The Business of Open Source

Today I sit down and chat with John McBride, senior software engineer at VMware, about his address at KubeCon, “Risks of Single Maintainer Dependencies and How to Mitigate Those Risks.”

Show Notes

Today I sit down and chat with John McBride, senior software engineer at VMware. We begin by talking about John’s address at KubeCon, “Risks of Single Maintainer Dependencies and How to Mitigate Those Risks.” We discuss the definition of security and then John identifies some of the other non-security risks posed by single maintainer dependency. We talk a little bit about mitigating the risks and about building trust and community around single maintainer projects. We conclude our time by speculating on the extinction of single maintainer dependencies. 

Highlights:
  • John introduces himself and talks about his interest in mitigating the risks of single maintainer dependencies (00:55)
  • We have a conversation about the definition of security (4:54)
  • John talks about the other, non-security risks of single maintainer dependency (10:00)
  • We discuss how to mitigate the risks of single maintainer dependency (12:04)
  • John talks about building trust and building community around single maintainer projects (16:48)
  • John answers my question “Do you think being a single maintainer is ultimately an anti-pattern, a non best practice?” (23:56)

Links:
John

What is The Business of Open Source?

Whether you're a founder of an open source startup, an open source maintainer or just an open source enthusiast, join host Emily Omier as she talks to the people who work at the intersection of open source and business, from startup founders to leaders of open source giants and all the people who help open source startups grow.