►
From YouTube: Keynote - GitHub Satellite 2019
Description
See the latest from GitHub Satellite with presentations by Nat Friedman, Shanku Niyogi, Dana Lawson & Devon Zuegel, including the debut of GitHub Sponsors, as well as special guest appearances.
For more on the announcements, check our blog:
https://github.blog/2019-05-23-building-an-interconnected-community-together/
About GitHub Satellite 2019
A community connected by code
Explore our interconnected community—and how collaboration turns ideas into innovations.
Join us in November at San Francisco's Palace of Fine Arts for GitHub Universe - https://githubuniverse.com/
A
A
This
is
a
really
exciting
time
for
us
to
be
at
github.
More
people
are
joining
github
every
day
than
ever
before,
and
so
the
audience
here
today
represents
the
more
than
36
million
developers
who
called
github
home.
Now
today
we
have
a
lot
of
great
blockchain
and
I'm
just
kidding,
there's
no
blockchain
announcements.
A
What's
really
at
the
heart
of
github,
which
is
the
open
source
community
every
day
developers
around
the
world
make
millions
of
contributions
to
open-source
projects
on
github,
and
we
thought
it
would
be
interesting
and
fun
to
take
our
data
set
of
that
contribution
stream
and
actually
visualize
it
on
a
globe
and
that's
what
this
is.
Every
little
ray
of
light
that
you
see
coming
out
of
the
earth
and
going
into
space
represents
one
contribution
to
an
open-source
project
from
someone
somewhere
on
earth
and
I,
just
I
think
it's
so
cool.
This
is
real
data.
A
It's
over
a
hundred
million
contributions
over
30
days
being
visualized
here
and
one
of
the
things
that
immediately
stands
out
for
you
when
you
look
at
this
is
how
global
our
community
is
right.
More
than
80%
of
the
contributions
that
occur
to
open-source
come
from
outside
the
US.
So
in
a
way,
if
your
company,
your
team,
is
using
open-source
code,
you've
already
embraced,
promote
work
now
the
chances
are.
A
You
have
already
started
to
use
open
source
code
because
nearly
every
software
project
on
earth
today
has
open
source
dependencies,
so,
whether
you're
working
at
a
large
company
or
a
start-up,
whether
you're,
a
scientist
or
student,
you
rely
every
day
on
open
source
code
and
you
rely
on
the
people
who
create
it
right.
Every
line
of
code
that
you
write,
builds
on
the
work
of
thousands
of
others,
and
you
can
think
about
it.
A
This
way,
when
you
import
an
open
source
library
into
your
code,
you're,
not
just
adding
code
to
your
project,
you
are
effectively
adding
a
team
of
developers
to
your
extended
team,
you're,
actually,
almost
giving
them
commit
access
to
your
code
that
you
then
put
in
production.
Then
you
also
get
to
benefit
from
the
work
they're
doing
every
day
to
improve
their
packages.
A
So
this
is
the
reality
of
building
on
open-source,
and
if
anyone
wants
to
make
an
editor
extension
that
does
this
I
think
that
would
be
really
cool
but
but
still
in
our
heads,
we
have
this
stereotype
of
the
solitary
developer
right.
When
we
think
about
the
act
of
writing
code,
we
often
think
about
a
developer
alone
in
a
dark
room,
writes
just
them
in
the
computer
writing
code
and
you
sort
of
slip
pizza
under
the
door,
and
it
gets
converted
into
code
and
uploaded
to
the
cloud.
A
This
is
the
first
ever
picture
of
a
black
hole.
It
was
published
just
last
month
in
more
than
four
and
a
half
billion
people
around
the
world
have
seen
this
image,
it's
very
famous,
and
it
is
a
huge
landmark
achievement
right.
Scientists
have
theorized
about
black
holes
for
decades,
but
this
is
the
first
time
we've
ever
actually
seen
one,
and
this
one
is
at
the
center
of
a
galaxy
called
m87,
which
is
really
far
away.
A
It's
55
million
light-years
away
from
us
here
in
Berlin
today,
in
the
scientists
who
created
this
picture,
used
a
global
network
of
telescopes
to
generate
a
huge
amount
of
data
which
they
then
composed
into
this
image.
They
spent
years
processing
that
data
to
get
this
image,
and
this
is
the
moment
of
truth
right.
This
is
dr.
Cady
Bauman,
one
of
the
lead
developers
and
scientists
on
the
project
and
one
of
my
personal
heroes,
and
this
has
become
an
iconic
photo
of
this
landmark
human
achievement.
A
I
personally
I
love
this
photo
because,
as
developers,
we
can
all
identify
with
this
feeling
right.
It's
like
it's
that
moment
when
your
code
finally
just
works.
You
know
when
all
your
tests
pass
when
all
your
hard
work
kind
of
comes
together,
it's
a
you
look
at
it
and
you
feel
that
same
feeling,
yourself
and-
and
it
also
makes
you
wonder
to
to
look
at
this
picture
right
like
what
did
it
take
to
get
to
this
point?
What
was
involved?
A
What
was
the
math
and
the
science
and
the
algorithms
that
were
involved
in
getting
here
and
then
like?
What's
going
on
on
that
chalkboard
in
the
background
there's
a
triangle
there,
I
have
so
many
questions
when
I
look
at
this,
and
so
here
to
answer
those
questions.
Please
welcome
via
satellite
from
Boston
Massachusetts,
dr.
Katie,
Baumann
Katie.
A
A
B
Of
course,
so,
taking
the
first
image
of
a
black
hole
was
a
huge
endeavor
and
took
many
people
years
of
hard
work
in
order
to
build
the
computational
telescope.
That
made
it
possible
to
see
the
unseeable,
because
the
black
hole
we
looked
at
is
so
far
away
from
us.
It's
55
million
light
years
away.
It
appears
incredibly
small
in
the
sky,
so
it's
about
the
same
size
to
us
as
a
grain
of
sand
would
appear
in
Los
Angeles
when
standing
in
New
York
and
because
it
is
so
small.
