You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@community.apache.org by Bertrand Delacretaz <bd...@apache.org> on 2022/03/01 08:42:39 UTC
Re: Effective ways of getting individuals funded to work on ASF projects
Hi,
Le lun. 28 févr. 2022 à 21:15, Jarek Potiuk <ja...@potiuk.com> a écrit :
> ...Proposal:
> I think we all agree that ASF meets the criteria of Tidelift already.
> Why don't Tidelift (in the places where open-source projects included are
> listed) explain that ASF projects meet the criteria, and any one is free
> to deal directly with the committers of all ASF projects directly...
I'd say we all agree that *in theory* ASF projects meet Tidelift's
criteria, quoting from earlier in this thread, with my own numbering
added:
Le lun. 28 févr. 2022 à 19:30, Joshua Simmons
<jo...@tidelift.com> a écrit :
> ...*What Tidelift expects from maintainers*Maintainers provide two things to
> our customers: (1) information (licensing details, context on CVEs) and
> (2) continuity (comfort that the package is maintained and is highly likely to
> continue to be maintained). We also expect maintainers (3) to abide by a Code
> of Conduct....
I think for (3) we're good, the ASF will intervene if projects are not ok.
But for (1) and (2) I think the ASF *wants* our projects to be good
citizens, and we work towards that and support them, but entities such
as Tidelift or others could add value by measuring and reporting what
actually happens.
Does Apache FOO actually provide good information on security issues and CVEs?
Timely response? What's their average/min/max response time, how many
"in-flight" CVEs?
Does Apache FOO release often enough? Maybe based on project maturity
categories, new, established, mostly dormant etc.
We could of course measure these things ourselves, and we do have some data.
But I think having external entities provide factual data on how well
our projects are doing can be useful, and for customers of Tidelift
and the like that certainly has value.
Whatever mechanism our contributors use to finance themselves, having
information on which projects are most worthy of trust can help end
users select and finance the right projects and people.
-Bertrand
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
On Tue, Mar 1, 2022 at 9:42 AM Bertrand Delacretaz <bd...@apache.org>
wrote:
> I think for (3) we're good, the ASF will intervene if projects are not ok.
>
> But for (1) and (2) I think the ASF *wants* our projects to be good
> citizens, and we work towards that and support them, but entities such
> as Tidelift or others could add value by measuring and reporting what
> actually happens.
>
Feel free. All the data is available for ASF. Everything we do is public.
>
> But I think having external entities provide factual data on how well
> our projects are doing can be useful, and for customers of Tidelift
> and the like that certainly has value.
>
Sure. Please. Do. Measure. Publish. By all means. No problem with that.
> Whatever mechanism our contributors use to finance themselves, having
> information on which projects are most worthy of trust can help end
> users select and finance the right projects and people.
>
Of course. Feel Free to provide objective data on it. Publishing
information about
how well projects are doing is great way to incentivise the committers to
do better.
I am 150% for it. This could be a great service to all OSS projects.
But the Tidelift model is talking about "limiting" the individuals in the
choices they
made NOT measuring what they do. For multiple reasons those individuals in
those projects might make different decisions (and be responsible for it).
Imposing
rules and limits by Tidelift is just against the rules of ASF. Measuring is
not.
If Tidelift adjusts the model to just measure, report and make the
customers decide
based on that - I think that is far more consistent with the way how
ASF works.
Don't try to make yourself a "policeman" controlling it.
>
> -Bertrand
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Bill Cole <bi...@apache.org>.
On 2022-03-03 at 02:40:09 UTC-0500 (Thu, 3 Mar 2022 07:40:09 +0000)
Christofer Dutz <de...@community.apache.org>
is rumored to have said:
> Just thinking out loud ...
>
> The ASF could never be an entity that people could come to looking for commercial support.
> That would just be in conflict with being a non-profit charitable organization.
Perhaps in principle but at least in the US, not in law. Non-profits are able to support themselves with commercial operations, although they may need to be careful about anti-competitive practices.
Having worked in commercial operations of non-profits a couple of times in my life, I would concur that the ASF *SHOULD NEVER* be an entity that people could come to looking for commercial support, even if it were in an entirely legal way. Paying people to provide support feels tantamount to paying them for development. A perfectly good thing for others to do, not the ASF.
> However, we also have this discussion about the endowment from the pinaple funds donation.
> How about having the ASF as it is, was and hopefully will always be, and a second entity that people could come to for commercial support.
> In contrast to the usual external companies, the board of this entity could be linked to the board of the ASF?
> This would ensure that the company is run in line with the values of the ASF.
>
> Please tell me if this is just complete nonsense ;-)
This is akin to Mozilla Corp. and Mozilla Fdn. Not fundamentally nonsense, but not really a fit for ASF in my opinion.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
I quite agree with Dave - Tidelift should not be any different and should
be treated exactly the same as anyone else.
I really think what ASF could do is to (and this is how I understand
Roman's proposal):
* clarify the rules and limits (so that companies like Tidelift - or
Google, or AWS or whoever else knows what to expect and how to adjust their
expectations (i.e not approaching the ASF and PMC but approaching
individuals instead, not expecting PMC to endorse the company)
* help individual contributors - for example by providing them with
"compatible" or "example" rules and expectations that the contracts with
individuals can have
* make it clear that such practices are OK and somewhat promote/endorse it
(in the sense of laying out transparent, easy to find and refer-to rules
above) - also that would give some of the contributors a courage to discuss
and reach out themselves, they might not even be aware that they can ask to
be paid and what the rules are.
I think currently many of the contributors and stakeholders simply do not
know that there are some limits and rules and we can simply continue having
companies like Tidelift approaching ASF and attempting to convince ASF over
and over to something that is not compatible with the ASF rules - simply
because they do not know.
J.
On Thu, Mar 3, 2022 at 8:41 AM Christofer Dutz <ch...@c-ware.de>
wrote:
> Just thinking out loud ...
>
> The ASF could never be an entity that people could come to looking for
> commercial support.
> That would just be in conflict with being a non-profit charitable
> organization.
>
> However, we also have this discussion about the endowment from the pinaple
> funds donation.
> How about having the ASF as it is, was and hopefully will always be, and a
> second entity that people could come to for commercial support.
> In contrast to the usual external companies, the board of this entity
> could be linked to the board of the ASF?
> This would ensure that the company is run in line with the values of the
> ASF.
>
> Please tell me if this is just complete nonsense ;-)
>
> Chris
>
>
>
> -----Original Message-----
> From: Dave Fisher <wa...@comcast.net>
> Sent: Donnerstag, 3. März 2022 07:33
> To: dev@community.apache.org
> Subject: Re: Effective ways of getting individuals funded to work on ASF
> projects
>
> We can’t know the motivations of anyone funding a “tidelift” effort.
>
> And we have trademarks / brand to help deal with misnamed vendor product.
>
> PMCs have the same guarantees with vendors and funders - none.
>
> Do we need a clearer statement about participation as individuals?
>
> Do we need clarification about how a PMC can ask for help?
>
> Trying to keep it simple.
>
> All the best,
> Dave
>
> Sent from my iPhone
>
> > On Mar 2, 2022, at 10:20 PM, Ralph Goers <ra...@dslextreme.com>
> wrote:
> >
> > My experience with vendors that employee people to work on ASF
> > projects is that they have their own internal processes that are
> > separate from the ASF’s. For example, as part of their product they
> > might deliver Apache Foo for Acme Bar. The version they ship might not
> exactly match what the ASF distributes.
> >
> > Tidelift doesn’t deliver a product so has no way to achieve this.
> >
> > That said, Tidelift certainly could provide resources to run the
> > processes they deem necessary and get the folks they are paying to
> > execute those. But any issues that are found would have to be resolved
> in the project, not in something Tidelift distributes.
> >
> > Ralph
> >
> >
> >
> >> On Mar 2, 2022, at 6:10 PM, Dave Fisher <wa...@comcast.net> wrote:
> >>
> >> The way this discussion is going makes me want to ask why should
> tidelift be any different from a vendor that pays individuals to work on
> ASF projects as part of their employment?
> >>
> >> The same neutrality ought to apply. Why do we need to make a new
> classification?
> >>
> >> All the best,
> >> Dave
> >>
> >> Sent from my iPhone
> >>
> >>>> On Mar 2, 2022, at 4:31 PM, Willem Jiang <wi...@gmail.com>
> wrote:
> >>>
> >>> +1.
> >>> It will make the maintainer's life easier with this collected
> information.
> >>> When we bring the commercial support to the ASF project daily
> >>> development, we still need to follow certain rules to avoid the
> >>> conflict with the Apache way we believed.
> >>>
> >>> Willem Jiang
> >>>
> >>> Twitter: willemjiang
> >>> Weibo: 姜宁willem
> >>>
> >>>> On Thu, Mar 3, 2022 at 1:08 AM Jarek Potiuk <ja...@potiuk.com> wrote:
> >>>>
> >>>> Thanks Roman for the initiative. +1 on it.
