How to participate
The QMSTR development process is open to everybody to participate and contribute. The QMSTR community aims at a maximum of openness, transparency and accountability, and at minimizing barriers for newcomers. There are three pillars to the work of the community:
- An open development process: Development is organized into quarterly milestones made up of bi-weekly sprints. Requirements are collaboratively developed. The QMSTR community offers mentoring opportunities for newcomer users and potential contributors. All parts of QMSTR are free and open source software.
- Open governance: QMSTR is hosted at the Linux Foundation ACT project, providing a neutral, non-discriminating collaboration platform.
- An open funding process: The QMSTR community transparently separates between collaborative development and adjacent business interests. Commercial participation is encouraged, provided that there is clarity of stakeholder goals and a commitment to developing all parts of the compliance toolchain under a free and open source license.
An open development process
QMSTR development is organized around quarterly milestones made up of five to six bi-weekly sprints. Every milestone begins with a requirements development workshop and ends with a release. There are three milestone releases each year, as the community takes a summer break. The QMSTR community collaborates on GitHub using the usual pull request based development model.
Each milestone period opens with a public requirements workshop that usually lasts one day. These workshops are commonly organized at the Endocode office in Berlin or co-located with major open source conferences. The key goals for every milestone release are developed at these workshops. The workshops are also an opportunity to provide feedback from production deployments, which helps to develop the toolchain for production-ready uses or bigger conceptual changes. Subscribe to the QMSTR newsletter or follow the @fosscompliance Twitter account for announcements.
The QMSTR community offers mentoring for both future contributors to the toolchain as well as operations newcomers. Mentorships are coordinated using the CommunityBridge platform provided by the Linux Foundation.
All code that the QMSTR community develops is released as free and open source software. While third parties are encouraged to develop modules and extensions for QMSTR under various business models, the toolchain developed by the QMSTR community and the data modeled in the QMSTR knowledge graph are always released under free licenses. This approach supports the goal of creating an industry standard for open source compliance tooling. It also contrasts with commercial products that may release some code as open source, but accumulate appropriated open source compliance information and sell it back to the wider open source community.
With the launch of the Automation in Compliance Tooling (ACT) project, QMSTR will incubate under this neutral umbrella. Besides contributing to QMSTR as a developer, ACT offers opportunities for other stakeholders to engage with the project, participate in the steering committees and coordinate development jointly with other compliance tooling related projects.
An open funding process
Many businesses need open source compliance tooling and are willing to contribute to its development either with code or with funding. The recommended way to support QMSTR with funding is to join the Linux Foundation ACT project.
Multiple parties support or have supported the development of QMSTR, including Siemens and Google. Major support for the project is provided by the European Commission in the form of a grant to the FASTEN Project.
Stakeholders interested in funding QMSTR are requested to clearly separate their business interest from the development of the open source compliance toolchain, to commit to all of the QMSTR toolchain being open source, and to be transparent about their business goals. The QMSTR community supports this by delineating the open source compliance toolchain from complementary product or service offerings.