Tidelift Icon

Tidelift

Making open source work better — for everyone.
tidelift.com • 11 Stories
All Sources

Tidelift Icon Tidelift

It's the end of Python 2. Are we prepared?

In just a few short months, Python 2 will officially reach the end of its supported life. 💀 This means that anyone building applications in Python will need to have moved to Python 3 if they want to keep getting updates including, importantly, fixes for any security vulnerabilities in the core of Python or in the standard library.

With over 200k Python libraries extant, I have a feeling it’ll be awhile before Python 2 is put out to pasture…

Tidelift Icon Tidelift

Up to 20% of your application dependencies may be unmaintained

We recently added a new feature Tidelift subscribers can use to discover unmaintained dependencies. After taking an early look at the data we’re getting back, it appears that about 10-20% of commonly-in-use OSS packages aren’t actively maintained.

Click through for an explainer on how they define “unmaintained” as well as a link to their tool for analyzing your app’s dependencies (email required).

Havoc Pennington Tidelift

Open source has a working-for-free problem

Open source isn’t a charity case. We can’t expect to attract and retain level 10 players into a level 2 opportunity. So why are we treating open source maintainers and contributors like they owe us something and not finding ways to enable them to maximize the rewards they can get for playing the game?

Let’s abandon the notion that open source is exclusively charity.

In the software industry, we’re normalizing spec work in a way that the design industry successfully rallied against.

The narrative around open source is that it’s completely OK—even an expectation—that we’re all doing this for fun and exposure; and that giant companies should get huge publicity credit for throwing peanuts-to-them donations at a small subset of open source projects.

There’s nothing wrong with doing stuff for fun and exposure, or making donations, as an option. It becomes a problem when the free work is expected and the donations are seen as enough.

Brenna Heaps Tidelift

How should you use funding for your open source project?

I think the consensus agrees that sustaining open source software takes more than just money. And yet money often remains a crucial part of a larger need for open source to sustain AND thrive. So, if that’s the case…how should you use funding for your open source project? Brenna Heaps writes on the Tidelift blog:

We’ve been speaking with a lot of open source maintainers about how to get paid and what that might mean for their project, and the same question keeps popping up: What do I do with the money?

The tldr?

Fund the project, community engagement, and pay it forward…

But, it’s a short read and worth it — so go read this and then share it with your fellow maintainers.

Keenan Szulik Tidelift

Is React's development "supported" by Facebook? That depends.

Everyone knows that React is one of the most popular JavaScript libraries for building user interfaces — and many users of React choose it because they think it’s supported by Facebook. But is it really? That depends on what you mean by React, and what you mean by support. Keenan Szulik writes on the Tidelift blog:

Since its release in 2013, React has grown into a proper open source phenomenon … with more than 100,000 GitHub stars, over 300,000 dependent repositories, and more than 800 contributors.

Facebook’s contributions to React and the JavaScript ecosystem around it are truly epic — the stuff of legend. But when we dive into the dependencies of the default create-react-app, only 24 of the 1,103 packages come from repositories in Facebook’s GitHub organizations. That’s less than 3% of the dependencies required to build the “Hello, World” app with create-react-app!

So who supports React?

Donald Fischer Tidelift

The data behind Microsoft's surprising open source track record

Our friends at Tidelift have joined data from GitHub and their own Libraries.io, “the largest open source software dataset in the world,” — which covers over 2.8 million open source projects. They were able to combine the two datasets to gather the entire commit history of each project on GitHub to more closely examine the following questions:

  1. What exactly has been Microsoft’s role in the open source community?
  2. In which projects and ecosystems have they contributed most?
  3. Have those contributions been focused on the large Microsoft open source initiatives, or has the company also participated in projects beyond their immediate purview?

They were also careful to clean the dataset of forks and duplicate packages which would misinform this analysis.

So what’s the verdict? Microsoft may have a mixed history with open source, but today the company is demonstrating some impressive traction when it comes to open source community contributions. If we are to judge the company on its recent actions, the data shows what Satya Nadella said in his announcement about Microsoft being “all in on open source” is more than just words.

The data behind Microsoft's surprising open source track record

Tidelift Icon Tidelift

Tidelift announces open source subscriptions

Donald Fischer:

Over the last several months, we engaged with over 1000 professional users and maintainers of open source software through surveys and live conversations. We wanted to learn what’s working for them and what’s not. Turns out, people had a lot on their minds.

The result of these conversations was the creation of Tidelift subscriptions, which are described as:

paying for “promises about the future” of your software components.

Click through to read the nitty, gritty details. There are some interesting opportunities here:

Tidelift provides a means for maintainers to band together in a scalable model that works—for everyone. Those who build and maintain open source software get compensated for their effort—and those who use their creations get more dependable software, delivered via a Tidelift subscription.

Player art
  0:00 / 0:00