> >>>>
> >>>> I think this might allow us to focus on what we (ASF) think is
> >>>> really important and needed by the individuals who work on ASF
> >>>> projects, and set our boundaries and limits their individual
> >>>> approach as well as clear limits and boundaries for the
> >>>> organisations that would like to apply - and then let any entity who
> wants to help to see how they can fit-in.
> >>>>
> >>>> Happy to help with hashing it out.
> >>>>
> >>>> J.
> >>>>
> >>>> On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz
> >>>> <bd...@apache.org>
> >>>> wrote:
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik
> >>>>> <ro...@shaposhnik.org> a écrit :
> >>>>>> ...Once we've collected that type of info -- we can then sort of
> >>>>> "evaluate
> >>>>>> vendors" against that list and see what they are missing, etc. We
> >>>>>> can even issue a wide "call to apply" for various companies if we
> >>>>>> feel like
> >>>>> it...
> >>>>>
> >>>>> +1, I like the idea!
> >>>>>
> >>>>> -Bertrand
> >>>>>
> >>>>> ------------------------------------------------------------------
> >>>>> --- To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> >>>>> For additional commands, e-mail: dev-help@community.apache.org
> >>>>>
> >>>>>
> >>>
> >>> --------------------------------------------------------------------
> >>> - To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> >>> For additional commands, e-mail: dev-help@community.apache.org
> >>>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> >> For additional commands, e-mail: dev-help@community.apache.org
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> > For additional commands, e-mail: dev-help@community.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Maxim Solodovnik <so...@gmail.com>.
Commertial support link at our project
Is not very much visited :(
from mobile (sorry for typos ;)
On Thu, Mar 3, 2022, 14:41 Christofer Dutz <ch...@c-ware.de>
wrote:
> Just thinking out loud ...
>
> The ASF could never be an entity that people could come to looking for
> commercial support.
> That would just be in conflict with being a non-profit charitable
> organization.
>
> However, we also have this discussion about the endowment from the pinaple
> funds donation.
> How about having the ASF as it is, was and hopefully will always be, and a
> second entity that people could come to for commercial support.
> In contrast to the usual external companies, the board of this entity
> could be linked to the board of the ASF?
> This would ensure that the company is run in line with the values of the
> ASF.
>
> Please tell me if this is just complete nonsense ;-)
>
> Chris
>
>
>
> -----Original Message-----
> From: Dave Fisher <wa...@comcast.net>
> Sent: Donnerstag, 3. März 2022 07:33
> To: dev@community.apache.org
> Subject: Re: Effective ways of getting individuals funded to work on ASF
> projects
>
> We can’t know the motivations of anyone funding a “tidelift” effort.
>
> And we have trademarks / brand to help deal with misnamed vendor product.
>
> PMCs have the same guarantees with vendors and funders - none.
>
> Do we need a clearer statement about participation as individuals?
>
> Do we need clarification about how a PMC can ask for help?
>
> Trying to keep it simple.
>
> All the best,
> Dave
>
> Sent from my iPhone
>
> > On Mar 2, 2022, at 10:20 PM, Ralph Goers <ra...@dslextreme.com>
> wrote:
> >
> > My experience with vendors that employee people to work on ASF
> > projects is that they have their own internal processes that are
> > separate from the ASF’s. For example, as part of their product they
> > might deliver Apache Foo for Acme Bar. The version they ship might not
> exactly match what the ASF distributes.
> >
> > Tidelift doesn’t deliver a product so has no way to achieve this.
> >
> > That said, Tidelift certainly could provide resources to run the
> > processes they deem necessary and get the folks they are paying to
> > execute those. But any issues that are found would have to be resolved
> in the project, not in something Tidelift distributes.
> >
> > Ralph
> >
> >
> >
> >> On Mar 2, 2022, at 6:10 PM, Dave Fisher <wa...@comcast.net> wrote:
> >>
> >> The way this discussion is going makes me want to ask why should
> tidelift be any different from a vendor that pays individuals to work on
> ASF projects as part of their employment?
> >>
> >> The same neutrality ought to apply. Why do we need to make a new
> classification?
> >>
> >> All the best,
> >> Dave
> >>
> >> Sent from my iPhone
> >>
> >>>> On Mar 2, 2022, at 4:31 PM, Willem Jiang <wi...@gmail.com>
> wrote:
> >>>
> >>> +1.
> >>> It will make the maintainer's life easier with this collected
> information.
> >>> When we bring the commercial support to the ASF project daily
> >>> development, we still need to follow certain rules to avoid the
> >>> conflict with the Apache way we believed.
> >>>
> >>> Willem Jiang
> >>>
> >>> Twitter: willemjiang
> >>> Weibo: 姜宁willem
> >>>
> >>>> On Thu, Mar 3, 2022 at 1:08 AM Jarek Potiuk <ja...@potiuk.com> wrote:
> >>>>
> >>>> Thanks Roman for the initiative. +1 on it.
> >>>>
> >>>> I think this might allow us to focus on what we (ASF) think is
> >>>> really important and needed by the individuals who work on ASF
> >>>> projects, and set our boundaries and limits their individual
> >>>> approach as well as clear limits and boundaries for the
> >>>> organisations that would like to apply - and then let any entity who
> wants to help to see how they can fit-in.
> >>>>
> >>>> Happy to help with hashing it out.
> >>>>
> >>>> J.
> >>>>
> >>>> On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz
> >>>> <bd...@apache.org>
> >>>> wrote:
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik
> >>>>> <ro...@shaposhnik.org> a écrit :
> >>>>>> ...Once we've collected that type of info -- we can then sort of
> >>>>> "evaluate
> >>>>>> vendors" against that list and see what they are missing, etc. We
> >>>>>> can even issue a wide "call to apply" for various companies if we
> >>>>>> feel like
> >>>>> it...
> >>>>>
> >>>>> +1, I like the idea!
> >>>>>
> >>>>> -Bertrand
> >>>>>
> >>>>> ------------------------------------------------------------------
> >>>>> --- To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> >>>>> For additional commands, e-mail: dev-help@community.apache.org
> >>>>>
> >>>>>
> >>>
> >>> --------------------------------------------------------------------
> >>> - To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> >>> For additional commands, e-mail: dev-help@community.apache.org
> >>>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> >> For additional commands, e-mail: dev-help@community.apache.org
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> > For additional commands, e-mail: dev-help@community.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
RE: Effective ways of getting individuals funded to work on ASF projects
Posted by Christofer Dutz <ch...@c-ware.de>.
Just thinking out loud ...
The ASF could never be an entity that people could come to looking for commercial support.
That would just be in conflict with being a non-profit charitable organization.
However, we also have this discussion about the endowment from the pinaple funds donation.
How about having the ASF as it is, was and hopefully will always be, and a second entity that people could come to for commercial support.
In contrast to the usual external companies, the board of this entity could be linked to the board of the ASF?
This would ensure that the company is run in line with the values of the ASF.
Please tell me if this is just complete nonsense ;-)
Chris
-----Original Message-----
From: Dave Fisher <wa...@comcast.net>
Sent: Donnerstag, 3. März 2022 07:33
To: dev@community.apache.org
Subject: Re: Effective ways of getting individuals funded to work on ASF projects
We can’t know the motivations of anyone funding a “tidelift” effort.
And we have trademarks / brand to help deal with misnamed vendor product.
PMCs have the same guarantees with vendors and funders - none.
Do we need a clearer statement about participation as individuals?
Do we need clarification about how a PMC can ask for help?
Trying to keep it simple.
All the best,
Dave
Sent from my iPhone
> On Mar 2, 2022, at 10:20 PM, Ralph Goers <ra...@dslextreme.com> wrote:
>
> My experience with vendors that employee people to work on ASF
> projects is that they have their own internal processes that are
> separate from the ASF’s. For example, as part of their product they
> might deliver Apache Foo for Acme Bar. The version they ship might not exactly match what the ASF distributes.
>
> Tidelift doesn’t deliver a product so has no way to achieve this.
>
> That said, Tidelift certainly could provide resources to run the
> processes they deem necessary and get the folks they are paying to
> execute those. But any issues that are found would have to be resolved in the project, not in something Tidelift distributes.
>
> Ralph
>
>
>
>> On Mar 2, 2022, at 6:10 PM, Dave Fisher <wa...@comcast.net> wrote:
>>
>> The way this discussion is going makes me want to ask why should tidelift be any different from a vendor that pays individuals to work on ASF projects as part of their employment?
>>
>> The same neutrality ought to apply. Why do we need to make a new classification?
>>
>> All the best,
>> Dave
>>
>> Sent from my iPhone
>>
>>>> On Mar 2, 2022, at 4:31 PM, Willem Jiang <wi...@gmail.com> wrote:
>>>
>>> +1.
>>> It will make the maintainer's life easier with this collected information.
