You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@community.apache.org by Roman Shaposhnik <rv...@apache.org> on 2022/02/27 22:06:16 UTC
Effective ways of getting individuals funded to work on ASF projects
Hi!
over the past couple of years there has been a number
of efforts trying to figure out effective ways of getting funded
for working on ASF projects as individuals and not employees
at companies building on top of these projects.
Chris's recent experience is but one of them:
https://lists.apache.org/thread/momxgzzyq03lz54knvzhxm16r8j40vog
My personal frustration with all these threads is that we never
seem to arrive at any actionable suggestions for how developers
like Chris can *easily* create these additional income streams.
Rightfully, we at ASF basically say that it must be a 3d party issue
to solve. It very much is. The problem is that doing so one one-off
just perpetuates the logistical pain of setting up contracts, etc. etc.
This creates a pretty significant barrier and, as Chris's experience
would suggest it typically becomes too insurmountable for individual
developers.
Sure, there have been interesting attempts to "hack the system"
and use things like GitCoin, BugMark and a few others to solve for
this "how do we get back to our open source roots when individuals,
not corporations were the economic agents around open source".
But I honestly don't know of any of them becoming viable either.
At least not so far.
At the risk of tilting at windmills once again, I'd like to see if there's
enough interest to take a crack at this problem yet again.
And in the spirit of "hacking the system" I'd like to suggest that we
focus on a 3d party solving it for us. In fact, I suggest we pick a
very particular 3d party -- TideLift
https://support.tidelift.com/hc/en-us/articles/4406293106324-Quickstart-guide
Now, before you exclaim "who the heck appointed TideLift to solve it for
us?"
I'd be the first one to admit that I picked them because I know them
really well and I do think they are the closest to giving us some of the
answers.
But above all, I'm suggesting we look at TideLift because they seem to
be very much willing to work with us on actually changing their engagement
model to fit our needs. IOW, it is not like their rules are cast in stone
-- we can
assume they are malleable. If anyone knows of a similar 3d party -- let's
discuss
that too.
If, however, there's a general consensus about seriously looking
at them as that 3d party -- I'd like to start collecting names of ASF
developers (and PMCs) who would be willing to participate in
a trial program with them of sorts and report back.
If you have comments on anything above -- please reply in-thread.
If you'd be interested in this trial -- you can either do that or just
reply to me personally.
Thanks,
Roman.
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
I love the "summary" Bertrand. It's precisely what I had in mind but this
is is a very concise version of it :)
On Mon, Feb 28, 2022 at 1:04 PM Bertrand Delacretaz <bd...@apache.org>
wrote:
> Hi,
>
> Le lun. 28 févr. 2022 à 11:06, Jarek Potiuk <ja...@potiuk.com> a écrit :
> >...the relationships I have is direct relationship with the
> > stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely "removing
> > bureaucratic obstacles" but they are not "between" me and my
> stakeholders.
> > They are "on a side". They get a small cut sometimes (which I gladly pay)
> > but I want to talk to the stakeholders directly without any
> intermediaries
> > and establish a long-term relationship with them as an individual....
>
> I think that's a key point, and listing such requirements for
> platforms that can help our contributors get funding sounds useful.
>
> Here's a quick list of initial requirements that we might include:
> -Contributors can get steady funding for their work
> -ASF is out of the loop of financial transactions
> -Contributors must use a standard ASF disclaimer (draft at [1])
> -Contributors can establish a direct relationship with sponsors
> -Several "funding intermediaries" are available
> -ASF might define the wording that contributors can use when
> advertising themselves (based on facts, etc.)
>
> I like the idea of the ASF facilitating these things.
>
> Maintaining a comdev page that lists criteria like the above, with
> pointers to the relevant ASF policies, and lists intermediaries that
> our contributors have successfully used, might be a good start.
>
> -Bertrand
>
> [1] https://community.apache.org/committers/funding-disclaimer.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
RE: Effective ways of getting individuals funded to work on ASF projects
Posted by Christofer Dutz <ch...@c-ware.de>.
Hi all,
As I was confronted with the question of how commercial support or paid feature development and Apache would work together. I came up with this way of handling it:
If I am offering any form of commercial support or feature development I say: "I will fix your problem. The fix then can become part of the open-source project, but if the project decides to decline It, I'll make it available to you in a fork that I create for you." This should work for Tidelift or any similar form of platform too.
