ChrisNeff/os-corp-dev-practices.md

## os-corp-dev-practices.md

      
    Raw
  

              os-corp-dev-practices.md
            
          
Aspect
Open Source
Enterprise


Governance
Maintainers, community consensus, meritocracy-based influence
Empowered teams, lightweight oversight, guardrails over gates


Code Review
Public PRs, async reviews from global contributors, emphasis on transparency
Small PRs, fast feedback loops, pair/mob programming as alternative


Documentation
README-driven, contributor guides essential, public wikis
Living documentation, lightweight ADRs, docs as code


Branching Strategy
Fork-and-PR model, contributors work in personal forks
Trunk-based development, short-lived feature branches (< 1 day)


Communication
Public channels (GitHub issues, Discord, mailing lists)
Co-located teams (in space /and or time), minimal ceremony


Release Cadence
Varies widely, often semver-based, maintainer-driven
Continuous delivery, deploy on merge, feature flags for controlled rollout


Testing
CI on PRs, community-contributed tests, public test results
Shift-left, developer-owned quality, automated testing in pipeline


Security
Public vulnerability disclosure, CVEs, security.md files
DevSecOps, automated scanning in pipeline, security as code


Licensing
OSI-approved licenses (MIT, Apache, GPL), CLA/DCO for contributions
Automated license scanning in CI, pre-approved dependency list


Onboarding
CONTRIBUTING.md, good first issues, self-serve
Self-serve environments, infrastructure as code, fast path to production


Decision Making
RFCs, public discussion, lazy consensus
Team-level autonomy, lightweight RFCs, async architectural decisions


Issue Tracking
Public backlog, community triage, labels for discoverability
Small batches, limit WIP, prioritized by flow metrics


Dependencies
Community-vetted, broad ecosystem choices
Automated vulnerability scanning, inner source for shared components
Aspect	Open Source	Enterprise
Governance	Maintainers, community consensus, meritocracy-based influence	Empowered teams, lightweight oversight, guardrails over gates
Code Review	Public PRs, async reviews from global contributors, emphasis on transparency	Small PRs, fast feedback loops, pair/mob programming as alternative
Documentation	README-driven, contributor guides essential, public wikis	Living documentation, lightweight ADRs, docs as code
Branching Strategy	Fork-and-PR model, contributors work in personal forks	Trunk-based development, short-lived feature branches (< 1 day)
Communication	Public channels (GitHub issues, Discord, mailing lists)	Co-located teams (in space /and or time), minimal ceremony
Release Cadence	Varies widely, often semver-based, maintainer-driven	Continuous delivery, deploy on merge, feature flags for controlled rollout
Testing	CI on PRs, community-contributed tests, public test results	Shift-left, developer-owned quality, automated testing in pipeline
Security	Public vulnerability disclosure, CVEs, security.md files	DevSecOps, automated scanning in pipeline, security as code
Licensing	OSI-approved licenses (MIT, Apache, GPL), CLA/DCO for contributions	Automated license scanning in CI, pre-approved dependency list
Onboarding	CONTRIBUTING.md, good first issues, self-serve	Self-serve environments, infrastructure as code, fast path to production
Decision Making	RFCs, public discussion, lazy consensus	Team-level autonomy, lightweight RFCs, async architectural decisions
Issue Tracking	Public backlog, community triage, labels for discoverability	Small batches, limit WIP, prioritized by flow metrics
Dependencies	Community-vetted, broad ecosystem choices	Automated vulnerability scanning, inner source for shared components
No results found