A
That's
awesome
thanks
for
it's
so
wonderful
to
hear
that
from
you
directly
now,
I
have
to
say
this
picture
of
you
has
become
so
famous
and
I.
Think
part
of
the
reason
is
the
obvious
sense
of
delight
and
that
kind
of
feeling
of
Eureka.
You
know
that
you
have
in
that
moment
and
that
every
developer
knows
a
little
bit.
What
do
you
remember
about
that
moment?.
B
Yeah
definitely
so.
This
was
really
an
amazing
day.
It
was
a
hot
day
in
June.
The
data
had
just
finally
been
released
to
us
for
imaging
and
our
collaboration
decided
actually
to
split
ourselves
into
four
teams
by
splitting
ourselves
into
teams
and
having
each
team
independently
make
an
image.
We
avoided
a
shared
human
bias
in
our
results.
So
anyway,
when
the
data
was
released
to
us,
some
of
the
members
of
the
team
I
was
on
team,
one
ran
into
a
small
room
and
we
got
ready
to
make
an
image.
B
So
we
all
had
imaging
scripts
that
we
had
each
developed
on
our
computers
and
we
decided
to
press
go
on
the
stay
at
the
same
time
on
all
of
them,
and
so
it
was
really
amazing.
Seeing
the
picture
just
start
to
appear
on
our
screens,
and
this
picture
was
taken
as
that
was
happening
and
I
was
just
flipping
between
awed
disbelief,
excitement
and
also
just
praying.
B
A
B
B
Andrew
my
collaborator,
so
unlike
the
m87
black
hole
image,
which
was
truly
a
collaborative
effort,
Andrew
can
claim
sole
credit
for
snapping
this
picture
of
me
as
he
sat
next
at
next
to
me,
making
a
picture
of
his
own
and
similarly,
similarly,
on
the
other
side
of
the
table,
where
a
number
of
other
team
members
and
many
others
in
rooms
around
the
world,
we're
doing
the
exact
same
thing.
A
lot.
A
A
It
is
so
awesome
to
have
the
core
team
that
worked
on
the
software
behind
this
black
hole
image
here
today.
I
can't
tell
how
much
we're
all
nerding
out
over
having
you
on
stage.
Why
don't
we
go
down
the
line
and
have
you
each
introduce
yourselves
and
just
say
a
couple
words
about
what
you
worked
on
so.
F
H
A
E
What
we
recorded
the
telescope's
is
actually
mostly
noise,
so
the
calibration
process,
basically,
is
the
process
of
combining
all
the
data
and
taking
out
the
very
weak
signal
in
the
recordings
and
strengthening
the
signal,
modeling
the
instrument
and
atmosphere
to
be
able
to
average
down
from
petabytes
of
data
to
all
the
very
nice
megabytes
of
strong
signal
data
that
then
get
passed
down
to
analysis.
That's.
A
C
A
F
A
That's
awesome
now
this
team
is
actually
gonna,
be
here
all
day
and
they're,
going
to
give
a
talk
at
5:20
today
on
this
stage,
going
into
a
lot
more
detail
about
the
project
and
all
the
details
of
everything
they
did.
Thank
you
all
very
much
for
being
here
and
Katie.
Thank
you
again
for
dialing
in
from
Boston.
B
A
Thanks,
it's
just
so
cool
to
have
that
team
here,
I've
been
like
handling
them
constantly.
So
now,
as
both
Katie
and
CK
mentioned,
the
team
actually
used
a
lot
of
Python
code
and
they
made
use
of
a
lot
of
open-source
Python
libraries
and
the
work
that
they
did
and
their
code
is
all
public.
So
we
can
actually
go
to
the
repo
and
look
at
it
and
we
can
also
look
at
their
dependency
graph.
And
here
it
is,
you
can
see.
A
They've
got
quite
a
few
different
dependencies
in
the
graph
and,
in
fact,
all
together
in
the
complete
set
of
transitive
dependencies
that
made
up
these
Python
scripts
there's
over
a
hundred
different
open-source
Python
packages,
and
some
of
these
are
probably
used
pretty
heavily.
Some
used
a
little
less
oh,
but
it's
a
really
interesting
list
to
kind
of
look
through
and
as
we
were
scanning
through
this
out
of
curiosity,
we
started
to
wonder
how
many
people
did
it
take
to
build
all
of
this
right.
A
A
A
We
are
so
lucky
to
have
with
us
today
maintain
errs
and
core
contributors
to
numpy
matplotlib,
sigh
hi,
Astro
pie,
panda's,
Python,
dynasty
scythe
on
Kiwi,
solver
and
many
other
packages.
These
people
represents
the
21,000
who
were
part
of
this
extended
team
that
made
this
work
possible.
We're
so
proud
to
have
you
all
here.
Thank
you
each
for
your
contributions
to
human
progress.
Let's
give
them
a
big
hand
again
thanks.
Everybody.
A
Thank
you
all
okay,
so
the
image
that
needed
a
planet-sized
telescope
also
really
did
truly
require
a
planet-sized
team
to
build
it
and,
by
the
way
at
least
one
of
the
people
who's
here
when
we
called
them
up
and
invited
them
to
come,
did
not
know
that
their
work
had
contributed
to
the
black
hole
image
and
was
very
moved
by
that
and
I
thought
that
was
really
cool.
It's
sort
of
the
magic
of
open
source.
A
Now,
as
Katie
said,
this
is
when
you
look
at
the
team,
that's
working
directly
on
a
codebase
in
a
way
you're
looking
at
the
tip
of
the
iceberg
right.
This
isn't
just
the
story
of
this
one
software
project.
This
is
the
story
of
all
software
projects
today
that
use
open
source,
so
the
tip
of
the
iceberg
goes.
Direct
contributors
are
the
ones
who
are
building
your
code,
but
below
the
waterline
are
the
developers
who
are
contributing
to
your
dependencies
and
we've
been
using
the
phrase
community
contributors
to
refer
to
these
people.