Chris
-----Original Message-----
From: Jim Jagielski <ji...@jaguNET.com>
Sent: Montag, 28. Februar 2022 19:24
To: dev@community.apache.org
Subject: Re: Effective ways of getting individuals funded to work on ASF projects
Tidelift's model, which expects that maintainers do have direct and almost unassailable control over a project, is not compatible with the Apache Way. Tidelift's model works well with projects in which developers and maintainers can "do stuff" without worrying about building a consensus around whether or not their contributions are OK or not.
I'd like to see how that model and Apache could fit together, but I'm at a loss to think about how. The main benefit that those who fund the work is not just an expectation that code will be fixed, etc, but a *requirement* that it be done. They are paying for the guarantee. This requires a development model in which those paid by Tidelift can forcibly introduce code and contributions at will. This conflicts with the ASF development model.
> On Feb 28, 2022, at 12:50 PM, Jarek Potiuk <ja...@potiuk.com> wrote:
>
>> So while I agree with everything Bertrand said I don’t think it
>> resolves
> the real issue.
> TideLift is providing a guarantee to its customers that projects it
> sponsors meet certain standards. The standards they are looking for
> should really be set by the ASF, not individual projects.
>
> This is the part I do not understand. What Tidelift can promise to
> their customers and on what basis?
> According to ASF rules where only individuals in the project can make
> decisions - this means that Tidelift has no mechanisms whatsoever to
> fulfill their promise.
>
> And if ASF sets the standards - why do we need Tidelift at all ?
> To be perfectly blunt - I am afraid that until Tidelift resolves any
> of the real problems of individual committers we mentioned with
> Bertrand (including facilitating direct relationship commiter <>
> stakeholder), I do not see what's the added value of Tidelift. Seems
> like unnecessary intermediary.
>
> J.
>
>
> On Mon, Feb 28, 2022 at 5:10 PM Ralph Goers
> <ra...@dslextreme.com>
> wrote:
>
>> First, I would like to clarify Gary’s email as I don’t think he
>> characterized it quite correctly.
>> The Logging PMC concluded we could not be part of an arrangement with
>> TideLift and that the issues needed to be worked out at the
>> foundation level. The primary issue was that TideLift had
>> requirements on advertising and process details that required
>> approval of the PMC in order for individuals to be able to be paid.
>> We met with a Google security team in January and had similar issues
>> where they required a process that isn’t aligned with the ASF’s
>> requirements on how releases are to be performed.
>>
>> Second, from my point of view the ASF should have discussions with
>> TideLift and Google to see if those issues can be resolved. The ideal
>> scenario would be that TideLift and Google can simply sponsor
>> individuals from any ASF project because all ASF projects must
>> conform to guidelines that meet their criteria - i.e. the PMC doesn’t
>> even have to be involved. But this obviously requires that the
>> foundation work with these third parties to either improve our
>> processes where needed or get the third party to accept our
>> processes.
>>
>> So while I agree with everything Bertrand said I don’t think it
>> resolves the real issue.
>> TideLift is providing a guarantee to its customers that projects it
>> sponsors meet certain standards. The standards they are looking for
>> should really be set by the ASF, not individual projects.
>>
>> Ralph
>>
>>
>>> On Feb 28, 2022, at 5:03 AM, Bertrand Delacretaz
>>> <bd...@apache.org>
>> wrote:
>>>
>>> Hi,
>>>
>>> Le lun. 28 févr. 2022 à 11:06, Jarek Potiuk <ja...@potiuk.com> a écrit :
>>>> ...the relationships I have is direct relationship with the
>>>> stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely
>> "removing
>>>> bureaucratic obstacles" but they are not "between" me and my
>> stakeholders.
>>>> They are "on a side". They get a small cut sometimes (which I
>>>> gladly
>> pay)
>>>> but I want to talk to the stakeholders directly without any
>> intermediaries
>>>> and establish a long-term relationship with them as an individual....
>>>
>>> I think that's a key point, and listing such requirements for
>>> platforms that can help our contributors get funding sounds useful.