>>> When we bring the commercial support to the ASF project daily
>>> development, we still need to follow certain rules to avoid the
>>> conflict with the Apache way we believed.
>>>
>>> Willem Jiang
>>>
>>> Twitter: willemjiang
>>> Weibo: 姜宁willem
>>>
>>>> On Thu, Mar 3, 2022 at 1:08 AM Jarek Potiuk <ja...@potiuk.com> wrote:
>>>>
>>>> Thanks Roman for the initiative. +1 on it.
>>>>
>>>> I think this might allow us to focus on what we (ASF) think is
>>>> really important and needed by the individuals who work on ASF
>>>> projects, and set our boundaries and limits their individual
>>>> approach as well as clear limits and boundaries for the
>>>> organisations that would like to apply - and then let any entity who wants to help to see how they can fit-in.
>>>>
>>>> Happy to help with hashing it out.
>>>>
>>>> J.
>>>>
>>>> On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz
>>>> <bd...@apache.org>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik
>>>>> <ro...@shaposhnik.org> a écrit :
>>>>>> ...Once we've collected that type of info -- we can then sort of
>>>>> "evaluate
>>>>>> vendors" against that list and see what they are missing, etc. We
>>>>>> can even issue a wide "call to apply" for various companies if we
>>>>>> feel like
>>>>> it...
>>>>>
>>>>> +1, I like the idea!
>>>>>
>>>>> -Bertrand
>>>>>
>>>>> ------------------------------------------------------------------
>>>>> --- To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>>>> For additional commands, e-mail: dev-help@community.apache.org
>>>>>
>>>>>
>>>
>>> --------------------------------------------------------------------
>>> - To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>> For additional commands, e-mail: dev-help@community.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Dave Fisher <wa...@comcast.net>.
We can’t know the motivations of anyone funding a “tidelift” effort.
And we have trademarks / brand to help deal with misnamed vendor product.
PMCs have the same guarantees with vendors and funders - none.
Do we need a clearer statement about participation as individuals?
Do we need clarification about how a PMC can ask for help?
Trying to keep it simple.
All the best,
Dave
Sent from my iPhone
> On Mar 2, 2022, at 10:20 PM, Ralph Goers <ra...@dslextreme.com> wrote:
>
> My experience with vendors that employee people to work on ASF projects is that
> they have their own internal processes that are separate from the ASF’s. For example,
> as part of their product they might deliver Apache Foo for Acme Bar. The version they
> ship might not exactly match what the ASF distributes.
>
> Tidelift doesn’t deliver a product so has no way to achieve this.
>
> That said, Tidelift certainly could provide resources to run the processes they deem
> necessary and get the folks they are paying to execute those. But any issues that are
> found would have to be resolved in the project, not in something Tidelift distributes.
>
> Ralph
>
>
>
>> On Mar 2, 2022, at 6:10 PM, Dave Fisher <wa...@comcast.net> wrote:
>>
>> The way this discussion is going makes me want to ask why should tidelift be any different from a vendor that pays individuals to work on ASF projects as part of their employment?
>>
>> The same neutrality ought to apply. Why do we need to make a new classification?
>>
>> All the best,
>> Dave
>>
>> Sent from my iPhone
>>
>>>> On Mar 2, 2022, at 4:31 PM, Willem Jiang <wi...@gmail.com> wrote:
>>>
>>> +1.
>>> It will make the maintainer's life easier with this collected information.
>>> When we bring the commercial support to the ASF project daily
>>> development, we still need to follow certain rules to avoid the
>>> conflict with the Apache way we believed.
>>>
>>> Willem Jiang
>>>
>>> Twitter: willemjiang
>>> Weibo: 姜宁willem
>>>
>>>> On Thu, Mar 3, 2022 at 1:08 AM Jarek Potiuk <ja...@potiuk.com> wrote:
>>>>
>>>> Thanks Roman for the initiative. +1 on it.
>>>>
>>>> I think this might allow us to focus on what we (ASF) think is really
>>>> important and needed by the individuals who work on ASF projects, and set
>>>> our boundaries and limits their individual approach as well as clear limits
>>>> and boundaries for the organisations that would like to apply - and then
>>>> let any entity who wants to help to see how they can fit-in.
>>>>
>>>> Happy to help with hashing it out.
>>>>
>>>> J.
>>>>
>>>> On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz <bd...@apache.org>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik <ro...@shaposhnik.org> a
>>>>> écrit :
>>>>>> ...Once we've collected that type of info -- we can then sort of
>>>>> "evaluate
>>>>>> vendors" against that list and see what they are missing, etc. We can
>>>>>> even issue a wide "call to apply" for various companies if we feel like
>>>>> it...
>>>>>
>>>>> +1, I like the idea!
>>>>>
>>>>> -Bertrand
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>>>> For additional commands, e-mail: dev-help@community.apache.org
>>>>>
>>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>> For additional commands, e-mail: dev-help@community.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Ralph Goers <ra...@dslextreme.com>.
My experience with vendors that employee people to work on ASF projects is that
they have their own internal processes that are separate from the ASF’s. For example,
as part of their product they might deliver Apache Foo for Acme Bar. The version they
ship might not exactly match what the ASF distributes.
Tidelift doesn’t deliver a product so has no way to achieve this.
That said, Tidelift certainly could provide resources to run the processes they deem
necessary and get the folks they are paying to execute those. But any issues that are
found would have to be resolved in the project, not in something Tidelift distributes.
Ralph
> On Mar 2, 2022, at 6:10 PM, Dave Fisher <wa...@comcast.net> wrote:
>
> The way this discussion is going makes me want to ask why should tidelift be any different from a vendor that pays individuals to work on ASF projects as part of their employment?
>
> The same neutrality ought to apply. Why do we need to make a new classification?
>
> All the best,
> Dave
>
> Sent from my iPhone
>
>> On Mar 2, 2022, at 4:31 PM, Willem Jiang <wi...@gmail.com> wrote:
>>
>> +1.
>> It will make the maintainer's life easier with this collected information.
>> When we bring the commercial support to the ASF project daily
>> development, we still need to follow certain rules to avoid the
>> conflict with the Apache way we believed.
>>
>> Willem Jiang
>>
>> Twitter: willemjiang
>> Weibo: 姜宁willem
>>
>>> On Thu, Mar 3, 2022 at 1:08 AM Jarek Potiuk <ja...@potiuk.com> wrote:
>>>
>>> Thanks Roman for the initiative. +1 on it.
>>>
>>> I think this might allow us to focus on what we (ASF) think is really
>>> important and needed by the individuals who work on ASF projects, and set
>>> our boundaries and limits their individual approach as well as clear limits
>>> and boundaries for the organisations that would like to apply - and then
>>> let any entity who wants to help to see how they can fit-in.
>>>
>>> Happy to help with hashing it out.
>>>
>>> J.
>>>
>>> On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz <bd...@apache.org>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik <ro...@shaposhnik.org> a
>>>> écrit :
>>>>> ...Once we've collected that type of info -- we can then sort of
>>>> "evaluate
>>>>> vendors" against that list and see what they are missing, etc. We can
>>>>> even issue a wide "call to apply" for various companies if we feel like
>>>> it...
>>>>
>>>> +1, I like the idea!
>>>>
>>>> -Bertrand
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>>> For additional commands, e-mail: dev-help@community.apache.org
>>>>
>>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Dave Fisher <wa...@comcast.net>.
The way this discussion is going makes me want to ask why should tidelift be any different from a vendor that pays individuals to work on ASF projects as part of their employment?
The same neutrality ought to apply. Why do we need to make a new classification?
All the best,
Dave
Sent from my iPhone
> On Mar 2, 2022, at 4:31 PM, Willem Jiang <wi...@gmail.com> wrote:
>
> +1.
> It will make the maintainer's life easier with this collected information.
> When we bring the commercial support to the ASF project daily
> development, we still need to follow certain rules to avoid the
> conflict with the Apache way we believed.
>
> Willem Jiang
>
> Twitter: willemjiang
> Weibo: 姜宁willem
>
>> On Thu, Mar 3, 2022 at 1:08 AM Jarek Potiuk <ja...@potiuk.com> wrote:
>>
>> Thanks Roman for the initiative. +1 on it.
>>
>> I think this might allow us to focus on what we (ASF) think is really
>> important and needed by the individuals who work on ASF projects, and set
>> our boundaries and limits their individual approach as well as clear limits
>> and boundaries for the organisations that would like to apply - and then
>> let any entity who wants to help to see how they can fit-in.
>>
>> Happy to help with hashing it out.
>>
>> J.
>>
>> On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz <bd...@apache.org>
>> wrote:
>>
>>> Hi,
>>>
>>> Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik <ro...@shaposhnik.org> a
>>> écrit :
>>>> ...Once we've collected that type of info -- we can then sort of
>>> "evaluate
>>>> vendors" against that list and see what they are missing, etc. We can
>>>> even issue a wide "call to apply" for various companies if we feel like
>>> it...
