Editor's Note: We're celebrating February 3rd, the day the term "Open Source" was first coined, as World Open Source Day here at Sonatype by recognizing our incredible maintainers and contributors, and the open source projects they support. Read all about Jeffry Hesse's journey below.
What was the first open source contribution you ever made?
It's hard to remember, but the first meaningful ones I made where to Nexus Repository Manager, version 3. I helped create a lot of the formats that are open source, and some that made their way back into the product over time. The first where I felt super cool was adding Docker support to Google's Copybara, which made me feel neat because it was a Google repository, and contributing to something so large had me feeling great.
Personally, I've contributed to a social justice project for years, and that has been incredibly meaningful watching it touch the lives of others. Working on projects that actually help people out, that probably tops the top for things that feel great.
What was your journey to becoming an open source maintainer?
I've tinkered with code ever since I was a child, age 10 or something. I never really wrote code as a day to day thing though until I came to Sonatype. Seeing Brian and others and the mark they had made working on Maven, Nexus Repository, etc… was inspiring, and pushed me towards doing more of my work out in the open.
Nowadays, I'm the maintainer of a large amount of repositories, the most meaningful either being Nancy (Golang security tool that was created by Ken Duck at Sonatype), or the CycloneDX work on SBOMs. Most generally, I got to most of these places accidentally, just trying to help out on the project, and then getting more responsibility as time went on.
What do you wish people understood about being a good contributor?
DON'T BE AN ASSHOLE. The world is large and full of so many different types of people. If someone wants to help out, even if their feedback is negative (to you, perhaps), you can be kind and inclusive of everyone. If I'm not functioning as a kind person, it really drags me down, and I think others. Be mindful of your interactions, and try to end every day knowing you spread love and light.
What non-code contributions are worth contributing?
TONS. Open Source projects in general lack a lot of legal help, and if lawyers can find a way to interact, that would probably help us all out. This is top of mind since it came up recently on some CycloneDX stuff. We are but mere developers, not lawyers. We could use your help!
What is one thing you wish you'd known before you started contributing to an open source?
While Open Source is fun, it can also just be a work-life drag. It can be difficult to figure out the right balance between not doing something during traditional work hours, and staying up till midnight because you feel passionate about a project.
Open source is both a philosophy and a legal framework. Does the "spirit" of open source impact the way you code with your contributing community?
Hard to say. I think in Open Source and in regular internal things, you run into some of the same issues. I don't notice too many differences in how I code, but perhaps it's led me to being pretty open minded about things that are worth trying, and that can have a bit of a rub with others who aren't working from the same headspace. Contributing to Open Source is freeing in ways, so if anything there's a difference in how I can introduce ideas or concepts with teams or people who are more locked in to how they approach things, either due to institutional rigor, or other constraints. It's something I think I'll always struggle with.
Who's helped you on your open source journey?
Joe Stephens, Frederick Milens, Dan Rollo, Jason Dillon, AJ Brown, Kelly Robinson, and anyone else who treated me like a human and helped me along my path towards learning how to code, and doing it in pseudo responsible ways (I say pseudo because some of these people might still go WTF JEFFRY WHY YOU DO THAT).
Written by Sal Kimmich
Sal is a developer advocate for open source at Sonatype and passionate about helping engineers, ethical hackers and digital enthusiasts understand the complexity of modern software development. With over a decade of experience as a machine learning engineer in the healthcare and tech for good sectors, their work is now focused on filling the cracks in the open source software supply chain to build a better digital future for all of us.