>>>
>>> Here's a quick list of initial requirements that we might include:
>>> -Contributors can get steady funding for their work -ASF is out of
>>> the loop of financial transactions -Contributors must use a standard
>>> ASF disclaimer (draft at [1]) -Contributors can establish a direct
>>> relationship with sponsors -Several "funding intermediaries" are
>>> available -ASF might define the wording that contributors can use
>>> when advertising themselves (based on facts, etc.)
>>>
>>> I like the idea of the ASF facilitating these things.
>>>
>>> Maintaining a comdev page that lists criteria like the above, with
>>> pointers to the relevant ASF policies, and lists intermediaries that
>>> our contributors have successfully used, might be a good start.
>>>
>>> -Bertrand
>>>
>>> [1] https://community.apache.org/committers/funding-disclaimer.html
>>>
>>> --------------------------------------------------------------------
>>> - To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>> For additional commands, e-mail: dev-help@community.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
On Tue, Mar 1, 2022 at 9:42 AM Bertrand Delacretaz <bd...@apache.org>
wrote:
> I think for (3) we're good, the ASF will intervene if projects are not ok.
>
> But for (1) and (2) I think the ASF *wants* our projects to be good
> citizens, and we work towards that and support them, but entities such
> as Tidelift or others could add value by measuring and reporting what
> actually happens.
>
Feel free. All the data is available for ASF. Everything we do is public.
>
> But I think having external entities provide factual data on how well
> our projects are doing can be useful, and for customers of Tidelift
> and the like that certainly has value.
>
Sure. Please. Do. Measure. Publish. By all means. No problem with that.
> Whatever mechanism our contributors use to finance themselves, having
> information on which projects are most worthy of trust can help end
> users select and finance the right projects and people.
>
Of course. Feel Free to provide objective data on it. Publishing
information about
how well projects are doing is great way to incentivise the committers to
do better.
I am 150% for it. This could be a great service to all OSS projects.
But the Tidelift model is talking about "limiting" the individuals in the
choices they
made NOT measuring what they do. For multiple reasons those individuals in
those projects might make different decisions (and be responsible for it).
Imposing
rules and limits by Tidelift is just against the rules of ASF. Measuring is
not.
If Tidelift adjusts the model to just measure, report and make the
customers decide
based on that - I think that is far more consistent with the way how
ASF works.
Don't try to make yourself a "policeman" controlling it.
>
> -Bertrand
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Phil Steitz <ph...@gmail.com>.
On 3/5/22 12:08, Jarek Potiuk wrote:
>> I am talking about *user* companies here
> Of course this is (as I wrote) a perfectly valid case - and it works
> beautifully in many cases. I know plenty of examples :).
> Maybe there was a misunderstanding of my "(unlike the models 2. 3)". I
> think those models were (and still are) crucial to the success of many
> projects. And I think there is no argument about it.
> I am not sure if this is some kind of argument we are having or whether we
> agree so let me reiterate what I thin I want to say in the context of the
> topic of the discussion.
> Just to remind the topic: "Effective ways of getting individuals funded to
> work on ASF projects"
>
> Both 2) and 3) contain "employers" who pay their employees or allow them to
> scratch itches independently and I am not sure if ASF can help here somehow
> in making it "better".
>
> On the other hand my proposed "model 4)" is different and I believe ASF
> **might** play some role in making it easier for both individuals and
> stakeholders.
All good. I did not mean to be argumentative - just to point out that
it is possible to be funded to work on OSS without working for a vendor
either directly or indirectly as a contractor.
Phil
>
> In this model, you have no "employees". You have stakeholders reaching out
> to individuals - committers/PMC members/contributors who are already
> working on the project (or the other way round - it could be committers
> reaching out) to pay them.
> All this without a pre-existing Employee <-> Employer relationship.
>
> I think this is the very model that the ASF can help to "facilitate"
> establishing such relationships (which is the most difficult and crucial
> part of making the model works).
>
> * make both individuals and stakeholders aware it's OK and what are the
> conditions (for example making sure there is "no non-compete" and
> "community makes decisions" clauses) in such relationships
> * show the path how both sides can act to establish relationship between
> them and what could the "protocol" there
> * provide some guidelines on how contracts should be written (without
> providing legal advice of course as ASF can't do that and those will be
> subject to local laws especially in case of IP clauses there)
> * possibly provide a list of intermediaries that can help with the
> "bureaucracy" (handling invoices, signing, preparing contracts etc.)