>>>
>>> +1, I like the idea!
>>>
>>> -Bertrand
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>> For additional commands, e-mail: dev-help@community.apache.org
>>>
>>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Willem Jiang <wi...@gmail.com>.
+1.
It will make the maintainer's life easier with this collected information.
When we bring the commercial support to the ASF project daily
development, we still need to follow certain rules to avoid the
conflict with the Apache way we believed.
Willem Jiang
Twitter: willemjiang
Weibo: 姜宁willem
On Thu, Mar 3, 2022 at 1:08 AM Jarek Potiuk <ja...@potiuk.com> wrote:
>
> Thanks Roman for the initiative. +1 on it.
>
> I think this might allow us to focus on what we (ASF) think is really
> important and needed by the individuals who work on ASF projects, and set
> our boundaries and limits their individual approach as well as clear limits
> and boundaries for the organisations that would like to apply - and then
> let any entity who wants to help to see how they can fit-in.
>
> Happy to help with hashing it out.
>
> J.
>
> On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz <bd...@apache.org>
> wrote:
>
> > Hi,
> >
> > Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik <ro...@shaposhnik.org> a
> > écrit :
> > > ...Once we've collected that type of info -- we can then sort of
> > "evaluate
> > > vendors" against that list and see what they are missing, etc. We can
> > > even issue a wide "call to apply" for various companies if we feel like
> > it...
> >
> > +1, I like the idea!
> >
> > -Bertrand
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> > For additional commands, e-mail: dev-help@community.apache.org
> >
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
Thanks Roman for the initiative. +1 on it.
I think this might allow us to focus on what we (ASF) think is really
important and needed by the individuals who work on ASF projects, and set
our boundaries and limits their individual approach as well as clear limits
and boundaries for the organisations that would like to apply - and then
let any entity who wants to help to see how they can fit-in.
Happy to help with hashing it out.
J.
On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz <bd...@apache.org>
wrote:
> Hi,
>
> Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik <ro...@shaposhnik.org> a
> écrit :
> > ...Once we've collected that type of info -- we can then sort of
> "evaluate
> > vendors" against that list and see what they are missing, etc. We can
> > even issue a wide "call to apply" for various companies if we feel like
> it...
>
> +1, I like the idea!
>
> -Bertrand
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Bertrand Delacretaz <bd...@apache.org>.
Hi,
Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik <ro...@shaposhnik.org> a écrit :
> ...Once we've collected that type of info -- we can then sort of "evaluate
> vendors" against that list and see what they are missing, etc. We can
> even issue a wide "call to apply" for various companies if we feel like it...
+1, I like the idea!
-Bertrand
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Phil Steitz <ph...@gmail.com>.
On 3/5/22 12:08, Jarek Potiuk wrote:
>> I am talking about *user* companies here
> Of course this is (as I wrote) a perfectly valid case - and it works
> beautifully in many cases. I know plenty of examples :).
> Maybe there was a misunderstanding of my "(unlike the models 2. 3)". I
> think those models were (and still are) crucial to the success of many
> projects. And I think there is no argument about it.
> I am not sure if this is some kind of argument we are having or whether we
> agree so let me reiterate what I thin I want to say in the context of the
> topic of the discussion.
> Just to remind the topic: "Effective ways of getting individuals funded to
> work on ASF projects"
>
> Both 2) and 3) contain "employers" who pay their employees or allow them to
> scratch itches independently and I am not sure if ASF can help here somehow
> in making it "better".
>
> On the other hand my proposed "model 4)" is different and I believe ASF
> **might** play some role in making it easier for both individuals and
> stakeholders.
All good. I did not mean to be argumentative - just to point out that
it is possible to be funded to work on OSS without working for a vendor
either directly or indirectly as a contractor.
Phil
>
> In this model, you have no "employees". You have stakeholders reaching out
> to individuals - committers/PMC members/contributors who are already
> working on the project (or the other way round - it could be committers
> reaching out) to pay them.
> All this without a pre-existing Employee <-> Employer relationship.
>
> I think this is the very model that the ASF can help to "facilitate"
> establishing such relationships (which is the most difficult and crucial
> part of making the model works).
>
> * make both individuals and stakeholders aware it's OK and what are the
> conditions (for example making sure there is "no non-compete" and
> "community makes decisions" clauses) in such relationships
> * show the path how both sides can act to establish relationship between
> them and what could the "protocol" there
> * provide some guidelines on how contracts should be written (without
> providing legal advice of course as ASF can't do that and those will be
> subject to local laws especially in case of IP clauses there)
> * possibly provide a list of intermediaries that can help with the
> "bureaucracy" (handling invoices, signing, preparing contracts etc.)
>
> I think if we are (at least that was the initial topic) discussing ways
> "how we can improve the situation as an ASF" - this is my thinking where it
> could help - specifically in model 4.
>
> I am also happy to help prepare some of that (following Roman's proposal).
>
> For example I am - as we speak - discussing some details with my lawyers
> (who actually specialise both anglo-saxon and east-european IP law) about
> some IP clauses in my contracts that I am sending to a new customer. And
> while I can afford that and have friendly lawyers whom I trust with it, and
> I run a business before, so I know you need to involve lawyers there. I am
> sure that might be one of the obstacles for multiple individuals who would
> like to set up similar, direct contracts with the stakeholders, but do not
> know where to start and what to look for - I think sharing some outcome
> and guidelines here might help.
>
> J.
>
>
>
> On Sat, Mar 5, 2022 at 12:32 AM Phil Steitz <ph...@steitz.com> wrote:
>
>> On 3/4/22 11:28 AM, Jarek Potiuk wrote:
>>>> Definitely another good way to support projects. I think 2. and 3.
>>>> originating in user companies can actually help foster vendor neutrality
>>>> as these companies are really just users. Whether the people are
>>>> employees or contractors is not important. What *is* important is that
>>>> they have time and mandate to contribute broadly to the project rather
>>>> than just trying to get specific features in.
>>> There is a huge difference actually.
>>>
>>> Employees - almost by definition - cannot work for competitors at the
>>> same time. Individual contributors can.
>> I am talking about *user* companies here - companies that do not
>> directly make $ on the software being produced by the project. However
>> they pay - either employees or contractors - they are going to protect
>> their proprietary IP and they need to have policies around that, but in
>> the vast majority of cases for actual user companies, this is irrelevant.
>>
>> There are a *huge* number of companies that use ASF and other OSS
>> software that do not compete in any way shape or form with the various
>> vendors involved in the projects. I am talking about those companies -
>> the actual users of the software. It is very possible for these
>> companies to employ people and allow and encourage them to contribute
>> *independently* to OSS, sometimes scratching work-related itches,
>> sometimes just doing what needs doing. I know that seems a slightly
>> foreign concept these days, but there have been a whole lot of people
>> over the years who have done exactly this. The nice thing about working
>> for a company that actually uses the software is you get a clear picture
>> of what is important. Your direct experience using and supporting the
>> software comes directly back into the project. As I said, our projects
>> used to be full of people like this. One of our most successful early
>> Java projects - Struts - had no vendor-paid developers when it became
>> the leading Java MVC framework. The committers all used struts in
>> @dayjob, but they were actual users. As we have become more
>> vendor-dominated, contributors like that have become more sparse. That
>> does not mean though that this it is not a vast resource of potential
>> contributors and a good way to get paid at least partially to work on OSS.
>>
>> Phil
>>
>>> As a contractor (and that also should be part of any other
>>> contributor's clause) I can work with multiple stakeholders - even
>>> competitors (and this is an important clause that I make sure in my
>>> contract).
>>>
>>> Currently, as an independent contributor i have/had business
>> relationship with:
>>> * Google
>>> * AWS
>>> * Astronomer
>>>
>>> (And some more are coming). They are competitors, buti also they are
>>> cooperating on Airflow - so called "coopetition". This is next to
>>> impossible for an Employee to have several employment contracts with
>>> competitors at the same time.
>>>
>>> Also it allows me to lead projects and initiatives, where there is a
>>> value brought by all those different stakeholders. Being independent
>>> and paid by all of those make it also easier for other stakeholders to
>>> join the efforts.
>>>
>>> This is all extremely different to situations where the people
>>> contributing are employed by a single Employer. That also works - of
>>> course, and there is nothing wrong with that. But it is very
>>> different.
>>>
>>> J.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>> For additional commands, e-mail: dev-help@community.apache.org
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
> I am talking about *user* companies here
Of course this is (as I wrote) a perfectly valid case - and it works
beautifully in many cases. I know plenty of examples :).
Maybe there was a misunderstanding of my "(unlike the models 2. 3)". I
think those models were (and still are) crucial to the success of many
projects. And I think there is no argument about it.
I am not sure if this is some kind of argument we are having or whether we
agree so let me reiterate what I thin I want to say in the context of the
topic of the discussion.