A
They're,
like
the
people
who
are
here
in
the
audience
today,
and
one
of
the
things
you
might
be
thinking
is
well.
Okay.
This
event
horizon
team:
they
wrote
their
code
in
Python,
they
used
a
lot
of
high-level
astronomy,
libraries,
maybe
they're
an
outlier
right.
Maybe
this
twenty
one
thousand
number
is
a
typically
high
and
we
were
curious
about
that
too.
A
So
we
decided
to
sample
a
thousand
of
the
most
popular
repos
on
github,
including
repos,
like
WordPress
and
rails
and
tensorflow
and
others,
and
we
ran
the
query
and
we
averaged
it
all
together,
and
we
discovered
that
on
average,
these
thousand
projects
had
more
than
74,000
contributors.
It's
amazing.
A
This
is
the
actual
size
of
our
teams
right
think
about
it
for
a
second.
This
is
more
software
engineers
than
work
at
Google
or
Apple
or
Microsoft.
It's
actually
more
people
than
there
are
in
the
entire
employee
base
of
90%
of
the
fortune
500,
and
for
a
couple
of
you
out
there.
This
is
more
people
than
the
population
of
Burning
Man.
So
it's
a
pretty
big
group
and
it's
a
testament
to
how
software
development
works.
A
Today
right
it
takes
a
community
to
write
code
so
to
make
this
interconnected
community
and
the
reality
of
this
more
concrete
for
each
of
us
in
our
everyday
work.
We're
introducing
two
new
features
to
github
today:
community
contributors
and
dependent
repositories.
So
today,
if
you
go
to
a
repo
like
this
is
numpy,
you
can
see
that
we
actually
call
out
how
many
contributors
that
repo
has
today
well
we're
adding
a
hovercard.
A
So
when
you
bring
your
mouse
up,
you
can
see
the
total
number
of
community
contributors
you
can
see
who
they
are
browse
them
and
get
to
know
your
extended
team.
It's
pretty
cool,
then
we're
adding
a
new
signal
for
you
to
understand
a
repost
popularity.
So,
right
now,
when
you
look
at
a
repo,
you
can
see
how
many
Forks
it
has
how
many
stars
it
has.
Many
people
are
watching
it
today
now
when
we're
adding
used
by.
A
So
you
can
see
how
many
other
projects
on
github
make
use
of
the
dependencies
of
the
packages
that
are
in
that
repo.
We
hope
this
is
a
useful
signal
of
a
repost
popularity
that
can
help
you
make
better
choices
and
for
you,
as
a
maintainer,
it's
pretty
cool.
You
can
see
how
many
people
are
using
your
stuff.
A
You
can
even
click
on
it
and
see
exactly
who
those
users
are
and
what's
repos
you've
joined
in
the
last
week
or
so
we
screen
shot
at
numpy
a
week
ago
and
it
went
up
by
about
a
thousand
users
in
the
week,
so
that
was
pretty
cool.
So
I'm
personally
really
excited
about
these
two
little
features
they're
rolling
out
today.
A
You
we're
here
to
serve
the
developers
and
the
companies
who
count
on
github
every
day
and
we've
been
spending
a
lot
of
time,
the
last
six
months
in
conversations
with
developers,
maintainer
x'
and
our
customers,
and
using
your
input
to
shape
our
roadmap,
and
so
today
the
new
features
that
we're
going
to
show.
You
are
based
on
the
things
that
you've
told
us
that
you
want
and
we're
gonna
start
with
security.
So
to
tell
you
more
about
that,
please
welcome
github,
head
of
product
shanku
new
yogi
shanku.
A
I
It
is
amazing
to
think
of
what
the
interconnected
community
can
do
for
software
development
right,
like
think
about
strangers
from
across
the
world,
coming
together,
collaborating
and
building
amazing
things
and
even
creating
human
progress
right.
That's
so
powerful
with
that
power,
there's
also
a
need
for
responsibility.
We've
got
to
build
software
that
is
secure
and
trustworthy,
because
the
strength
of
this
community
is
built
on
trust
right.
We
have
to
trust
each
other
and
the
software
that
we're
building
is
for
a
purpose.
I
It's
for
our
users
right
and
our
users
need
to
be
able
to
trust
that
software
and
trust
us.
So
the
challenge
of
open
source
security
and
Trust
isn't
some
abstract
thing.
It's
something
that
we
all
need
to
take
apart
in
and
for
sure
there
are
challenges.
Let
me
tell
you
a
story.
This
is
the
story
of
something
called
event
stream
event.
Stream
is
a
node
module.
I
It's
used
in
tens
of
thousands
of
projects,
including
in
a
lot
of
enterprises
and
event
stream
is
maintained
by
one
developer
and
an
amazing
developer,
who
builds
a
lot
of
other
popular
software
projects,
and
one
day
he
got
approached
by
another
developer,
who
offered
to
make
event
stream
better
and
of
course,
he
accepted
that
offer
right.
It's
what
you
do
in
this
open
source
community.
I
When
people
want
to
help
you,
you
trust
them,
but
this
person
was
a
malicious
actor
and
what
they
did
was
they
put
a
vulnerability
into
event
stream
and
they
got
it
published
and
they
did
it
actually
very
cleverly.
They
put
it
in
a
dependency
and
made
it
very
hard
to
detect
and
it
took
almost
a
month
for
that
issue
to
be
found,
and
in
that
time
the
package
got
downloaded
millions
of
times.
This
could
have
been
a
disaster,
except
that
they
decided
to
do
a
very
specific
attack.
I
They
didn't
attack
everyone,
they
attacked
one
app
that
was
using
event
stream.
It
was
a
Bitcoin
wallet,
app
called
copay
and
sure
enough.
Copay
picked
up
that
package.
They
ended
up
having
to
deal
with
their
users
and
send
them
warnings,
but
it
could
have
been
a
lot
worse.