>
> I think if we are (at least that was the initial topic) discussing ways
> "how we can improve the situation as an ASF" - this is my thinking where it
> could help - specifically in model 4.
>
> I am also happy to help prepare some of that (following Roman's proposal).
>
> For example I am - as we speak - discussing some details with my lawyers
> (who actually specialise both anglo-saxon and east-european IP law) about
> some IP clauses in my contracts that I am sending to a new customer. And
> while I can afford that and have friendly lawyers whom I trust with it, and
> I run a business before, so I know you need to involve lawyers there. I am
> sure that might be one of the obstacles for multiple individuals who would
> like to set up similar, direct contracts with the stakeholders, but do not
> know where to start and what to look for - I think sharing some outcome
> and guidelines here might help.
>
> J.
>
>
>
> On Sat, Mar 5, 2022 at 12:32 AM Phil Steitz <ph...@steitz.com> wrote:
>
>> On 3/4/22 11:28 AM, Jarek Potiuk wrote:
>>>> Definitely another good way to support projects. I think 2. and 3.
>>>> originating in user companies can actually help foster vendor neutrality
>>>> as these companies are really just users. Whether the people are
>>>> employees or contractors is not important. What *is* important is that
>>>> they have time and mandate to contribute broadly to the project rather
>>>> than just trying to get specific features in.
>>> There is a huge difference actually.
>>>
>>> Employees - almost by definition - cannot work for competitors at the
>>> same time. Individual contributors can.
>> I am talking about *user* companies here - companies that do not
>> directly make $ on the software being produced by the project. However
>> they pay - either employees or contractors - they are going to protect
>> their proprietary IP and they need to have policies around that, but in
>> the vast majority of cases for actual user companies, this is irrelevant.
>>
>> There are a *huge* number of companies that use ASF and other OSS
>> software that do not compete in any way shape or form with the various
>> vendors involved in the projects. I am talking about those companies -
>> the actual users of the software. It is very possible for these
>> companies to employ people and allow and encourage them to contribute
>> *independently* to OSS, sometimes scratching work-related itches,
>> sometimes just doing what needs doing. I know that seems a slightly
>> foreign concept these days, but there have been a whole lot of people
>> over the years who have done exactly this. The nice thing about working
>> for a company that actually uses the software is you get a clear picture
>> of what is important. Your direct experience using and supporting the
>> software comes directly back into the project. As I said, our projects
>> used to be full of people like this. One of our most successful early
>> Java projects - Struts - had no vendor-paid developers when it became
>> the leading Java MVC framework. The committers all used struts in
>> @dayjob, but they were actual users. As we have become more
>> vendor-dominated, contributors like that have become more sparse. That
>> does not mean though that this it is not a vast resource of potential
>> contributors and a good way to get paid at least partially to work on OSS.
>>
>> Phil
>>
>>> As a contractor (and that also should be part of any other
>>> contributor's clause) I can work with multiple stakeholders - even
>>> competitors (and this is an important clause that I make sure in my
>>> contract).
>>>
>>> Currently, as an independent contributor i have/had business
>> relationship with:
>>> * Google
>>> * AWS
>>> * Astronomer
>>>
>>> (And some more are coming). They are competitors, buti also they are
>>> cooperating on Airflow - so called "coopetition". This is next to
>>> impossible for an Employee to have several employment contracts with
>>> competitors at the same time.
>>>
>>> Also it allows me to lead projects and initiatives, where there is a
>>> value brought by all those different stakeholders. Being independent
>>> and paid by all of those make it also easier for other stakeholders to
>>> join the efforts.
>>>
>>> This is all extremely different to situations where the people
>>> contributing are employed by a single Employer. That also works - of
>>> course, and there is nothing wrong with that. But it is very
>>> different.
>>>
>>> J.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>> For additional commands, e-mail: dev-help@community.apache.org
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
> I am talking about *user* companies here
Of course this is (as I wrote) a perfectly valid case - and it works
beautifully in many cases. I know plenty of examples :).
Maybe there was a misunderstanding of my "(unlike the models 2. 3)". I
think those models were (and still are) crucial to the success of many
projects. And I think there is no argument about it.