Just to remind the topic: "Effective ways of getting individuals funded to
work on ASF projects"
Both 2) and 3) contain "employers" who pay their employees or allow them to
scratch itches independently and I am not sure if ASF can help here somehow
in making it "better".
On the other hand my proposed "model 4)" is different and I believe ASF
**might** play some role in making it easier for both individuals and
stakeholders.
In this model, you have no "employees". You have stakeholders reaching out
to individuals - committers/PMC members/contributors who are already
working on the project (or the other way round - it could be committers
reaching out) to pay them.
All this without a pre-existing Employee <-> Employer relationship.
I think this is the very model that the ASF can help to "facilitate"
establishing such relationships (which is the most difficult and crucial
part of making the model works).
* make both individuals and stakeholders aware it's OK and what are the
conditions (for example making sure there is "no non-compete" and
"community makes decisions" clauses) in such relationships
* show the path how both sides can act to establish relationship between
them and what could the "protocol" there
* provide some guidelines on how contracts should be written (without
providing legal advice of course as ASF can't do that and those will be
subject to local laws especially in case of IP clauses there)
* possibly provide a list of intermediaries that can help with the
"bureaucracy" (handling invoices, signing, preparing contracts etc.)
I think if we are (at least that was the initial topic) discussing ways
"how we can improve the situation as an ASF" - this is my thinking where it
could help - specifically in model 4.
I am also happy to help prepare some of that (following Roman's proposal).
For example I am - as we speak - discussing some details with my lawyers
(who actually specialise both anglo-saxon and east-european IP law) about
some IP clauses in my contracts that I am sending to a new customer. And
while I can afford that and have friendly lawyers whom I trust with it, and
I run a business before, so I know you need to involve lawyers there. I am
sure that might be one of the obstacles for multiple individuals who would
like to set up similar, direct contracts with the stakeholders, but do not
know where to start and what to look for - I think sharing some outcome
and guidelines here might help.
J.
On Sat, Mar 5, 2022 at 12:32 AM Phil Steitz <ph...@steitz.com> wrote:
>
> On 3/4/22 11:28 AM, Jarek Potiuk wrote:
> >> Definitely another good way to support projects. I think 2. and 3.
> >> originating in user companies can actually help foster vendor neutrality
> >> as these companies are really just users. Whether the people are
> >> employees or contractors is not important. What *is* important is that
> >> they have time and mandate to contribute broadly to the project rather
> >> than just trying to get specific features in.
> > There is a huge difference actually.
> >
> > Employees - almost by definition - cannot work for competitors at the
> > same time. Individual contributors can.
>
> I am talking about *user* companies here - companies that do not
> directly make $ on the software being produced by the project. However
> they pay - either employees or contractors - they are going to protect
> their proprietary IP and they need to have policies around that, but in
> the vast majority of cases for actual user companies, this is irrelevant.
>
> There are a *huge* number of companies that use ASF and other OSS
> software that do not compete in any way shape or form with the various
> vendors involved in the projects. I am talking about those companies -
> the actual users of the software. It is very possible for these
> companies to employ people and allow and encourage them to contribute
> *independently* to OSS, sometimes scratching work-related itches,
> sometimes just doing what needs doing. I know that seems a slightly
> foreign concept these days, but there have been a whole lot of people
> over the years who have done exactly this. The nice thing about working
> for a company that actually uses the software is you get a clear picture
> of what is important. Your direct experience using and supporting the
> software comes directly back into the project. As I said, our projects
> used to be full of people like this. One of our most successful early
> Java projects - Struts - had no vendor-paid developers when it became
> the leading Java MVC framework. The committers all used struts in
> @dayjob, but they were actual users. As we have become more
> vendor-dominated, contributors like that have become more sparse. That
> does not mean though that this it is not a vast resource of potential
> contributors and a good way to get paid at least partially to work on OSS.
>
> Phil
>
> >
> > As a contractor (and that also should be part of any other
> > contributor's clause) I can work with multiple stakeholders - even
> > competitors (and this is an important clause that I make sure in my
> > contract).
> >
> > Currently, as an independent contributor i have/had business
> relationship with:
> >
> > * Google
> > * AWS
> > * Astronomer
> >
> > (And some more are coming). They are competitors, buti also they are
> > cooperating on Airflow - so called "coopetition". This is next to
> > impossible for an Employee to have several employment contracts with
> > competitors at the same time.
> >
> > Also it allows me to lead projects and initiatives, where there is a
> > value brought by all those different stakeholders. Being independent
> > and paid by all of those make it also easier for other stakeholders to
> > join the efforts.
> >
> > This is all extremely different to situations where the people
> > contributing are employed by a single Employer. That also works - of
> > course, and there is nothing wrong with that. But it is very
> > different.
> >
> > J.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> > For additional commands, e-mail: dev-help@community.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Phil Steitz <ph...@steitz.com>.
On 3/4/22 11:28 AM, Jarek Potiuk wrote:
>> Definitely another good way to support projects. I think 2. and 3.
>> originating in user companies can actually help foster vendor neutrality
>> as these companies are really just users. Whether the people are
>> employees or contractors is not important. What *is* important is that
>> they have time and mandate to contribute broadly to the project rather
>> than just trying to get specific features in.
> There is a huge difference actually.
>
> Employees - almost by definition - cannot work for competitors at the
> same time. Individual contributors can.
I am talking about *user* companies here - companies that do not
directly make $ on the software being produced by the project. However
they pay - either employees or contractors - they are going to protect
their proprietary IP and they need to have policies around that, but in
the vast majority of cases for actual user companies, this is irrelevant.
There are a *huge* number of companies that use ASF and other OSS
software that do not compete in any way shape or form with the various
vendors involved in the projects. I am talking about those companies -
the actual users of the software. It is very possible for these
companies to employ people and allow and encourage them to contribute
*independently* to OSS, sometimes scratching work-related itches,
sometimes just doing what needs doing. I know that seems a slightly
foreign concept these days, but there have been a whole lot of people
over the years who have done exactly this. The nice thing about working
for a company that actually uses the software is you get a clear picture
of what is important. Your direct experience using and supporting the
software comes directly back into the project. As I said, our projects
used to be full of people like this. One of our most successful early
Java projects - Struts - had no vendor-paid developers when it became
the leading Java MVC framework. The committers all used struts in
@dayjob, but they were actual users. As we have become more
vendor-dominated, contributors like that have become more sparse. That
does not mean though that this it is not a vast resource of potential
contributors and a good way to get paid at least partially to work on OSS.
Phil
>
> As a contractor (and that also should be part of any other
> contributor's clause) I can work with multiple stakeholders - even
> competitors (and this is an important clause that I make sure in my
> contract).
>
> Currently, as an independent contributor i have/had business relationship with:
>
> * Google
> * AWS
> * Astronomer
>
> (And some more are coming). They are competitors, buti also they are
> cooperating on Airflow - so called "coopetition". This is next to
> impossible for an Employee to have several employment contracts with
> competitors at the same time.
>
> Also it allows me to lead projects and initiatives, where there is a
> value brought by all those different stakeholders. Being independent
> and paid by all of those make it also easier for other stakeholders to
> join the efforts.
>
> This is all extremely different to situations where the people
> contributing are employed by a single Employer. That also works - of
> course, and there is nothing wrong with that. But it is very
> different.
>
> J.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Dave Fisher <wa...@apache.org>.
> On Mar 4, 2022, at 10:28 AM, Jarek Potiuk <ja...@potiuk.com> wrote:
>
>> Definitely another good way to support projects. I think 2. and 3.
>> originating in user companies can actually help foster vendor neutrality
>> as these companies are really just users. Whether the people are
>> employees or contractors is not important. What *is* important is that
>> they have time and mandate to contribute broadly to the project rather
>> than just trying to get specific features in.
This is a subtle and important point.
- how do vendors enable their individuals to upstream changes?
- how easy does the project make it for individuals to upstream their changes?
>
> There is a huge difference actually.
>
> Employees - almost by definition - cannot work for competitors at the
> same time. Individual contributors can.
That depends on the terms of employment. I’m employed currently and explicitly expected to contribute. This hasn’t always been the case.
>
> As a contractor (and that also should be part of any other
> contributor's clause) I can work with multiple stakeholders - even
> competitors (and this is an important clause that I make sure in my
> contract).
There are reasons for competitors to co-operate.
>
> Currently, as an independent contributor i have/had business relationship with:
>
> * Google
> * AWS
> * Astronomer
>
> (And some more are coming). They are competitors, buti also they are
> cooperating on Airflow - so called "coopetition". This is next to
> impossible for an Employee to have several employment contracts with
> competitors at the same time.
This is how a vendor independent project ought to work.
Perhaps a review of https://blogs.apache.org/foundation/entry/the-apache-way-to-sustainable ?
>
> Also it allows me to lead projects and initiatives, where there is a
> value brought by all those different stakeholders. Being independent
> and paid by all of those make it also easier for other stakeholders to
> join the efforts.