All
right
and
these
kinds
of
challenges
are
gonna
happen
and
and
not
just
because
there
are
malicious
actors
out
there,
but
because
of
us
because
we're
humans
right
humans
make
mistakes
and
when
those
lead
to
vulnerability
issues,
we
need
to
deal
with
them.
I
So
we
can
all
use
better
tools
to
help
us
do
that
now,
github.
We
believe
that
the
power
of
that
interconnected
community
that
helps
you
build
software
also
helps
you
build
more
secure
software.
If
you
think
about
all
the
people
involved
in
this
right
and
keeping
stuff
secure,
you've
got
researchers
who
are
finding
issues
maintain
errs,
who
are
having
to
go
fix
them
developers
who
are
having
to
stay
on
top
of
their
dependencies
and
make
pick
up
those
changes,
and
then
security
teams
or
we're
kind
of
keeping
an
eye
on
it.
All.
I
We
need
to
help
everyone
collaborate
better,
so
we
can
be
more
secure
and
I
want
to
share
today.
Some
of
the
tools
that
github
is
providing
to
help
do
that.
So,
let's
start
with
developers
and
administrators
now
in
November
2017,
we
release
something
called
security,
vulnerability
alerts
for
github,
with
this
github
now
actually
scans.
All
of
your
dependencies
and
continuously
compares
them
against
vulnerability
data
and
sends
you
an
alert
whenever
you've
got
a
vulnerable
dependency
because
we're
github,
we
can
do
this
on
a
planet
stay.
I
So
with
this,
even
if
you're
doing
local
development
insert
on
your
server,
you
can
connect
to
github
and
you
can
get
the
same
alerts
to
help.
Keep
your
code
secure.
I'm,
also
excited
to
announce
today
that
we're
partnering
with
white
source
and
white
source
is
an
industry
leader
in
vulnerability
data.
They
collect
vulnerability,
data
from
lots
of
different
places
and
thanks
to
white
source.
We
are
now
making
that
vulnerability
data
available
through
alerts
in
github,
so
we're
very
excited
about
that
partnership.
I
Now
alerts
are
great,
but
what,
if
you
want
to
keep
on
top
of
all
of
your
dependencies
right,
github
dependency
insights
helps
you
do
that
think
of
github
dependency
insights
as
a
full
overview
of
all
of
your
dependencies.
So
you
can
go
and
understand
each
dependency.
You
can
go
look
at
what's
changed
there,
who's
working
on
it.
I
Now
let's
go
ahead
and
look
at
how
bugs
get
found
and
fixed.
Now
at
github,
we've
got
a
dedicated
team
that
works
on
security
issues,
amazing
team,
but
if
you've
got
an
open
source
project
write
for
a
maintainer.
This
is
a
hard
problem
right,
because
if
a
security
issue
comes
in
from
somewhere
all
of
a
sudden,
this
interconnected
community
becomes
a
very
dark
place
right.
You've
got
to
go
race
against
time
to
go,
investigate
the
issue
figure
out
what
happened?
I
You've
got
to
go
figure
out
a
patch,
get
that
patch
built
and
tested
get
it
out.
There
issue
an
advisory
and
all
the
time
you're
hoping
that
you
don't
show
up
on
Hacker
News
right
right:
it's
not
not
fun.
Is
it
fun?
No,
so
what
you
need
is
better
tools
to
do
that
and
today
we're
announcing
a
tool
set
of
tools
to
help
you
so
first,
how
does
a
security
researcher
find
you
well
in
the
industry?
There's
a
convention
for
this.
Every
big
project
has
it:
it's
called
the
security
policy.
I
It
helps
researchers
understand
how
to
disclose
bugs
responsibly
to
you.
Now
you
can
have
a
security
policy
too,
because
we're
building
that
into
github.
So
with
github
security
policy.
You
can
now
author,
a
security
policy
for
your
project
or
you
can
author
it
for
your
entire
org
and
it
will
automatically
cascade
down
to
every
repo
and
now
researchers
know
how
to
work
with
you.
I
That's
an
important
first
step
now
once
you've
got
that
what
happens
when
an
issue
comes
in
right,
like
what
you'd
like
to
do
is
you'd
like
to
go
to
a
nice
place
with
the
people,
you
trust
in
a
private
environment
and
be
able
to
investigate
that
issue,
and
you
can
now
do
that
with
something
called
maintainer
security
advisories.
Let's
take
a
look
at
how
it
works,
so
a
new
issue
comes
in
and
what
I
can
do
is
go
ahead
and
create
something
called
a
draft
Advisory.
I
This
is
something
new
and
github
that
we're
announcing
today
so
once
you've
done
that.
What
what
you
now
create
is
this
kind
of
entire
private
workspace,
where
you
can
work
on
the
problem,
so
you
can
invite
in
the
people.
You
trust,
maybe
that
security
researcher
that
file
the
issue
you
can
go
discuss.
You
can
go
investigate
in
a
the
private
space
when
you're
ready.
You
can
create
something
called
a
temporary
private
Fork.
I
This
is
a
completely
private
fork
of
your
code
that
is
available
only
to
the
people
that
you
invite,
and
now
you
can
work
with
them
on
a
security
issue.
You
can
build
and
test
the
patch
you'll
get
a
unique
get
URL,
so
you
can
use
it
with
your
get
tools
and
when
you're
ready,
you
can
go
ahead
and
merge
that
pull
request
back
into
your
code.
I
We
also
provide
a
set
of
tools
to
help
you
author,
that
advisory
and
submit
it
to
get
up,
and
when
you
do
that,
we'll
take
care
of
the
rest
for
you,
we
will
publish
that
advisory
and
voila
there's
a
published
advisory
ready
to
go.
So
what
we're
doing
with
this
set
of
tools
is
really
helping
build
security,
best
practices
in
open
source
and
that's
good
for
everyone
right.