I am not sure if this is some kind of argument we are having or whether we
agree so let me reiterate what I thin I want to say in the context of the
topic of the discussion.
Just to remind the topic: "Effective ways of getting individuals funded to
work on ASF projects"
Both 2) and 3) contain "employers" who pay their employees or allow them to
scratch itches independently and I am not sure if ASF can help here somehow
in making it "better".
On the other hand my proposed "model 4)" is different and I believe ASF
**might** play some role in making it easier for both individuals and
stakeholders.
In this model, you have no "employees". You have stakeholders reaching out
to individuals - committers/PMC members/contributors who are already
working on the project (or the other way round - it could be committers
reaching out) to pay them.
All this without a pre-existing Employee <-> Employer relationship.
I think this is the very model that the ASF can help to "facilitate"
establishing such relationships (which is the most difficult and crucial
part of making the model works).
* make both individuals and stakeholders aware it's OK and what are the
conditions (for example making sure there is "no non-compete" and
"community makes decisions" clauses) in such relationships
* show the path how both sides can act to establish relationship between
them and what could the "protocol" there
* provide some guidelines on how contracts should be written (without
providing legal advice of course as ASF can't do that and those will be
subject to local laws especially in case of IP clauses there)
* possibly provide a list of intermediaries that can help with the
"bureaucracy" (handling invoices, signing, preparing contracts etc.)
I think if we are (at least that was the initial topic) discussing ways
"how we can improve the situation as an ASF" - this is my thinking where it
could help - specifically in model 4.
I am also happy to help prepare some of that (following Roman's proposal).
For example I am - as we speak - discussing some details with my lawyers
(who actually specialise both anglo-saxon and east-european IP law) about
some IP clauses in my contracts that I am sending to a new customer. And
while I can afford that and have friendly lawyers whom I trust with it, and
I run a business before, so I know you need to involve lawyers there. I am
sure that might be one of the obstacles for multiple individuals who would
like to set up similar, direct contracts with the stakeholders, but do not
know where to start and what to look for - I think sharing some outcome
and guidelines here might help.
J.
On Sat, Mar 5, 2022 at 12:32 AM Phil Steitz <ph...@steitz.com> wrote:
>
> On 3/4/22 11:28 AM, Jarek Potiuk wrote:
> >> Definitely another good way to support projects. I think 2. and 3.
> >> originating in user companies can actually help foster vendor neutrality
> >> as these companies are really just users. Whether the people are
> >> employees or contractors is not important. What *is* important is that
> >> they have time and mandate to contribute broadly to the project rather
> >> than just trying to get specific features in.
> > There is a huge difference actually.
> >
> > Employees - almost by definition - cannot work for competitors at the
> > same time. Individual contributors can.
>
> I am talking about *user* companies here - companies that do not
> directly make $ on the software being produced by the project. However
> they pay - either employees or contractors - they are going to protect
> their proprietary IP and they need to have policies around that, but in
> the vast majority of cases for actual user companies, this is irrelevant.
>
> There are a *huge* number of companies that use ASF and other OSS
> software that do not compete in any way shape or form with the various
> vendors involved in the projects. I am talking about those companies -
> the actual users of the software. It is very possible for these
> companies to employ people and allow and encourage them to contribute
> *independently* to OSS, sometimes scratching work-related itches,
> sometimes just doing what needs doing. I know that seems a slightly
> foreign concept these days, but there have been a whole lot of people
> over the years who have done exactly this. The nice thing about working
> for a company that actually uses the software is you get a clear picture
> of what is important. Your direct experience using and supporting the
> software comes directly back into the project. As I said, our projects
> used to be full of people like this. One of our most successful early
> Java projects - Struts - had no vendor-paid developers when it became
> the leading Java MVC framework. The committers all used struts in
> @dayjob, but they were actual users. As we have become more
> vendor-dominated, contributors like that have become more sparse. That
> does not mean though that this it is not a vast resource of potential
> contributors and a good way to get paid at least partially to work on OSS.
>
> Phil
>
> >
> > As a contractor (and that also should be part of any other
> > contributor's clause) I can work with multiple stakeholders - even
> > competitors (and this is an important clause that I make sure in my
> > contract).