>
> This is all extremely different to situations where the people
> contributing are employed by a single Employer. That also works - of
> course, and there is nothing wrong with that. But it is very
> different.
Everyone’s situation is uniquely theirs.
All the best,
Dave
>
> J.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
> Definitely another good way to support projects. I think 2. and 3.
> originating in user companies can actually help foster vendor neutrality
> as these companies are really just users. Whether the people are
> employees or contractors is not important. What *is* important is that
> they have time and mandate to contribute broadly to the project rather
> than just trying to get specific features in.
There is a huge difference actually.
Employees - almost by definition - cannot work for competitors at the
same time. Individual contributors can.
As a contractor (and that also should be part of any other
contributor's clause) I can work with multiple stakeholders - even
competitors (and this is an important clause that I make sure in my
contract).
Currently, as an independent contributor i have/had business relationship with:
* Google
* AWS
* Astronomer
(And some more are coming). They are competitors, buti also they are
cooperating on Airflow - so called "coopetition". This is next to
impossible for an Employee to have several employment contracts with
competitors at the same time.
Also it allows me to lead projects and initiatives, where there is a
value brought by all those different stakeholders. Being independent
and paid by all of those make it also easier for other stakeholders to
join the efforts.
This is all extremely different to situations where the people
contributing are employed by a single Employer. That also works - of
course, and there is nothing wrong with that. But it is very
different.
J.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Phil Steitz <ph...@gmail.com>.
On 3/4/22 4:08 AM, Jarek Potiuk wrote:
>> 1. We can all afford to volunteer our discretionary time as we see
>> fit. Not just rich or retired people have discretionary time.
>> 2. Employers can support OSS communities by allowing their employees to
>> contribute as part of their jobs, but not in a "job shop" or directed way.
>> 3. Employers can support OSS by allowing their people to scratch itches
>> directly.
> I personally think there is a 4 th way. I discovered it ~4 years ago
> in Polidea, the
> software house I co-owned, worked on and sold and eventually turned it
> successfully
> into my personal "business model". This is is not at all obvious why
> it would work and
> it was a bit of surprise for me when I discovered it and when I
> successfully made living
> from it (and also successfully helped with upp-ing the value of the
> company I co founded
> so that it could be acquired) - at the same time contributing a lot to
> the success of
> Apache Airflow project which became the most contributed (in terms of numbers of
> contributors) project of the ASF.
>
> The model is:
>
> 4. Organization and stakeholders in the project, rather than paying
> their own employees,
> pay independent third-parties to contribute to the OSS (software
> houses or individuals).
> This all with understanding the limitations it brings in influencing
> direction of the project
> and recognizing value of the parties who are intimately familiar with
> not only code,
> but also community and simply are the best to "make things happens" -
> all according
> to the rules and limitations of the ASF and (unlike the models 2. 3. )
> increasing
> vendor neutrality in the project rather than decreasing it.
Definitely another good way to support projects. I think 2. and 3.
originating in user companies can actually help foster vendor neutrality
as these companies are really just users. Whether the people are
employees or contractors is not important. What *is* important is that
they have time and mandate to contribute broadly to the project rather
than just trying to get specific features in.
Phil
> I think this model makes it possible to kill two birds with the same stone:
>
> * make the model when you can make living from open source contributions
> * increase vendor neutrality in the projects
>
> It is largely described in the article which I wrote a few years back in Polidea
> and reposted it after Polidea has been acquired. Since then I learned (and
> tested on myself) that this is a sustainable model not only for 3rd party
> software houses, but also for independent contributors like me.
>
> https://medium.com/@jarekpotiuk/the-evolution-of-open-source-standing-on-the-shoulders-of-giants-db22dcdbca04
>
> I really wish we could together find some ways to replicate that and
> make many individual
> contributors to follow this model.
>
> J.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
>
> 1. We can all afford to volunteer our discretionary time as we see
> fit. Not just rich or retired people have discretionary time.
> 2. Employers can support OSS communities by allowing their employees to
> contribute as part of their jobs, but not in a "job shop" or directed way.
> 3. Employers can support OSS by allowing their people to scratch itches
> directly.
I personally think there is a 4 th way. I discovered it ~4 years ago
in Polidea, the
software house I co-owned, worked on and sold and eventually turned it
successfully
into my personal "business model". This is is not at all obvious why
it would work and
it was a bit of surprise for me when I discovered it and when I
successfully made living
from it (and also successfully helped with upp-ing the value of the
company I co founded
so that it could be acquired) - at the same time contributing a lot to
the success of
Apache Airflow project which became the most contributed (in terms of numbers of
contributors) project of the ASF.
The model is:
4. Organization and stakeholders in the project, rather than paying
their own employees,
pay independent third-parties to contribute to the OSS (software
houses or individuals).
This all with understanding the limitations it brings in influencing
direction of the project
and recognizing value of the parties who are intimately familiar with
not only code,
but also community and simply are the best to "make things happens" -
all according
to the rules and limitations of the ASF and (unlike the models 2. 3. )
increasing
vendor neutrality in the project rather than decreasing it.
I think this model makes it possible to kill two birds with the same stone:
* make the model when you can make living from open source contributions
* increase vendor neutrality in the projects
It is largely described in the article which I wrote a few years back in Polidea
and reposted it after Polidea has been acquired. Since then I learned (and
tested on myself) that this is a sustainable model not only for 3rd party
software houses, but also for independent contributors like me.
https://medium.com/@jarekpotiuk/the-evolution-of-open-source-standing-on-the-shoulders-of-giants-db22dcdbca04
I really wish we could together find some ways to replicate that and
make many individual
contributors to follow this model.
J.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Phil Steitz <ph...@gmail.com>.
On 3/3/22 3:20 PM, Matt Sicker wrote:
> I'd like to see a better solution proposed for maintaining vendor
> neutrality while funding the individuals working on the project. If
> every workable solution is denied, then the only people who can afford
> to work on Apache projects would be rich people, retired people, and
> those who are being paid by another employer to do the exact same
> thing. In fact, this is probably relevant to the demographics here as
> discovered in D&I surveys.
Umm, no.
1. We can all afford to volunteer our discretionary time as we see
fit. Not just rich or retired people have discretionary time.
2. Employers can support OSS communities by allowing their employees to
contribute as part of their jobs, but not in a "job shop" or directed way.
3. Employers can support OSS by allowing their people to scratch itches
directly.
I have personally done 1 and enabled 2 and 3 for 20+ years now. I think
1 and 3 are really what built the ASF. People working on things that
they are actually interested in and scratching their own itches leads to
great software that developers love to work on and use. We don't need
to turn into some kind of job shop, glorified joint venture or
pseudo-employer to tap into the vast and renewable resource in the user
-> contributor -> committer pipeline. Getting more *user* employers to
support 2 and 3 is definitely needed, but I think it is smarter and
better for the long term health of the ASF to focus on that (and
removing barriers to entry in vendor-dominated projects) rather than
becoming a de facto commercial software company.
Phil
>
> On Thu, Mar 3, 2022 at 4:15 PM Craig Russell <ap...@gmail.com> wrote:
>> I very much like the direction here.
>>
>> One other top post that falls into item 2 (rules of engagement):
>>
>> Apache does operate in the open with discussions, bug fixes, etc. all out for anyone to see. Except for security issues.
>>
>> I'd like to discuss how we treat committers with security privileges with regard to third parties who may be contracting for the committers' resources.
>>
>> Is it acceptable for committers to inform a third party of security issues before the CVE is public because of their relationship with the third party?
>>
>> Regards,
>> Craig
>>
>>> On Mar 2, 2022, at 6:12 AM, Roman Shaposhnik <ro...@shaposhnik.org> wrote:
>>>
>>> Hi!
>>>
>>> top-posting here, since I'd like to summarize a few points to see where we
>>> can
>>> take this discussion. Before I do that I wanted to thank Bertrand and Jim
>>> for
>>> excellent, short emails/summaries and also special thanks to Chris for an
>>> extremely informative recap of his efforts.
>>>
>>> Personally, I'd like to focus on 3 things. Please let me know if I'm missing
>>> anything or you disagree:
>>>
>>> 1. building a robust list of what we at ASF perceive as potential value
>>> that can be offered to *our* members, committers and contributors
>>> by the 3d parties like Tidelift (again, I'm simply using them as an
>>> example here -- anybody else would do just fine).
>>>
>>> 2. building a list of "rules of engagement" that we feel must be met
>>> for these types of relationships to be compatible with the way we
>>> govern our communities.
>>>
>>> 3. document all the learning, pitfalls, etc. that we've collectively
>>> amassed by trying to solve this type of a problem on a one-by-one
>>> basis.
