Great reads - December 2018 Edition


#1

Post links about Open Source Sustainability that you find interesting. Here is what I have read so far:

Please share what you have been reading/listening too.

p.s. Just because I link to something doesn’t mean I necessarily endorse it. I just find it thought-provoking and/or interesting.


#2

The following is a blog post inspired by conversations during Sustain Summit 2018. I feature the Funding Index (or what ever its name will be).


#3

This post summarizes key takeaways from this presentation and draws on ideas discussed during Sustain Summit 2018.

:heart_eyes:

TIL

Some related links (already using web3)


Great read!


#4

True, appears dormant. We meet weekly, make tiny progress all the time, and I know that it does not show.


#5

It’s from October, but I just found this report from DigitalOcean on “open source”.

“75 percent said their company invests $1k or less every year in donations to open source.”


#6

Great find. For those who just want to see that without clicking here you go:

53%20AM

Source


#7

Just finished “The insider perspective on the event-stream compromise” podcast, it’s a great one.

It’s strange and sad to see that you have a highly successful package (2 million downloads per week), you have no income from this, you don’t want to maintain it and now you also have a burden to understand the intentions of people who wants take the ownership of your packages.

That’s why I think the most important issue that needs to be solved is the “financial sustainability”.

How much money could Dominic make if this would be a commercial success? Even a “Youtube video” equivalent of this would generate a fair amount of income. Then you wouldn’t want to move away from your package, you would just keep working on it.

Anyway, we are going to figure out this problem eventually, right? :slight_smile:


Dominic Tarr: The funny thing is like, compared to the one last year, the WannaCry worm - that was a hack that only affected people that hadn’t updated their code. This one was one that only affected people who had updated their code.

Adam Stacoviak: Well, you’re screwed either way then, I guess…

:rofl:


#8

The Bugmark team (me included) proposes to address financing and security through a market place for open source software issues. I still need to listen to that podcast and then write a blog post how a market place could have helped in this case. Until then, here is a paper that describes the core idea behind the market place:

  • “A Trading Market to Incentivize Secure Software” (PDF)

German readers can also learn more about the collaboration mechanisms of said market place.

  • “Marktplatz zur Koordinierung und Finanzierung von Open Source Software” (HTML, PDF)

#9

This link was posted to our Slack channel by Jerod Santo (co-host of Changelog).

@pia had some great feedback on it:

[8:48 AM]
It’s been quite a controversial approach, but an interesting one.
I think it’s a policy that makes a ton of sense for opening issues, it’s less obvious at the PR level
They are also considering previous strong contributors as patrons, which I think is a good idea
On the flipside, the honesty policy will work up to a certain scale imho, after that it can be quite discretional unless the community does the work of coming up with a clear and transparent policy about it
in general I am thrilled that this is happening, because we need more experimentation in the space, and from a selfish standpoint I feel great we are enabling this with OC [OpenCollective]


#10

Interesting approach. A few thoughts…

The next step is to require patronage to post to their forum and mailing list and other communication channels. A project that adopts a pay to play model would ideally provide the most value to is members/patrons through those channels, and less through the source code or software. I think it would work well for foundational infrastructure projects where standardization is important and less for end-user facing software where out of band support can easily thrive.


#11

Not very fresh (from August) but just finished this podcast:

Devon Zuegel is doing the interview, one of the attendees of the event.

My knowledge about blockchains is still limited (especially smart contracts - feel free to enlighten me with useful links), but I really liked this “built-in royalty system” that (apparently) comes with it. When such system would be widely used, I think that would be a game changer.

Cc @bibryam


#12

This is an interesting attempt, it would be nice to check the results once in a while.

It looks like it’s a very recent update, from December 4th.
And I found only one issue that’s closed because of this.

There is chance that they could miss some “good” contributions (bug reports etc.) with this approach, but their “you must be a patron to be our user” message looks pretty clear.

Readme
Bug report message


#13

I’ve seen that podcast. “built-in royalty system” has been implemented in some blockchain projects such as Dash, where some percentage of the mining/staking gains go to a development fund, so it is part of the protocol. Unfortunately, that model is applicable only for blockchain based projects, but not to all OSS.


#14

Save Open Source, Save the World by John Mark

His own summary

Governments and software foundations should directly fund open source development and treat it like the national infrastructure it has become.

I’m definitely in favor of pushing governments to recognize open source as a digital infrastructure.


#15

On that note, did you see the EU’s new open source bounty program?

https://juliareda.eu/2018/12/eu-fossa-bug-bounties/


#16

Yes, they had a presentation at Fosdem last year, nice initiative indeed.

Another memorable one from Fosdem was: Italy: the most hacker-friendly country?

I believe I heard Public Money, Public Code campaign of FSFE from one of these presentations. It would be great to hear more from this one; what’s the status, whether they made any impact?