I
So,
with
these
tools
and
working
together
with
our
great
security
vendors,
such
as
hacker
1,
we
want
to
build
these
kinds
of
security,
best
practices
directly
in
the
github.
Now
organizations
like
the
CNC
F
have
a
bunch
of
custom
security
tools
today
and
they're
going
to
be
switching
to
using
a
lot
of
our
github
tools
and
we're
going
to
be
working
with
them.
But
you
can
have
these
tools
too,
because
our
maintainer
security
tools
are
going
to
be
available
to
every
single
open-source
project
for
free.
I
So
now,
let's
get
to
the
hard
part
doing
those
patches
yeah.
Now
it
turns
out
the
industry.
Data
shows
that
more
than
70%
of
vulnerabilities
actually
remain
unpatched
for
three
months.
A
lot
of
them
go
over
a
year
and
you've
probably
seen
some
news
stories
about
this
right.
You
can
do
better
right,
so
we
went
looking
at
how
people
have
tried
to
solve
this
problem.
How
people
are
dealing
with
it?
I
What
we
actually
found
was
a
number
of
partners
in
our
ecosystem
have
tried
to
already
go
solve
this
problem,
and
one
of
them
is
dependable,
so
dependable
is
a
product
that
takes
a
great
approach
to
trying
addressing
this
problem
of
patching
vulnerabilities.
So,
to
tell
us
more
about
it,
I'd
like
to
invite
the
co-founder
of
dependable
gray
Baker
to
the
stage
great.
I
J
In
2004,
I
was
working
at
a
startup
and
one
of
my
Jobs
was
managing
our
dependencies.
We
were
payments
company,
so
we
really
cared
about
stability,
but
we
also
didn't
want
to
end
there
from
outdated
or
insecure
dependencies.
We
wanted
all
the
great
features
that
maintainer
czar
pushing
all
the
time
and
what
we
decided
was
that
the
best
approach
was
to
update
our
dependencies
little
and
often
so
we
always
knew
exactly
what
we
were
deploying.
They
were
always
just
small
changes.
J
The
problem
was
that
that
required
me
to
create
dozens
of
pull
requests
to
update
our
dependencies
every
single
week
and
they
were
beautiful,
pull
requests.
I
was
pulling
in
the
change
Lord
in
any
release,
notes
that
were
there,
but
it
was
tedious
manual,
work,
creating
them
and
that's
what
we
built
depend
a
lot
to
solve.
So
you
build
a
bot.
J
We
used
to
get
up
by
API
to
build
this
bot
and
it's
basically
like
having
me
on
your
team
of
the
hume
dependencies
for
you,
so
everyday
dependable
checks,
whether
or
not
you're
using
the
latest
version
of
everything
that
you
depend
on
and
if
you're
not,
then
it
opens
individual
pull.
Requests
to
update
you
I
think
we've
got
an
example,
pull
request
to
show.
J
So
in
that
pull
request,
you
can
see
it's
just
doing
a
very
small
update,
it's
a
patch
and
it's
pulled
in
the
change
log,
the
release
notes-
and
in
this
case,
because
it's
fixing
a
vulnerability
details
of
the
vulnerability
that's
being
fixed.
The
idea
is
to
make
that
pull
request,
there's
easy
to
merge
as
possible,
so.
I
J
Exactly
so,
if
you
were
maintainer
and
you
push
a
new
version,
then
pretty
soon
dependable
will
create
pull
requests
for
everybody.
That's
using
it
to
update
to
that
version,
and
we've
had
over
500,000
of
these
pull
requests
merged
just
in
the
last
year,
including
by
some
fantastic
customers
who
have
really
helped
us
along
the
way,
with
grateful
for
all
the
feedback
from
folks
of
webpack,
mastodons
and
many
others.
Wonderful.
I
J
J
I
So
this
interconnected
community,
we
have,
we
believe
that
using
that
power,
together
with
great
tools,
helps
us
write
more
secure
code,
be
able
to
use
other
people's
code
with
more
confidence
and
ultimately
build
applications,
our
users,
trust
and
today
we're
giving
you
a
set
of
tools
to
do
that,
and
we
want
to
we'll
continue
to
work
with
you.
Thank
you.
I
K
Danke
Shon
ku
I've
been
waiting
to
say
that
for
a
long
time,
how
do
y'all
what
a
privilege
it
is
to
be
here
today
in
beautiful,
Berlin
and
I,
don't
know
about
you,
but
this
face
is
just
absolutely
mind-blowing.
I've
never
been
at
a
conference
like
this,
so
as
you've
heard
from
NAT,
shanku
and
gray
that
the
world
of
open-source
is
truly
an
interconnected
community.
Not
only
does
it
take
a
global
team
to
create
your
favourite
open-source
technologies.
The
same
is
true
for
enterprise
products
and
companies
that
we've
come
to
know,
love
and
trust.
K
Did
you
know
that
enterprise
companies
are
the
largest
contributors
and
consumers
of
open-source,
and
we
are
so
proud
to
play
a
part
in
the
products
that
these
software
companies
make
with
over
2
million
organizations?
Trusting
github
as
well
as
over
half
of
the
Fortune
50
companies
use
github
Enterprise
for
their
internal
development.
K
I
love
that
these
companies
are
sharing
their
code
and
ideas,
but
the
downside
for
these
large-scale
organizations
that
it's
just
still
too
difficult
to
understand
how
they're
using
open-source
how
secure
they
are
in
addition
to
what
packages
and
products
they're
bringing
into
their
ecosystems
but,
more
importantly,
how
their
broader
teams
are
innovating
and
collaborating
here
at
github.
We
listened
and
I
am
so
pleased
to
announce
available
today.
K
So,
let's
dive
in
last
October,
we
introduced
a
limited
beta
for
enterprise,
account
feature
with
enterprise
accounts.
You
can
group
all
the
organization's
in
a
single
account,
making
it
easier
for
you
to
manage
the
needs
of
every
org
and
team
in
your
company,
but
just
with
enterprise
accounts.