>>>
>>> To expand on those points: I really do think that 3d parties (if done
>>> right) can take care of a lot of pain points for us. Again -- I'm NOT
>>> saying that a magic entity like that even exists today (maybe Tidelift
>>> is really not the right solution for us -- dunno yet) -- what I'm saying
>>> is that I really would like to understand how that type of a service
>>> should look like. Or take Jarek's example of ridesharing: most
>>> of people focus on ridesharing companies just matching riders to
>>> drivers, but that's just the tip of the iceberg -- ridesharing companies
>>> solve huge amounts of arbitration issues (such as insurance, license,
>>> etc.). Common folk don't get to see those -- but that's a huge value they
>>> offer to drivers (and arguably riders) on top of just finding "customers".
>>> Same with 3d parties for us I have in mind (see Chris's list of gotchas).
>>>
>>> For now, I propose a few Cofluence pages under ComDev where this
>>> type of information gets collected. I'll do it later tonight -- so feel free
>>> to just add to this thread for now.
>>>
>>> Once we've collected that type of info -- we can then sort of "evaluate
>>> vendors" against that list and see what they are missing, etc. We can
>>> even issue a wide "call to apply" for various companies if we feel like it.
>>>
>>> Makes sense?
>>>
>>> Thanks,
>>> Roman.
>>>
>>> On Tue, Mar 1, 2022 at 9:43 AM Bertrand Delacretaz <bd...@apache.org>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Le lun. 28 févr. 2022 à 21:15, Jarek Potiuk <ja...@potiuk.com> a écrit :
>>>>
>>>>> ...Proposal:
>>>>> I think we all agree that ASF meets the criteria of Tidelift already.
>>>>> Why don't Tidelift (in the places where open-source projects included are
>>>>> listed) explain that ASF projects meet the criteria, and any one is free
>>>>> to deal directly with the committers of all ASF projects directly...
>>>> I'd say we all agree that *in theory* ASF projects meet Tidelift's
>>>> criteria, quoting from earlier in this thread, with my own numbering
>>>> added:
>>>>
>>>> Le lun. 28 févr. 2022 à 19:30, Joshua Simmons
>>>> <jo...@tidelift.com> a écrit :
>>>>> ...*What Tidelift expects from maintainers*Maintainers provide two
>>>> things to
>>>>> our customers: (1) information (licensing details, context on CVEs) and
>>>>> (2) continuity (comfort that the package is maintained and is highly
>>>> likely to
>>>>> continue to be maintained). We also expect maintainers (3) to abide by a
>>>> Code
>>>>> of Conduct....
>>>> I think for (3) we're good, the ASF will intervene if projects are not ok.
>>>>
>>>> But for (1) and (2) I think the ASF *wants* our projects to be good
>>>> citizens, and we work towards that and support them, but entities such
>>>> as Tidelift or others could add value by measuring and reporting what
>>>> actually happens.
>>>>
>>>> Does Apache FOO actually provide good information on security issues and
>>>> CVEs?
>>>> Timely response? What's their average/min/max response time, how many
>>>> "in-flight" CVEs?
>>>> Does Apache FOO release often enough? Maybe based on project maturity
>>>> categories, new, established, mostly dormant etc.
>>>>
>>>> We could of course measure these things ourselves, and we do have some
>>>> data.
>>>>
>>>> But I think having external entities provide factual data on how well
>>>> our projects are doing can be useful, and for customers of Tidelift
>>>> and the like that certainly has value.
>>>>
>>>> Whatever mechanism our contributors use to finance themselves, having
>>>> information on which projects are most worthy of trust can help end
>>>> users select and finance the right projects and people.
>>>>
>>>> -Bertrand
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>>> For additional commands, e-mail: dev-help@community.apache.org
>>>>
>>>>
>> Craig L Russell
>> clr@apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Matt Sicker <bo...@gmail.com>.
I'd like to see a better solution proposed for maintaining vendor
neutrality while funding the individuals working on the project. If
every workable solution is denied, then the only people who can afford
to work on Apache projects would be rich people, retired people, and
those who are being paid by another employer to do the exact same
thing. In fact, this is probably relevant to the demographics here as
discovered in D&I surveys.
On Thu, Mar 3, 2022 at 4:15 PM Craig Russell <ap...@gmail.com> wrote:
>
> I very much like the direction here.
>
> One other top post that falls into item 2 (rules of engagement):
>
> Apache does operate in the open with discussions, bug fixes, etc. all out for anyone to see. Except for security issues.
>
> I'd like to discuss how we treat committers with security privileges with regard to third parties who may be contracting for the committers' resources.
>
> Is it acceptable for committers to inform a third party of security issues before the CVE is public because of their relationship with the third party?
>
> Regards,
> Craig
>
> > On Mar 2, 2022, at 6:12 AM, Roman Shaposhnik <ro...@shaposhnik.org> wrote:
> >
> > Hi!
> >
> > top-posting here, since I'd like to summarize a few points to see where we
> > can
> > take this discussion. Before I do that I wanted to thank Bertrand and Jim
> > for
> > excellent, short emails/summaries and also special thanks to Chris for an
> > extremely informative recap of his efforts.
> >
> > Personally, I'd like to focus on 3 things. Please let me know if I'm missing
> > anything or you disagree:
> >
> > 1. building a robust list of what we at ASF perceive as potential value
> > that can be offered to *our* members, committers and contributors
> > by the 3d parties like Tidelift (again, I'm simply using them as an
> > example here -- anybody else would do just fine).
> >
> > 2. building a list of "rules of engagement" that we feel must be met
> > for these types of relationships to be compatible with the way we
> > govern our communities.
> >
> > 3. document all the learning, pitfalls, etc. that we've collectively
> > amassed by trying to solve this type of a problem on a one-by-one
> > basis.
> >
> > To expand on those points: I really do think that 3d parties (if done
> > right) can take care of a lot of pain points for us. Again -- I'm NOT
> > saying that a magic entity like that even exists today (maybe Tidelift
> > is really not the right solution for us -- dunno yet) -- what I'm saying
> > is that I really would like to understand how that type of a service
> > should look like. Or take Jarek's example of ridesharing: most
> > of people focus on ridesharing companies just matching riders to
> > drivers, but that's just the tip of the iceberg -- ridesharing companies
> > solve huge amounts of arbitration issues (such as insurance, license,
> > etc.). Common folk don't get to see those -- but that's a huge value they
> > offer to drivers (and arguably riders) on top of just finding "customers".
> > Same with 3d parties for us I have in mind (see Chris's list of gotchas).
> >
> > For now, I propose a few Cofluence pages under ComDev where this
> > type of information gets collected. I'll do it later tonight -- so feel free
> > to just add to this thread for now.
> >
> > Once we've collected that type of info -- we can then sort of "evaluate
> > vendors" against that list and see what they are missing, etc. We can
> > even issue a wide "call to apply" for various companies if we feel like it.
> >
> > Makes sense?
> >
> > Thanks,
> > Roman.
> >
> > On Tue, Mar 1, 2022 at 9:43 AM Bertrand Delacretaz <bd...@apache.org>
> > wrote:
> >
> >> Hi,
> >>
> >> Le lun. 28 févr. 2022 à 21:15, Jarek Potiuk <ja...@potiuk.com> a écrit :
> >>
> >>> ...Proposal:
> >>> I think we all agree that ASF meets the criteria of Tidelift already.
> >>> Why don't Tidelift (in the places where open-source projects included are
> >>> listed) explain that ASF projects meet the criteria, and any one is free
> >>> to deal directly with the committers of all ASF projects directly...
> >>
> >> I'd say we all agree that *in theory* ASF projects meet Tidelift's
> >> criteria, quoting from earlier in this thread, with my own numbering
> >> added:
> >>
> >> Le lun. 28 févr. 2022 à 19:30, Joshua Simmons
> >> <jo...@tidelift.com> a écrit :
> >>> ...*What Tidelift expects from maintainers*Maintainers provide two
> >> things to
> >>> our customers: (1) information (licensing details, context on CVEs) and
> >>> (2) continuity (comfort that the package is maintained and is highly
> >> likely to
> >>> continue to be maintained). We also expect maintainers (3) to abide by a
> >> Code
> >>> of Conduct....
> >>
> >> I think for (3) we're good, the ASF will intervene if projects are not ok.
> >>
> >> But for (1) and (2) I think the ASF *wants* our projects to be good
> >> citizens, and we work towards that and support them, but entities such
> >> as Tidelift or others could add value by measuring and reporting what
> >> actually happens.
> >>
> >> Does Apache FOO actually provide good information on security issues and
> >> CVEs?
> >> Timely response? What's their average/min/max response time, how many
> >> "in-flight" CVEs?
> >> Does Apache FOO release often enough? Maybe based on project maturity
> >> categories, new, established, mostly dormant etc.
> >>
> >> We could of course measure these things ourselves, and we do have some
> >> data.
> >>
> >> But I think having external entities provide factual data on how well
> >> our projects are doing can be useful, and for customers of Tidelift
> >> and the like that certainly has value.
> >>
> >> Whatever mechanism our contributors use to finance themselves, having
> >> information on which projects are most worthy of trust can help end
> >> users select and finance the right projects and people.
