Tidelift co-founder and general counsel Luis Villa shares his HOWTO guide for paying open source maintainers with All Things Open Conference on We ❤️Open Source. 💰 Paying maintainers isn't just about compensation—it's about valuing the unseen, often underappreciated work that keeps open source projects secure and thriving. Maintainers play a critical role in ensuring the security and longevity of #opensource projects. Yet, the importance of compensating them fairly is often overlooked. This HOWTO outlines not only why paying them is vital but also how to do it effectively, ensuring that open source projects continue to benefit from the expertise and dedication of their #maintainers. Check out the full story on We ❤️Open Source 🗞️https://lnkd.in/g4FTVvCi For those interested in diving deeper into this topic, Lauren Hanford, VP of Product at Tidelift, will be speaking at All Things Open about the security work maintainers do behind the scenes. Her talk, "The Unseen, Underappreciated Security Work Your Maintainers May (or may not) Already Be Doing," will be Monday, October 28th, from 2:15 PM to 2:30 PM ET. We can guarantee you won’t want to miss this! More information on the 2024 All Things Open conference can be found here 👉 https://lnkd.in/gkwDKc7R
Tidelift’s Post
More Relevant Posts
-
Want to make your open source project more inclusive? Not sure where to start? 🐧 Inclusive Strategies for Open Source (LFC103) ☁️ has the answers! Enroll 🆓 today: https://hubs.la/Q02zRDvt0 #Inclusive #OpenSource
To view or add a comment, sign in
-
Want to make your open source project more inclusive? Not sure where to start? 🐧 Inclusive Strategies for Open Source (LFC103) ☁️ has the answers! Enroll 🆓 today: https://hubs.la/Q02zRzvr0 #Inclusive #OpenSource
To view or add a comment, sign in
-
The Digital Services Coalition(DSC) firmly advocates for the adoption and contribution to open source software, recognizing its critical role in enhancing transparency and security within the digital landscape. We invite you to explore the collaborative efforts of our member companies in supporting and advancing open source initiatives. Furthermore, our recent dialogue with Jordan Kasper underscores a commitment to not only support the Department of Homeland Security's Open Source Policies but also to foster the implementation of similar policies across various government entities. #opensource #digitalservices #open https://lnkd.in/dQEcZww3
To view or add a comment, sign in
-
We’re almost shy of a month away from #Upstream, the one-day, virtual celebration of open source (June 5th!) and we’re continuing the countdown with another look back at Upstream from years before. This time, we’re revisiting last year’s opening talk lead by Tidelift co-founder and general counsel Luis Villa and #opensourcemaintainer Jordan Harband. The keynote set the theme for the day: why are we talking about supply chains? As you may or may not know, last year’s theme was “the accidental supply chain.” Accidental in that, open source maintainers never asked to be a part of someone’s supply chain. Luis addresses the inherent issues with describing open source as a supply chain, as this implies an agreed upon relationship between the consumers and supplies. The flaw of this analogy is that #opensourcesoftware is heavily made up of volunteers, people who oftentimes work independently and who do not label themselves as suppliers. As Luis puts it, “Global supply chains are not built of solo artisans.” This power imbalance is creating a strain on open source maintainers and with increasing government and industry requirements, the pressure only grows. When thinking about this year’s Upstream theme, “unusual ideas to solve the usual problems,” and with the recent #xz utils hack at top of mind, it’s very likely that conversations will revolve around alleviating and preventing maintainer burnout. Revisit last year’s keynote to learn more about how the term “open source software supply chain” came to be, what we can do to help open source maintainers, and hear from Jordan as he details his own experience with helping save a project from abandonment due to the former project owner’s maintainer burnout. And of course, make sure to sign up for this year’s Upstream, a one-day virtual event on Wednesday, June 5th! https://bit.ly/3wh9e4g
To view or add a comment, sign in
-
Great post by the Digital Services Coalition. In addition to the clear argument for open source, standards and data, I believe we will be exploring open security next.
The Digital Services Coalition(DSC) firmly advocates for the adoption and contribution to open source software, recognizing its critical role in enhancing transparency and security within the digital landscape. We invite you to explore the collaborative efforts of our member companies in supporting and advancing open source initiatives. Furthermore, our recent dialogue with Jordan Kasper underscores a commitment to not only support the Department of Homeland Security's Open Source Policies but also to foster the implementation of similar policies across various government entities. #opensource #digitalservices #open https://lnkd.in/dQEcZww3
DSC Supports the Federal Government’s Collaborative Open Source Initiatives
medium.com
To view or add a comment, sign in
-
"Maintainers who aren’t paid for their open source work are less likely to implement critical security practices." 🛡️ Great piece from The New Stack, covering the 2024 Tidelift state of the open source maintainer report. It’s eye-opening to see how undercompensation impacts the security and sustainability of open source projects. 😖 Some highlights: - 60% of maintainers remain unpaid for their work. 💻 - Paid maintainers are 55% more likely to implement key security and maintenance practices 🔐 - 60% of maintainers have quit or considered quitting. 😓 If we want a more secure and sustainable open source landscape, compensating maintainers is key. 👏 Read the full article by Heather Joslyn on The New Stack here: 🔗 https://lnkd.in/g4fz9WDi
To view or add a comment, sign in
-
Your belated reminder, in the aftermath of the xz backdoor, that open source maintainers still owe you nothing: https://lnkd.in/edg-AP7D Not only do they owe you nothing but: if they are running a large open source project at scale and have been doing so for a while: in almost every case they know vastly more about doing so than almost anyone else in the world does. Open source users and contributors: show some more gratitude and, frankly, deference to the maintainers who keep OSS alive.
