about how these libraries work on the inside,” she said. “This should improve community participation and enable us to welcome contributions without being overwhelmed.”
Likewise, Commonhaus wants to connect with other existing communities where they exist. “GitHub has a maintainers community, for instance. I think that’s a great thing to leverage, and I don’t feel like I have to replace it,” Schnabel said.
There are definite places where a foundation like Commonhaus can help single-maintainer open source projects. Projects need a code of conduct, for instance, and they have to be willing to enforce it. But for a single-maintainer project, where would a code of conduct report go? “With Commonhaus, we can have the code of conduct report come to us, and we can handle it. While there are some cases where a code of conduct violation is just egregious behavior, in my experience it is more commonly a miscommunication or a misinterpretation of intention,” Schnabel told The New Stack.
Sustainability
In terms of future thinking, Schnabel emphasized that succession planning is essential for ensuring that open source projects thrive long-term. Preparing for the eventual transition of project leadership and key roles helps to maintain a project’s momentum, ensuring its continued development and relevance within the technology ecosystem. “It is especially important for projects that have become foundational components of other software and systems,” she said.
This includes Commonhaus itself; Schnabel’s goal is to ensure that it becomes self-sustaining. “I want to have a culture of interaction, practice and decision-making so that it isn’t just me making things happen,” Schnabel said. “For the projects that join Commonhaus, I want them to think five or 10 years out. What happens when you are no longer there? What are the things you need to write down? What are your design principles? What are the choices that you make? Do you have the right tests in place? Maintainers are going to retire and that has to be OK. Likewise, I might not be involved in Commonhaus in three years, and that has to be OK too.”
Schnabel also wants to ensure that projects can choose to leave Commonhaus if they wish to or be thrown out. “One premise of Commonhaus is that it is for self-governing projects,” Schnabel said, “which means that while dissension is important for good decisions, a Commonhaus project has to be able to resolve disagreements and move forward. They need a system to avoid reaching a stalemate. If a project isn’t able to achieve this, it’s important they are able to go somewhere that would impose governance, such as Eclipse or Apache.”
Commonhaus isn’t the only initiative looking at open source issues. Tidelift, for example, shares a common goal of supporting the sustainability and health of open source projects, addressing the financial and risk management needs from a commercial perspective. OpenSSF has announced Siren, which Chris Swan notes on InfoQ, “will provide a place to share tactics, techniques and procedures (TTPs) and indicators of compromise (IOCs), similar to corporate threat intelligence platforms.” It is, though, an interesting piece of the jigsaw.
To learn more about the Commonhaus Foundation, readers are advised to check the website or contact them directly via hello@commonhaus.org.