> >>
> >> -Bertrand
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> >> For additional commands, e-mail: dev-help@community.apache.org
> >>
> >>
>
> Craig L Russell
> clr@apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Craig Russell <ap...@gmail.com>.
I very much like the direction here.
One other top post that falls into item 2 (rules of engagement):
Apache does operate in the open with discussions, bug fixes, etc. all out for anyone to see. Except for security issues.
I'd like to discuss how we treat committers with security privileges with regard to third parties who may be contracting for the committers' resources.
Is it acceptable for committers to inform a third party of security issues before the CVE is public because of their relationship with the third party?
Regards,
Craig
> On Mar 2, 2022, at 6:12 AM, Roman Shaposhnik <ro...@shaposhnik.org> wrote:
>
> Hi!
>
> top-posting here, since I'd like to summarize a few points to see where we
> can
> take this discussion. Before I do that I wanted to thank Bertrand and Jim
> for
> excellent, short emails/summaries and also special thanks to Chris for an
> extremely informative recap of his efforts.
>
> Personally, I'd like to focus on 3 things. Please let me know if I'm missing
> anything or you disagree:
>
> 1. building a robust list of what we at ASF perceive as potential value
> that can be offered to *our* members, committers and contributors
> by the 3d parties like Tidelift (again, I'm simply using them as an
> example here -- anybody else would do just fine).
>
> 2. building a list of "rules of engagement" that we feel must be met
> for these types of relationships to be compatible with the way we
> govern our communities.
>
> 3. document all the learning, pitfalls, etc. that we've collectively
> amassed by trying to solve this type of a problem on a one-by-one
> basis.
>
> To expand on those points: I really do think that 3d parties (if done
> right) can take care of a lot of pain points for us. Again -- I'm NOT
> saying that a magic entity like that even exists today (maybe Tidelift
> is really not the right solution for us -- dunno yet) -- what I'm saying
> is that I really would like to understand how that type of a service
> should look like. Or take Jarek's example of ridesharing: most
> of people focus on ridesharing companies just matching riders to
> drivers, but that's just the tip of the iceberg -- ridesharing companies
> solve huge amounts of arbitration issues (such as insurance, license,
> etc.). Common folk don't get to see those -- but that's a huge value they
> offer to drivers (and arguably riders) on top of just finding "customers".
> Same with 3d parties for us I have in mind (see Chris's list of gotchas).
>
> For now, I propose a few Cofluence pages under ComDev where this
> type of information gets collected. I'll do it later tonight -- so feel free
> to just add to this thread for now.
>
> Once we've collected that type of info -- we can then sort of "evaluate
> vendors" against that list and see what they are missing, etc. We can
> even issue a wide "call to apply" for various companies if we feel like it.
>
> Makes sense?
>
> Thanks,
> Roman.
>
> On Tue, Mar 1, 2022 at 9:43 AM Bertrand Delacretaz <bd...@apache.org>
> wrote:
>
>> Hi,
>>
>> Le lun. 28 févr. 2022 à 21:15, Jarek Potiuk <ja...@potiuk.com> a écrit :
>>
>>> ...Proposal:
>>> I think we all agree that ASF meets the criteria of Tidelift already.
>>> Why don't Tidelift (in the places where open-source projects included are
>>> listed) explain that ASF projects meet the criteria, and any one is free
>>> to deal directly with the committers of all ASF projects directly...
>>
>> I'd say we all agree that *in theory* ASF projects meet Tidelift's
>> criteria, quoting from earlier in this thread, with my own numbering
>> added:
>>
>> Le lun. 28 févr. 2022 à 19:30, Joshua Simmons
>> <jo...@tidelift.com> a écrit :
>>> ...*What Tidelift expects from maintainers*Maintainers provide two
>> things to
>>> our customers: (1) information (licensing details, context on CVEs) and
>>> (2) continuity (comfort that the package is maintained and is highly
>> likely to
>>> continue to be maintained). We also expect maintainers (3) to abide by a
>> Code
>>> of Conduct....
>>
>> I think for (3) we're good, the ASF will intervene if projects are not ok.
>>
>> But for (1) and (2) I think the ASF *wants* our projects to be good
>> citizens, and we work towards that and support them, but entities such
>> as Tidelift or others could add value by measuring and reporting what
>> actually happens.
>>
>> Does Apache FOO actually provide good information on security issues and
>> CVEs?
>> Timely response? What's their average/min/max response time, how many
>> "in-flight" CVEs?
>> Does Apache FOO release often enough? Maybe based on project maturity
>> categories, new, established, mostly dormant etc.
>>
>> We could of course measure these things ourselves, and we do have some
>> data.
>>
>> But I think having external entities provide factual data on how well
>> our projects are doing can be useful, and for customers of Tidelift
>> and the like that certainly has value.
>>
>> Whatever mechanism our contributors use to finance themselves, having
>> information on which projects are most worthy of trust can help end
>> users select and finance the right projects and people.
>>
>> -Bertrand
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
>>
Craig L Russell
clr@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Roman Shaposhnik <ro...@shaposhnik.org>.
Hi!
top-posting here, since I'd like to summarize a few points to see where we
can
take this discussion. Before I do that I wanted to thank Bertrand and Jim
for
excellent, short emails/summaries and also special thanks to Chris for an
extremely informative recap of his efforts.
Personally, I'd like to focus on 3 things. Please let me know if I'm missing
anything or you disagree:
1. building a robust list of what we at ASF perceive as potential value
that can be offered to *our* members, committers and contributors
by the 3d parties like Tidelift (again, I'm simply using them as an
example here -- anybody else would do just fine).
2. building a list of "rules of engagement" that we feel must be met
for these types of relationships to be compatible with the way we
govern our communities.
3. document all the learning, pitfalls, etc. that we've collectively
amassed by trying to solve this type of a problem on a one-by-one
basis.
To expand on those points: I really do think that 3d parties (if done
right) can take care of a lot of pain points for us. Again -- I'm NOT
saying that a magic entity like that even exists today (maybe Tidelift
is really not the right solution for us -- dunno yet) -- what I'm saying
is that I really would like to understand how that type of a service
should look like. Or take Jarek's example of ridesharing: most
of people focus on ridesharing companies just matching riders to
drivers, but that's just the tip of the iceberg -- ridesharing companies
solve huge amounts of arbitration issues (such as insurance, license,
etc.). Common folk don't get to see those -- but that's a huge value they
offer to drivers (and arguably riders) on top of just finding "customers".
Same with 3d parties for us I have in mind (see Chris's list of gotchas).
For now, I propose a few Cofluence pages under ComDev where this
type of information gets collected. I'll do it later tonight -- so feel free
to just add to this thread for now.
Once we've collected that type of info -- we can then sort of "evaluate
vendors" against that list and see what they are missing, etc. We can
even issue a wide "call to apply" for various companies if we feel like it.
Makes sense?
Thanks,
Roman.
On Tue, Mar 1, 2022 at 9:43 AM Bertrand Delacretaz <bd...@apache.org>
wrote:
> Hi,
>
> Le lun. 28 févr. 2022 à 21:15, Jarek Potiuk <ja...@potiuk.com> a écrit :
>
> > ...Proposal:
> > I think we all agree that ASF meets the criteria of Tidelift already.
> > Why don't Tidelift (in the places where open-source projects included are
> > listed) explain that ASF projects meet the criteria, and any one is free
> > to deal directly with the committers of all ASF projects directly...
>
> I'd say we all agree that *in theory* ASF projects meet Tidelift's
> criteria, quoting from earlier in this thread, with my own numbering
> added:
>
> Le lun. 28 févr. 2022 à 19:30, Joshua Simmons
> <jo...@tidelift.com> a écrit :
> > ...*What Tidelift expects from maintainers*Maintainers provide two
> things to
> > our customers: (1) information (licensing details, context on CVEs) and
> > (2) continuity (comfort that the package is maintained and is highly
> likely to
> > continue to be maintained). We also expect maintainers (3) to abide by a
> Code
> > of Conduct....
>
> I think for (3) we're good, the ASF will intervene if projects are not ok.
>
> But for (1) and (2) I think the ASF *wants* our projects to be good
> citizens, and we work towards that and support them, but entities such
> as Tidelift or others could add value by measuring and reporting what
> actually happens.
>
> Does Apache FOO actually provide good information on security issues and
> CVEs?
> Timely response? What's their average/min/max response time, how many
> "in-flight" CVEs?
> Does Apache FOO release often enough? Maybe based on project maturity
> categories, new, established, mostly dormant etc.
>
> We could of course measure these things ourselves, and we do have some
> data.
>
> But I think having external entities provide factual data on how well
> our projects are doing can be useful, and for customers of Tidelift
> and the like that certainly has value.
>
> Whatever mechanism our contributors use to finance themselves, having
> information on which projects are most worthy of trust can help end
> users select and finance the right projects and people.
>
> -Bertrand
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>