Monday, December 18, 2023 - 10:58
  • Share this article:

At a Glance:

Can you tell me a bit about your background in open source?

Probably my first interaction with open source was with Slackware Linux over 25 years ago. It was one of the first distributions, and I had to load it onto the machine from floppy disks, to give you some idea. When I first started at IBM, I was using Linux while most of my colleagues were using Windows or OS/2, so I’ve had an interest in the open source way of doing things for a long time. And Linux was one of the things that made me believe open source could work in commercial environments and in the industry as a whole.

How did you first get involved with the Eclipse Foundation?

I started my career working at IBM, but during the pandemic I ended up getting transitioned over to Red Hat. There, I got involved with the AdoptOpenJDK project. When that project moved to the Eclipse Foundation and rebranded in 2021, I essentially became a committer by default. Of course, IBM has close ties with the Eclipse Foundation, so I was already familiar with it.

My focus these days is mainly on Adoptium and the Eclipse Temurin project, which is underneath Adoptium and responsible for producing binaries based on the upstream OpenJDK project.

What has that experience been like?

The project is a really remarkable thing to be involved with. It’s massively popular in the industry and is one of the largest distributions out there. I think it was a very good thing that the project came under the Eclipse Foundation umbrella: it gives us more recognition and good standing in the community, and the governance aspect, which gives us access to the knowledge of the Eclipse Foundation team, has been great as well.

Being a committer is also a rewarding experience. Helping bring people into the larger community, getting them more involved in the project, and mentoring them through that process is very satisfying. In our case, Temurin is quite complex and a little unique, in that we take source code from the upstream OpenJDK project, then we build out that largely unmodified source code and distribute it on different platforms. In addition to the infrastructure from multiple cloud providers which we have for building, we also maintain systems for running our extensive AQAvit test suite, which is another project under Adoptium.

Any advice for someone considering getting more involved with open source?

I think it’s a matter of finding which parts of the project you’re interested in. It’s particularly helpful if you can point out a problem you’ve experienced in an issue. This can be anything: maybe there’s something about the project website you don’t like or hasn’t worked for you. But if you’re able to get up to speed on the code you can start making your own contributions.

Other vendors can use our build and test scripts to create their own OpenJDK distributions from their repository using our automation, and that is useful for the community too. One of the things we’ve been working on at the Eclipse Temurin build project is making sure the build process is fully reproducible. The info is available in our playbooks to build a binary identical JDK to what we distribute. That’s quite an interesting way to learn about the processes involved in Temurin and practice running through them. That’s been a great piece of work my colleagues have put together.

The experience is quite worth it. The opportunities you get for cross-contact with people you might otherwise never bump into are fantastic. And it’s quite rewarding to be able to work on a project like Temurin, which is so widely used. You feel that your work has a real impact.

What are your goals and next steps as a committer?

The Eclipse Temurin project is quite close to having Level 3 compliance in the SLSA build track, so that's a big deal. We’ve been working closely with Mikaël Barbero and the Eclipse security team on this, as well as the infrastructure team, and their knowledge and experience has been very helpful.

So, I’m working towards getting that done. We want to be a bit of a poster child for other Eclipse projects to show that it can be done and how to go about it. To that end, we’re hoping to go to conferences and talk about what we’re doing in supply chain security, because it’s a hot topic in the industry right now. And if we can use that experience to help other projects achieve compliance, that’s something I’d like to work towards for the next few years.