I am Thomas Poignant, living in Paris France and I am writing about my OpenSource journey.
I am currently Head Of Engineering in Leboncoin (one of the largest classified ad marketplace in Europe), and I work in the software engineering field for more than 16 years.
I started with OpenSource like many of us by using it, but I always had in mind that I wanted to contribute back to the awesome ecosystem that OpenSource provide. And when I moved to more leadership position in my day job, putting me away of the code more and more, it was obvious for me that I will be involved more into OpenSource.
I started with a small library called scim-patch, and now I spend most of my time around feature flags, I am building GO Feature Flag a feature flag platform that works with all your favorite languages and is integrating easily in any company tech. You can start using feature flags super fast with GO Feature Flag.
And I am also part of the OpenFeature technical committee. OpenFeature provide a open specification that provides a vendor-agnostic, community-driven API for feature flagging that works with any management tool or in-house solution.
Honestly, the biggest pain for me is just finding the time outside of my regular job to actually do all the stuff I've got planned for the project. It feels like there's always a backlog in my head!
Another thing that's a bit of a downer is not really knowing who's using the thing I pour my energy into. As a maintainer, you rarely get a good sense of your project's impact. It's kind of weird not knowing who's finding it useful or what they like about it. You just keep plugging away hoping it's helping someone out there.
You've got to put people first, right? If what you're building isn't a good experience, it's tough to get anyone to stick around, let alone contribute. That's why with GO Feature Flag, I really focus on making it the best tool it can be, with clear docs and helpful support. People need to dig what you're doing before they'll jump in to help.
After that, it's all about being welcoming. I try to be super polite and positive with everyone who uses the project, always trying to sort out any problems they run into. Making people feel welcome is huge.
But yeah, getting a contributing community going is a different beast. You see folks pop in to fix their own little itch, which is awesome! But getting people to commit to the bigger picture, to really dive deep and contribute in a substantial way? That's a tough nut to crack. People have their own stuff going on, and it takes a lot for someone to invest the time to really understand a complex project.
Security is a big deal, and we've baked it into our workflow in a few key ways. First off, Dependabot keeps our dependencies on their toes with weekly updates, so we're not lagging behind on crucial fixes.
We run security checks on the Docker images and Helm charts we are building to catch any potential vulnerabilities early on.
For ongoing monitoring, we've integrated Snyk into our processes. It helps us continuously scan for and address security issues.
Finally, to balance security with community contributions, we hold off on running CI pipelines for first-time contributors. This gives us a chance to review their changes before automated processes kick in.
"One of the biggest security challenges facing open source today is the increasing prevalence of supply chain attacks, where malicious code is injected into widely used projects. The recent compromise of a popular GitHub Action, tj-actions, (CVE-2025-30066) is a stark reminder of this threat.
Attackers are targeting the open-source ecosystem because its interconnected nature allows a single successful attack to have a widespread impact. Open source projects are as vulnerable as any other software, and we need to be very vigilant about these kinds of attacks
AI is having a significant and multifaceted impact on open-source development. On the one hand, it's accelerating development workflows in exciting ways. This can be a huge benefit, especially for smaller open-source projects with limited resources.
However, this increased speed can come with a downside. There's a real risk of a decrease in code quality if AI-generated contributions aren't carefully reviewed. I've also observed instances where AI-generated code introduces new issues or requires significant rework, ultimately wasting the time of both contributors and maintainers.
My advice to both current and new maintainers is: Do it! Open source is an incredibly exciting and rewarding journey. You'll benefit immensely from the feedback and help you receive from the community, and you'll find that the experience directly contributes to your growth and skills in your day-to-day work.
In closing, remember that open source is a journey. You can start small, gradually increasing your impact over time.
It's also important to keep in mind that success isn't always measured in GitHub stars. As my own experience, a project with modest star count (28 stars) can still have a significant impact, reaching nearly 3 million downloads.
If you're looking to get involved and contribute into OpenSource, please feel free to join me in building GO Feature Flag at https://github.com/thomaspoignant/go-feature-flag. We're always happy to welcome new contributors!
- GO Feature Flag Website: https://gofeatureflag.org
- LinkedIn: https://www.linkedin.com/in/poignantthomas/
- GitHub: https://github.com/thomaspoignant
- Bluesky: https://thomaspoignant.bsky.social