@derberg – Lukasz Gornicki

github.com/derberg
maintaine.rs/derberg

My first active interaction with Open Source happened back in 2014, and I was immediately captivated by the concept. The idea of people collaborating openly, across borders, with a shared goal of creating something better fascinated me. At the time, I didn’t contribute much code, largely due to imposter syndrome, which was in full swing. Yet, even then, I sensed that contributing to Open Source wasn’t just about writing code. People can give back in so many other ways.

So, I found my own path, helping by securing funding for one of the projects and promoting tools at conferences.

Everyone needs a role model—someone to inspire or spark that first sense of purpose. For me, that person was Benjamin Lupton. We were using DocPad, and after watching Ben’s DocPad presentation, I knew I was slowly becoming an Open Source enthusiast, or maybe even a fanatic.

What’s Open Source to you?

A diverse community that fosters innovation. As simple as that.

There is no other place, no company that can give you this. The ability to work together with people from different cultures, different sides of the world. The ability to work with people having different experience, different points of view creates an environment where innovation happens.

What projects are you involved in?

I’m active in the AsyncAPI Initiative, and my highest priority is the AsyncAPI Specification and the AsyncAPI Generator. At the moment, I’m the Executive Director of the initiative, but I’m stepping down in favour of our new Governance Board.

How do you grow your community?

This is a long story to tell. In short, by putting the community first and everything else later, the most successful programs we’ve implemented to grow the community are:

• Dedicated participation in mentorships (GitHub). We also set up our own mentorship program. We’re pushing for a new concept we call Maintainership, which focuses not on creating new projects but on mentoring people on how to become a maintainer and how complex and responsible a role it is.
• AsyncAPI Conference (conference.asyncapi.com) – rather than a single annual event that requires extensive travel, we hold multiple events and host smaller sessions at well-established conferences. This approach allows us to reach a larger, more diverse audience in different locations. I recommend you read in detail how from an online one-day event we scaled to most of the continents with multiple events a year so you can learn how such an approach can help you gain funding for the projects and friends that help to scale your community.
• Build a program that recognizes people who promote your project. Call it Ambassador, Champion, Hero, Jedi - whatever you like, just recognize these people and give them space. You will never be able to promote the project alone as much as in a group of various influencers. Our Ambassador program gathers people who talk about AsyncAPI at conferences, record videos, write articles - basically create publicly available content.

We also run other community programs.

What are the main challenges you face as a maintainer

Financial sustainability. You can sponsor me of course or hire my services to fix that.

What are some ways contributors can better support maintainers

• Read the contributor guidelines :)
• Be proactive: research first and ask thoughtful questions.
• Remember: your new feature might be great and solve your use case, but ultimately I will be the one to maintain it. Writing code is easy; maintaining it is much harder. Keep this in mind when you urge maintainers to merge something and avoid putting yourself in a privileged position, expecting only gratitude instead of healthy skepticism.

Honestly, if every contributor at least followed the first bullet point, the world would be a better place! :)

What are some of the key security practices you’ve implemented in your project

I highly rely on external services that are free for Open Source and verify overall security of the project and check changes per pull request.

I’m mainly focusing on making sure our secrets do not leak, and that we use GitHub Actions in a secure way.

Much more could be done though.

What do you think are the biggest security challenges facing Open Source today

The biggest challenge is that users of Open Source software expect maintainers, who aren’t paid for their work, to be fully responsible for producing secure software.

Personally, I’m also concerned about the threat posed by potentially malicious maintainers.

What’s the impact of AI on Open Source development?

Too many contributors use it incorrectly and end up spamming projects. But for me, as an experienced maintainer who can verify AI-generated output, it speeds up my work.

Does this speedup balance out the AI spam? Does it mean nothing has changed? I have no idea. :)