We
also
wanted
to
make
it
easier
for
companies
to
share
their
code
across
the
organization
in
a
safe,
open
and
secure
way
before
you
only
had
two
choices:
private
and
public
repos,
and
today
we're
introducing
internal
repos,
I'm
sure
you're
like
what
our
internal
repos.
They
don't
make.
K
No
sense,
we
already
a
private
repos.
I,
know
right,
but
internal
repos
are
way
for
an
helping
Enterprise
company
state
interconnected,
because
software
development
is
truly
a
team
sport.
It
takes
designers,
tech
support
cells,
even
bosses
like
me
and
others
in
an
organization
to
build
these
products.
We
love
because
it's
not
just
about
developing
code,
it's
about
everything
that
we
do
to
make
it
wonderful.
So
now,
with
enterprise
and
eternal
repose,
you
can
broadly
share
your
projects
where
every
user
in
an
enterprise
account
can
participate.
K
K
So
we
created
enterprise
accounts
yeah,
it's
a
big
deal
yeah,
so
we
created
enterprise
accounts
to
easily
manner
your
org
and
internal
repos
to
inter
source
your
projects,
but
we
also
wanted
to
help
maintain
errs
because
it's
not
all
about
enterprise.
It's
really
about
y'all
and
enterprises
like
have
the
ability
to
give
the
right
access
at
the
right
time,
because,
like
I
said
it's
not
just
about
writing
code,
it's
about
everything
else
that
happens,
and
it's
just
equally
as
important.
K
Our
goal
is
to
enable
everyone
to
contribute,
no
matter
if
you're
new
to
open
source
or
you're
an
enterprise
company
with
nuance
needs.
So
we've
worked
to
overhaul
our
permission
model
to
introduce
new
roles
for
your
team,
the
triage
and
maintain
role.
The
triage
role
allows
users
the
ability
to
manage
issues
without
having
to
Rabb
write
access
to
your
code,
so
I
know
you
maintainer
ZAR
gonna
feel
pretty
good
about
that.
K
When
those
noobs
get
in
your
repo
and
you're
like
I,
don't
know
you
but
I
love
you,
but
you
can't
write
so
you're
welcome
the
maintained
role,
which
has
most
of
the
rights
of
admins
but
removes
the
ability
to
do
dangerous
thing
like
delete
repos,
because
believe
me,
you
don't
want
to
do
that.
Not
that
I
have,
but
maybe
I
okay
I
have,
but
whatever
you
don't
wanna.
K
Be
that
person
don't
be
me,
that's
that's
why
I
don't
you
know
anyway
now
that
we
have
all
these
tools
to
better
enable
your
enterprise
teams
to
ship,
smarter,
faster
and
more
secure?
We
also
wanted
to
give
them
the
ability
to
understand
how
they're,
using
their
development
work
explos
with
organization
insights.
You
can
now
understand
where
your
teams
are
spending
time
in
these
workflows,
what
languages
you're
using
and
what's
changing
over
time
in
your
company's
ecosystem,
and
this
is
just
the
beginning
with
org
insights.
K
K
L
Now
we
have
800
thousand
merchants
across
175
countries
and
we
have
several
offices
around
different
cities,
including
in
Berlin.
Now
trough
I
started
in
2006,
and
if
you
really
want
to
be
that
100-year
company,
we
need
to
invest
in
our
stack
and
a
big
part
of
our
stack
is
rails
rails
being
powered
by
Ruby.
We
actually
compete
contribute
to
its
ecosystem.
In
fact,
Toby
our
CEO
used
to
be
a
core
contributor.
Now
we
also
have
a
dedicated
rails
core
team,
with
contributors
and
as
much
as
possible.
L
M
Thanks
well,
I
mean
as
much
as
rails.
Development
at
the
core
of
our
business
Shopify
platform
is
actually
a
full
ecosystem
of
different
technologies.
I
mean,
as
the
company
grew,
our
needs
became
more
specific
and
we
needed
projects
that
would
properly
tailor
to
our
specific
needs
and,
after
all,
writing
code
is
part
of
the
fun
of
solving
problems.
M
Excluding
Forks
Shopify
has
over
200
open-source
repos
that
are
available
out
there
and
perhaps
most
important
interesting
story
of
an
open
source
is
boot
snap,
so
boot
Snap
is
a
library
that
plugs
into
Ruby
and
optimizes
and
caches
expensive
computations,
with
a
focus
on
reducing
the
boot
time
for
rails.
For
the
Shopify
core
platform,
it
was
able
to
slash
the
boot
time
in
for
dropping
from
25
seconds
to
Round
six
I
mean
open
source.
M
Two
years
ago
the
project
has
received
over
a
hundred
pull
requests,
and
now
it's
activated
by
defaults
in
rails,
5.2
powering
all
the
million
or
so
rails
website
out
there
I
mean
Shopify,
believes
an
open
doesn't
start
at
the
publication
of
a
project,
but
that
it's
much
bigger
than
open
source.
Internally,
we
have
a
deep
culture
of
the
transparency.
The
vast
majority
of
us,
a
communications,
are
happening
in
public
channels
and
in
the
vaults,
are
internal
wiki.
We're
able
to
facilitate
the
search,
I
call
all
of
our
shared
knowledge.
M
I
mean
internal
work
is
not
about
signing
NDA's
it's
about
people
working
together,
but
what
about
the
code?
I
mean?
Yes,
we
use
github
and,
with
very
few
exceptions,
all
developers,
designers,
content.
Creators
have
access
to
all
the
repositories.
Issues
in
project
groups,
teams
are
encouraged
to
create
repos
and
share
between
each
other.
Github
essentially
allows
us
to
bring
that
open-source
mentality
inside
Shopify,
with
zero
effort
in
projects
are
generally
started
by
individual
team
and
over
time
internal
communities
will
start
forming
and
around
technologies
and
sharing
their
struggles
and
their
solutions.