Open Source Maintainers Owe You Nothing
mikemcquaid.com
To view or add a comment, sign in
-
Investing in open source doesn’t need to be complicated. At Tidelift, our credo is “pay the maintainers.” We believe that paying open source maintainers is a fundamental step in avoiding situations like the xz utlis backdoor hack where a volunteer maintainer who described themselves as an unpaid hobbyist was tasked with more work than they had the time or capacity to do. Since the xz incident, discussion around what could have prevented this has left many in one of two camps: money is not part of the answer, and money is a necessary part of the answer. To quote Tidelift co-founder and General Counsel Luis Villa, "Paying maintainers should not be viewed as a magic bullet, but instead a cornerstone of efforts to improve the security and resilience of open source." When it comes to the open source software we use to build our businesses, we expect volunteer open source maintainers to deliver as enterprise suppliers, but it is a contract that maintainers neither signed nor agreed to. With a growing amount of government and industry requirements alongside a increasingly risky data and technology landscape, there is the risk of maintainer burnout which can leave open source packages unmaintained and vulnerable. A recent Harvard Business School paper from Manuel Hoffmann, Frank Nagle, and Yanuo Zhou estimated the demand-side value of the #opensourcesoftware ecosystem at $8.8 trillion. By comparison, the entire U.S. electrical grid is valued at 1.5- 2 trillion dollars, and the U.S. interstate highway system is valued at 750 billion dollars. Open source software is an exceptionally valuable resource, and we shouldn’t take it—or its creators—for granted. In her latest post on the Tidelift blog, Tidelift VP of Product Lauren Hanford explains why it is crucial to support #opensourcemaintainers, why the current model of running scans to look for CVEs in open source code is *not* working, and a viable path towards more secure, more reliable software. Read the entire post on the Tidelift blog: https://bit.ly/3U9UY6d
To view or add a comment, sign in
-
📢 Exciting news for open source software advocates! The German government has officially published the Onlinezugangsgesetz 2.0 (OZGÄndG), featuring a groundbreaking new Article 16a, which mandates federal public offices to prefer open source software for newly procured software over proprietary options. This represents a significant step towards greater transparency, security, and efficiency in government operations. 🔍 Despite the soft language of "should" in Article 16a, within the context of public offices, it practically sets a default process, making it stronger than previous preferences in federal architecture guidelines. However, the impact of such mandates remains to be seen in practice. The Swiss EMBAG law, for example, already requires public bodies to disclose the source code of software they develop unless restricted by third-party rights or security concerns, yet challenges in enforcement persist. ⚖️ Similar situations are observed in other countries like France and Italy, where open source-friendly laws exist but are not consistently enforced. This underscores a broader issue: legal mandates alone do not guarantee adherence. Strategic litigation might be one approach to ensure compliance, but it's crucial to also understand vital role o establishing Open Source Program Offices (OSPOs) within public sector organizations. 🏢 OSPOs could play a transformative role by providing the necessary infrastructure and support for public offices to adopt, develop, and contribute to open source software effectively. This approach aligns with a collaborative strategy, offering assistance rather than presenting additional problems. 📈 France’s experience offers valuable insights. Despite the Digital Republic law’s mandate, progress was slow until the Bothorel parliamentary report in 2021 and the subsequent establishment of the Mission Logiciels Libres (MLL). However, the MLL’s limited resources highlight the need for stronger institutional support and coordination across relevant ministries. 🔑 The key takeaway is that while getting open source mandates into law is a critical first step, it cannot be the last (as French junior minister Axelle Lemaire said in 2016: "The after-sales service is as important as the law itself"). There must be ongoing efforts to build the necessary institutional infrastructure and ensure these laws have the intended impact. The success of such initiatives depends on political will, administrative approval, budget allocation, and strategic understanding at all levels of government. 🚀 We need to continue to advocate for stronger support structures like OSPOs, promote strategic litigation where necessary, and push for comprehensive implementation studies to ensure open source mandates lead to meaningful change. #OpenSource #OSS #PublicSector #DigitalTransformation #OSPO #Governance #TechPolicy
To view or add a comment, sign in
-
Paying people to work on open source is good actually – Jacob Kaplan-Moss https://buff.ly/3wmEHBI My fundamental position is that paying people to work on open source is good, full stop, no exceptions. We need to stop criticizing maintainers getting paid, and start celebrating. Yes, all of the mechanisms are flawed in some way, but that’s because the world is flawed, and it’s not the fault of the people taking money. Yelling at maintainers who’ve found a way to make a living is wrong.Source: Paying people to work on open source is good actually – Jacob Kaplan-Moss ()
Paying people to work on open source is good actually - Jacob Kaplan-Moss
jacobian.org
To view or add a comment, sign in
3,376 followers