Sustainability Icon

Sustainability

33 Stories
All Topics

Mike McQuaid mikemcquaid.com

"This is why people don’t contribute to your open source project"

Do you want more contributors and maintainers on your project? Mike McQuaid, maintainer of Homebrew (macOS package manager), writes on his personal blog: Here are a a few guidelines in thinking about this: Most contributors were users first (“scratching your own itch”: most people start contributing to an open source project to solve a problem they are experiencing) Most maintainers were a contributor and user first (people don’t just jump into maintaining a project without helping to build it first) Maintainers cannot do a good job without remaining a user (to maintain context, passion and empathy) Combined, these start to look a bit like a sales funnel. People have to travel through each stage and there’s a fairly hefty drop-off at each one. Also check out ~> Open source maintainers owe you nothing

read more...

Keenan Szulik Tidelift

Is React's development "supported" by Facebook? That depends.

Everyone knows that React is one of the most popular JavaScript libraries for building user interfaces — and many users of React choose it because they think it's supported by Facebook. But is it really? That depends on what you mean by React, and what you mean by support. Keenan Szulik writes on the Tidelift blog: Since its release in 2013, React has grown into a proper open source phenomenon ... with more than 100,000 GitHub stars, over 300,000 dependent repositories, and more than 800 contributors. Facebook's contributions to React and the JavaScript ecosystem around it are truly epic — the stuff of legend. But when we dive into the dependencies of the default create-react-app, only 24 of the 1,103 packages come from repositories in Facebook's GitHub organizations. That's less than 3% of the dependencies required to build the "Hello, World" app with create-react-app! So who supports React?

read more...

Richard Littauer Medium

How to get rid of maintainer guilt

If you're a maintainer who's feeling the burden of your open source software, you have a few options to consider according to Richard Littauer — you can... Onboard more maintainers - spread the burden to more of the community Clearly set expectations - explain your software is provided on an “as is” basis Hire a maintenance company - wait, what?! Is that we've come to? Are we now hiring code maintenance companies to maintain our open source? I'm actually quite interested in the economies around this, so let this post serve as an open invite to Richard to join me on Founders Talk for a discussion on the state of open source maintenance and his lessons learned building Maintainer Mountaineer.

read more...

Pia Mancini Medium

Open Collective's new tool helps you "Back Your Stack"

Pia Mancini, CEO of Open Collective: BackYourStack is the first step to help companies discover the dependencies in their stack that are seeking to become sustainable and a way to start subscriptions to them. Each collective can set up different tiers for their subscriptions such us brand visibility, support or in-house training. Just input your GitHub org and BackYourStack will generate a list of supportable projects by analyzing your dependencies. This is a great idea and a good first step toward making it easier for organizations to put their money where their source is. (YMMV as the results are a bit limited (and maybe buggy?) at the moment. Our report is saying we only rely upon 1 open source project, which definitely doesn't cover it.)

read more...

Eric Holmes Medium

Here's how Eric Holmes gained commit access to Homebrew in 30 minutes

This post from Eric Holmes details how package managers can be used in supply chain attacks — specifically, in this case, a supply chain attack on Homebrew — which is used by hundreds of thousands of people, including "employees at some of the biggest companies in Silicon Valley." On Jun 31st, I went in with the intention of seeing if I could gain access to Homebrew’s GitHub repositories. About 30 minutes later, I made my first commit to Homebrew/homebrew-core. If I were a malicious actor, I could have made a small, likely unnoticed change to the openssl formulae, placing a backdoor on any machine that installed it. If I can gain access to commit in 30 minutes, what could a nation state with dedicated resources achieve against a team of 17 volunteers?

read more...

Nadia Eghbal nadiaeghbal.com

Methodologies for measuring project health

How do we know whether an open source project is doing well? Number of contributors? Number of users? Number of appearances on The Changelog*? Nadia's been researching these things: A lot of people are interested in measuring the health and velocity of open source projects. After digging through the current research landscape, I’d like to summarize the most common approaches I’ve seen, and my conclusions here. One conclusion she's come to is that our current methods aren't cutting the mustard. Find out why and what some of her suggestions for improvement are in this excellent piece. *yes of course that's a joke

read more...