M
I
mean
organically
projects
become
Co
maintained
and
they
spread
throughout
the
company,
eventually
becoming
the
standard
and
recommended
by
default
on
our
valve
projects.
If
and
when
those
projects
be
are
made
public
those
same
communities
carry
on
and
become
the
stewards
that
are
public
facing
github
helped
us
carry
off
the
open
philosophy
throughout
that
development
cycle,
but
allowing
the
communities
to
flourish
that
much
tends
to
multiply
the
number
of
repositories.
Throughout
its
years.
Shopify
has
created
over
thousands
of
repository
and
having
so
many
repos
comes
with
some
complexity.
M
So
we
integrate
into
github
is
API
and
we
provide
tooling
for
local
development,
review,
testing
production
and
even
after
production,
carries
on
and
again
the
maintenance
and
that
feedback
loop
that
comes
back
well.
Whether
development
is
happening
within
a
team
across
team
or
out
of
the
public.
The
platform
remains
the
same.
That's
a
lot
of
investment,
but
connecting
our
teams
with
the
rest
of
the
world.
We
allow
the
crowdsourcing
of
that
maintenance
and
the
rest
of
the
development.
L
L
We
released
two
open-source
libraries
under
a
sister
getup
organization
called
active
merchants
and
the
goal
of
those
libraries
were
a
means
of
quickly
expanding
the
payments
accepted
by
our
merchants
in
new
markets
and
at
the
time
it
was
the
easiest
way
we
knew
of
for
expansion.
So
let
me
explain
a
bit
the
woodwork
is
partners
would
write
their
own
implementation
of
those
libraries.
Those
libraries
would
have
just
simple,
abstractions
they'd
open
up
a
PR,
we'd
review.
It
then
merge
it
back
and
that
would
save
us
from
writing
all
the
code,
then
we'd
simply
bump.
L
The
version
of
activemerchant
inside
of
our
platform
and
merchants
would
instantly
have
access
to
many
more
payment
aid
ways.
So
in
that
sense
we
ended
up
in
a
very
interesting
client
provider
relationship.
We
not
only
provided
the
platform,
but
we
provided
an
SDK
to
work
with
the
platform
and
this
beneficial
two-way
street,
of
collaboration
about
growth
not
only
for
shop
fire
but
for
payment
gateways
to
be
included
on
shop
fire
and
then
being
that
it's
open
source.
It
doesn't
stop
there
right.
L
We
also
have
a
co
maintainer
Spradley,
who
uses
the
libraries
in
production
as
well,
and
this
is
only
one
example
of
ours,
so
investing
an
open-source
means
different
things,
obviously
different
things
for
different
companies
of
different
stages,
but
if
done
correctly,
applying
the
open
principles
to
various
communities,
be
it
internal
or
external,
blurs
the
lines
and
makes
them
interconnected.
Having
an
open
mindset
is
beneficial
to
everyone.
Thank
you.
A
All
right,
Thank,
You,
Sebastian,
Christian,
Thank,
You,
Dana,
shanku
and
grey
we're
so
excited
to
have
the
Shopify
team
here
and
hear
from
them
that
it
really
is
possible.
You
really
can
build
the
team
on
this
open
by
default
type
of
practice,
so
we're
really
excited
in
that
now.
We're
coming
to
the
last
section
and
I'm
super
excited
to
talk
to
you
about.
A
What's
next
this
year,
we've
had
hundreds
of
conversations
with
maintain,
errs
and
open
source
contributors
and
I
actually
have
a
practice
that
I'm
really
loving
right
now,
which
is
I
personally
spend
a
couple
of
hours.
Every
Friday
having
video
calls
with
maintainer
zuv
big,
open
source
projects
and
small
open
source
projects.
A
Some
of
you
I've
talked
to
on
fridays
before
it's
become
one
of
the
favorite
parts
of
my
week
for
me,
and
it's
also
been
in
combination
with
everything
else,
we're
doing
a
really
great
way
for
us
to
learn
from
you
about
the
challenges
and
the
opportunities
that
you
have
in
the
open
source
world
and
how
github
can
serve
you
better.
And
so
we
have
some
pretty
exciting
news
to
unveil
today
and
to
tell
you
more,
please
welcome
Devin's
oogle
Devon.
I
N
Thanks
NAT
hi,
I'm,
Devin
and
I'm
the
product
manager
of
the
open
source
economy
team.
Here
at
github,
our
work
is
focused
on
maintainer,
x'
and
building
tools
for
the
open
source
community
to
thrive,
as
NAT
showed
earlier.
We're
all
connected
the
world
runs
on
open
source.
None
of
it
would
be
possible
without
the
global
team
of
maintainer,
x'
developers,
designers,
researchers,
writers
and
more
who
devote
their
time
to
pushing
technology
forward
like
the
scientists
on
stage
earlier
today.
N
Let
me
introduce
you
to
a
few
open-source
maintainer
x'
who's
built
software
that
you've
likely
used
yourself,
meat,
mariotta,
she's,
a
Python
core
developer
from
Vancouver,
and
she
has
a
ritual
of
taking
an
ice
cream
selfie
after
each
conference
talk
she
gives
and
here's
fattie
he's
from
Ankara
Turkey
and
he's
the
creator
of
MgO
thottie
works
from
home.
So
when
he
needs
a
break,
he
gets
to
play
with
his
adorable
son
Alper
and
meet
Henry
who's
based
in
New,
York
City
and
left
his
job
last
year
to
work
on
open
source.
N
Full-Time
Henry
is
the
maintainer
of
Babel,
which
is
an
NPM
package
that
we
use
here
at
github.
It's
these
developers
that
make
the
github
community
what
it
is.
The
strength
of
this
connected
community
depends
on
the
continued
success
of
developers
just
like
mariotta,
sahti
and
Henry,
and
at
github.
