(Easy) ways to help struggling open source projects:
- step in and help review a few PRs
- help the project triage/reproduce bugs
- if code in the PR looks complicated or is hard to understand, ask for an explanation
- express your gratitude to the maintainers
- make your company sponsor projects they depend on
CatSalad🐈🥗 (D.Burch) :blobcatrainbow:
in reply to daniel:// stenberg:// • • •I feel some companies do not know all their end dependencies at times... left-pad, anyone?
daniel:// stenberg://
in reply to CatSalad🐈🥗 (D.Burch) :blobcatrainbow: • • •maswan
in reply to daniel:// stenberg:// • • •This! Having been in the position to get this done to some degree, it is not just charity either. It is a path to more competent staff that has a really solid understanding of those softwares (and a great resource for in-house support to the teams using it), as well as a good way to prioritize the bugfixes and changes that are pain points in your org.
Faces a lot of objections for "wasting" money, and we "should use finished software that doesn't need development" though.
@catsalad
Bubu :progress_pride: reshared this.
Konstantin Weddige
in reply to daniel:// stenberg:// • • •Troed Sångberg
in reply to daniel:// stenberg:// • • •(Maybe slightly controversial)
... and if all those options are too complicated in a corporate setting - at least use a Linux distro where you can pay for support. This mimics what corporations are set up to understand, and if (for example) money gets sent to Red Hat this way that in turn will sponsor a lot of different open source projects.
Asheville Charlie
in reply to daniel:// stenberg:// • • •Codepope
in reply to daniel:// stenberg:// • • •but unfortunately these are also the same steps you need to do to infiltrate an open source project as a bad actor.
Maybe the open source community needs to create a network of trust which can at least offer a “This is a known person” qualification to contributors.
daniel:// stenberg://
in reply to Codepope • • •Codepope
in reply to daniel:// stenberg:// • • •Jia Tan's trust was generated through humint style pushing on a vulnerable maintainer using sock puppet accounts.
We still need reviews, verification and tests, but if we ignore the load we place on a project maintainer and expect them to do better at identifying bad commits, then this will happen again and again.
daniel:// stenberg://
in reply to Codepope • • •@codepope my point is that contributors normally are not "trusted" at all by maintainers - like myself. I don't need trust for that. As long as their contribution is good. That's the vast majority of contributions.
Trust is for when handing over responsibilities and powers, which is MUCH rarer.
daniel:// stenberg://
in reply to daniel:// stenberg:// • • •Codepope
in reply to daniel:// stenberg:// • • •Codepope
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Codepope • • •@codepope but with a lot of *additional* requirements the burden on the maintainer is also *increased* when being unable to bring in more maintainers because they are not in the web...
So no, I don't see how a web of trust thing is a realistic scenario for where I have been in my maintainer life.
Codepope
in reply to daniel:// stenberg:// • • •Are you basing that on the assumption that nobody trusts anybody so no one would be eligible? And as I said in another part of the thread, it'd be up to each project to decide how much weight they put on the trust graph ratings - I'd expect most projects to start with it on low and ramp it up in line with current maintainers own ratings over time.
But I’m guessing from the responses, we're going to be stuck with zero trust FOSS going forward.
daniel:// stenberg://
in reply to Codepope • • •nrk
in reply to daniel:// stenberg:// • • •also
- do not ask maintainers to add new features unless they are explicitly asking/looking for it.
Opensource maintainers deserve better. It is not like one should randomly come and ask for adding new features like it was some commercial product.
tradersbulletins
in reply to daniel:// stenberg:// • • •Understanding Snapchat Friend-Ranking Feature - Traders Bulletins
RMP (Traders Bulletins)Angelino Desmet
in reply to daniel:// stenberg:// • • •What if I paid for all my free software? | Angelino Desmet
www.cynicusrex.comShane Curcuru
in reply to daniel:// stenberg:// • • •Advanced ways to help #OpenSource
- Have corporate policies allowing devs to contribute upstream; heck, encourage it!
- Support your OSPO. Give them budget for a FOSS Fund. Listen when they speak.
- Subscribe to Tidelift, thanks.dev, kudos.community, and programs that auto-distribute donations to all your dependencies.
- Get listed on https://fossfunders.com/ and promote it to other CEOs/CTOs.
@bagder
FOSS Funders
fossfunders.comWarriormaster
in reply to daniel:// stenberg:// • • •Potung Thul
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Potung Thul • • •Potung Thul
in reply to daniel:// stenberg:// • • •Thanks for the explanation.
I am able to do #4: "express your gratitude to the maintainers". I'll go do it!
Steve Freeman
in reply to daniel:// stenberg:// • • •Sarah A
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Sarah A • • •Nicolas Holzschuch
in reply to daniel:// stenberg:// • • •leading cackle influencer
in reply to daniel:// stenberg:// • • •nyx
in reply to daniel:// stenberg:// • • •One thing I do not really understand ...
"Free" is fine. But I see "Companies" mentioned pretty often. Companies have one master goal: Make money. Taking something for free and selling it for money does not contradict that goal.
So why not adjust the licences to something like "If used by a legal entity generating at least a turnover of 240 times the average monthly income of the country their headquarters are located at, at least 3% of the total turnover has to be spread equally across the products used that are covered by this license."
Problem solved.
nyx
in reply to nyx • • •Once upon a time, one of our devs solved an issue in an open source library we are using. He asked his superior to create a corresponding pull request. The request got denied because "It may also contribute our competitors".
So I have my doubts that a call for contribution will generate much participation.
daniel:// stenberg://
in reply to nyx • • •nyx
in reply to daniel:// stenberg:// • • •Those who worked their way up are - from my experience - more open for suggestions and arguments. But they seem to be hard to find nowadays.
JPL
in reply to daniel:// stenberg:// • • •Ellie
in reply to daniel:// stenberg:// • • •Managor
in reply to daniel:// stenberg:// • • •Billie Thompson 🦊
in reply to daniel:// stenberg:// • • •grin
in reply to daniel:// stenberg:// • • •Some project see them as such, others see it as a burden. (Especially with 1000+ open issues with low duplicates.)
Triaging often the same, people are testing various versions and it's seen as "metoo'ing" in various projects.
(Unfortunately PR requires lot of familiarity w/ the project.)
If only life was simple.