Python mail.python.org

Guido van Rossum retires as Python's BDFL 😱

We were just discussing this on a recent episode, and now it's a reality!? I'm basically giving myself a permanent vacation from being BDFL, and you all will be on your own. After all that's eventually going to happen regardless -- there's still that bus lurking around the corner, and I'm not getting younger... (I'll spare you the list of medical issues.) He will not appoint a successor. What happens next?! Not even Guido knows: So what are you all going to do? Create a democracy? Anarchy? A dictatorship? A federation? Grab some 🍿 because this is gonna get interesting!

read more...

Apple thedevelopersunion.org

The Developers Union - a ‘non-union union’ advocating for sustainability in the App Store

Want developers of great software to be able to make a living doing it? Want free trials in the App Store? Join The Developers Union! Dear Apple, We believe that people who create great software should be able to make a living doing it. So we created The Developers Union to advocate for sustainability in the App Store. Today, we are asking Apple to publicly commit — by the tenth anniversary of the App Store this July — to allowing free trials for all apps in the App Stores before July 2019. After that, we'll start advocating for a more reasonable revenue cut and other community-driven, developer-friendly changes.

read more...

Julia Evans jvns.ca

Open source sabbatical = awesome

Julia Evans has finished up her 3 months of funded work on rbspy (thanks to the Segment Open Fellowship) and wrote up her experience. If you can't tell from the title, she liked it. This was an interesting statement coming from Julia (whose reputation amongst developers is impeccable, if you ask me): Another benefit of doing this was that now I have actual code that I’ve written out in the open on GitHub! I don’t really believe in “github is your resume” (lots of great programmers don’t do any open source work! that’s fine!) but it does feel good to have. One huge benefit to employees who work for open source-oriented companies is that they get to build an open source portfolio on the job. That levels the playing field for folks who don't have the luxury of disposable free time outside business hours.

read more...

Jerod Santo brave.com

You can now support our work with the Brave browser ✊

In retrospect, becoming a Brave Publisher was a no-brainer. We're big fans/supporters of: Independent publishers New sustainability models Brandon Eich (listen to this RFC if you haven't yet) Real-world cryptocurrency use cases So, if you appreciate the news and podcasts we've been producing for the past decade, please consider browsing our site with Brave and throwing a few BAT into the proverbial tip jar. 💚

read more...

Tidelift Icon Tidelift

Tidelift announces open source subscriptions

Donald Fischer: Over the last several months, we engaged with over 1000 professional users and maintainers of open source software through surveys and live conversations. We wanted to learn what’s working for them and what’s not. Turns out, people had a lot on their minds. The result of these conversations was the creation of Tidelift subscriptions, which are described as: paying for “promises about the future” of your software components. Click through to read the nitty, gritty details. There are some interesting opportunities here: Tidelift provides a means for maintainers to band together in a scalable model that works—for everyone. Those who build and maintain open source software get compensated for their effort—and those who use their creations get more dependable software, delivered via a Tidelift subscription.

read more...

Twitter Icon Twitter

"This is a call for help."

Jürg Lenhi, writes in this tweet thread: Let's talk about open-source. I've been developing and maintaining Paper.js for years. It has 8,700 stars on GitHub. Multiple big companies have done projects and products with it. Yet donations and sponsored features are very few, and I need to accept other work to sustain a living. There are several more tweets that follow this up with more details from Jürg, but what I found missing, is an awareness of what a healthy relationship for him and this project looks like. If we've learned anything from Request For Commits, it is that money doesn't solve the open source maintainer problem, so donations or Patreon alone aren't a fix. (Thanks to Cody for sharing this in our community Slack.)

read more...

link Icon tidelift.com

Three Ways to Improve the Sustainability of Open Source Projects

This post shares insights gathered from last year's Sustain OSS. Open source is the basis upon which much of our technology is built, technology that keeps us warm, safe, and happy. Open source projects enable young developers to learn from veterans and entrepreneurs to build million-dollar companies in the space of months. tldr (but you should read): Remember, it's free. Optimize for (many) maintainers It's not just about the code

read more...
0:00 / 0:00