N
This
is
the
core
of
what
we're
about
we're
here
to
support
the
humans
behind
human
progress,
in
that
spirit,
were
thrilled
to
announce
a
brand
new
feature
of
github
I'm,
so
excited
to
share
that
today,
we're
launching
the
beta
of
github
sponsors
a
new
way
to
financially
support
the
developers.
You
depend
on.
N
N
To
start,
let's
sponsor
mariotta,
we'll
head
to
her
github
profile
and
you'll,
see
there's
a
new
sponsor
button
right
on
her
profile,
I'm,
a
huge
space
nerd,
so
I
think
it's
awesome
that
her
contributions
to
Python
played
a
role
in
creating
the
black
hole
image
when
I
see
that
button
I'm
super
excited
that
I
can
now
show
her
my
support
clicking.
It
takes
me
to
her
sponsorship
page
here.
She
gets
to
decide
how
to
represent
herself
and
how
you
can
best
support
her.
N
We've
also
built
this
into
existing
github
workflows
so
that
it's
seamless
to
support
developers
I'm
really
excited
about
this,
because
it'll
surface
developers
that
you
can
sponsor
directly
from
the
conversations
where
you
collaborate
with
them.
For
instance,
perhaps
Patti
has
been
really
helpful
as
I
make
my
contributions
to
Van
Gogh.
Imagine
I've
merged
my
first
PR
into
the
project
and
I
want
to
thank
him
for
all
his
help.
N
I
can
jump
straight
into
the
sponsorship
page
from
the
hover
card
on
the
PR,
but
maybe
you
want
to
support
a
project,
not
a
person
to
do
that.
We've
also
added
support
for
a
new
file
called
funding
gamal.
That
makes
it
easy
to
support
the
project.
However,
the
maintainer
is
see
fit
when
funding
amel
is
added
to
a
projects
master
Bank
branch,
a
new
sponsor
button
will
appear
at
the
top
of
the
repo
clicking.
The
button
opens
a
natively
rendered
view
of
the
funding
links
listed
in
that
file.
N
It
can
showcase
the
sponsor
the
'get
of
sponsors,
profiles
of
the
developers
who
contribute
to
the
project,
or
it
can
also
link
to
other
popular
funding
models,
including
open
collective
community
bridge
tide,
lifts
and
more
open
source
is
the
heart
of
github.
The
developers
who
build
our
shared
digital
infrastructure
are
what
make
this
community
so
strong
as
a
thank
you
for
these
valuable
contributions.
Github
sponsors
charges
zero
platform
fees.
When
you
support
the
work
of
other
developers,.
N
N
Github
sponsors
also
supports
payouts
in
all
around
the
world
in
every
country
where
github
does
business
over
the
course
of
the
summer.
We're
excited
to
be
working
with
strength
to
scale
up
this
beta,
we're
all
part
of
a
global
software
team.
Expanding
opportunities
to
participate
on
that
team
is
at
the
core
of
our
mission.
So
we
are
proud
to
make
this
tool
available
to
developers
worldwide.
N
N
N
Github
sponsors
is
one
more
way
to
contribute
to
open
source
financially
supporting
the
people
who
build
and
maintain
it.
Starting
today,
any
github
user
can
sponsor
an
open
source
developer
in
the
beta.
If
you're
interested
in
getting
sponsored
for
your
own
work,
you
can
apply
at
github
comm,
slash
sponsors
we're
launching
small
and
simple,
but
our
mission
is
fast
to
expand
opportunities
to
participate
in
and
build
on
open-source
we're
here
to
serve
the
developer
community
and
we're
eagerly
listening
for
your
input.
A
So
please,
let
us
know
what
you
think
now
Devin
mentioned,
that
one
of
the
great
features
of
github
sponsors
is
that
we
cover
all
of
your
payment
processing
fees
for
the
first
year
and
that
there
are
no
platform
fees
so
that
a
hundred
percent
of
your
contribution
goes
directly
to
the
developer
that
you
sponsor
and
a
hundred
percent
is
amazing.
But
we
were
thinking
about
it
and
we
realized
that
what's
better
than
a
hundred
percent
is
two
hundred
percent.
A
This
enables
us
to
really
jumpstart
the
github
sponsors
program
and
boost
the
contributions
that
you
make
while
still
giving
you
the
empowerment
and
the
freedom
to
choose
who,
in
the
open-source
community
you
want
to
support.
So
we're
really
excited
about
this.
Okay,
we
covered
a
lot
of
ground
today.
So
let's
just
step
back
and
do
a
brief
recap.
Shanku
talk
to
you
about
some
of
the
new
security
features
that
we've
released,
including
maintainer
security,
advisories
security
policies
and,
together
with
gray
the
acquisition
of
depend
bot,
which
we're
really
excited
about
we've
been
saying
internally.
A
The
depend
bot
is
a
little
bit
like
a
Roomba
for
your
code
and
it
comes
out
and
cleans
it
up
for
you
and
then
Dana
showed
you.
Some
new
capabilities
for
enterprises
from
enterprise
accounts
to
internal
repos,
to
new
roles,
the
triage
and
maintained
role,
which
will
be
really
useful
for
open
source
communities
as
well
and
permissions
and
the
organizational
insights.
And
then
we
heard
from
Kristian
and
Sebastian
at
Shopify
about
the
best
practices
that
they
are
using
and
then
Devin
showed
you
github
sponsors
and
we
talked
about
the
sponsors
matching
fund.
A
Additionally,
just
two
weeks
ago,
we
announced
the
github
package
registry,
which
gives
you
a
single
place
to
store
your
code
and
your
packages
behind
a
single
login
and
then
coming
up
later
the
summer.
We
will
have
some
more
news
to
share
about
github
actions,
as
I
mentioned
before
at
github.
Our
mission
is
to
build
the
global
platform
for
developer
collaboration,
and
that
really
means
that
our
job
is
to
serve
you
right
to
make
your
life
easier,
to
make
you
more
productive
to
help
you
connect
to
the
developers
and
contributors
who
make
your
work
possible.