> >
> > Currently, as an independent contributor i have/had business
> relationship with:
> >
> > * Google
> > * AWS
> > * Astronomer
> >
> > (And some more are coming). They are competitors, buti also they are
> > cooperating on Airflow - so called "coopetition". This is next to
> > impossible for an Employee to have several employment contracts with
> > competitors at the same time.
> >
> > Also it allows me to lead projects and initiatives, where there is a
> > value brought by all those different stakeholders. Being independent
> > and paid by all of those make it also easier for other stakeholders to
> > join the efforts.
> >
> > This is all extremely different to situations where the people
> > contributing are employed by a single Employer. That also works - of
> > course, and there is nothing wrong with that. But it is very
> > different.
> >
> > J.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> > For additional commands, e-mail: dev-help@community.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Phil Steitz <ph...@steitz.com>.
On 3/4/22 11:28 AM, Jarek Potiuk wrote:
>> Definitely another good way to support projects. I think 2. and 3.
>> originating in user companies can actually help foster vendor neutrality
>> as these companies are really just users. Whether the people are
>> employees or contractors is not important. What *is* important is that
>> they have time and mandate to contribute broadly to the project rather
>> than just trying to get specific features in.
> There is a huge difference actually.
>
> Employees - almost by definition - cannot work for competitors at the
> same time. Individual contributors can.
I am talking about *user* companies here - companies that do not
directly make $ on the software being produced by the project. However
they pay - either employees or contractors - they are going to protect
their proprietary IP and they need to have policies around that, but in
the vast majority of cases for actual user companies, this is irrelevant.
There are a *huge* number of companies that use ASF and other OSS
software that do not compete in any way shape or form with the various
vendors involved in the projects. I am talking about those companies -
the actual users of the software. It is very possible for these
companies to employ people and allow and encourage them to contribute
*independently* to OSS, sometimes scratching work-related itches,
sometimes just doing what needs doing. I know that seems a slightly
foreign concept these days, but there have been a whole lot of people
over the years who have done exactly this. The nice thing about working
for a company that actually uses the software is you get a clear picture
of what is important. Your direct experience using and supporting the
software comes directly back into the project. As I said, our projects
used to be full of people like this. One of our most successful early
Java projects - Struts - had no vendor-paid developers when it became
the leading Java MVC framework. The committers all used struts in
@dayjob, but they were actual users. As we have become more
vendor-dominated, contributors like that have become more sparse. That
does not mean though that this it is not a vast resource of potential
contributors and a good way to get paid at least partially to work on OSS.
Phil
>
> As a contractor (and that also should be part of any other
> contributor's clause) I can work with multiple stakeholders - even
> competitors (and this is an important clause that I make sure in my
> contract).
>
> Currently, as an independent contributor i have/had business relationship with:
>
> * Google
> * AWS
> * Astronomer
>
> (And some more are coming). They are competitors, buti also they are
> cooperating on Airflow - so called "coopetition". This is next to
> impossible for an Employee to have several employment contracts with
> competitors at the same time.
>
> Also it allows me to lead projects and initiatives, where there is a
> value brought by all those different stakeholders. Being independent
> and paid by all of those make it also easier for other stakeholders to
> join the efforts.
>
> This is all extremely different to situations where the people
> contributing are employed by a single Employer. That also works - of
> course, and there is nothing wrong with that. But it is very
> different.
>
> J.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Dave Fisher <wa...@apache.org>.
> On Mar 4, 2022, at 10:28 AM, Jarek Potiuk <ja...@potiuk.com> wrote:
>
>> Definitely another good way to support projects. I think 2. and 3.
>> originating in user companies can actually help foster vendor neutrality
>> as these companies are really just users. Whether the people are
>> employees or contractors is not important. What *is* important is that
>> they have time and mandate to contribute broadly to the project rather
>> than just trying to get specific features in.
This is a subtle and important point.
- how do vendors enable their individuals to upstream changes?
- how easy does the project make it for individuals to upstream their changes?
>
> There is a huge difference actually.
>
> Employees - almost by definition - cannot work for competitors at the
> same time. Individual contributors can.
That depends on the terms of employment. I’m employed currently and explicitly expected to contribute. This hasn’t always been the case.
>
> As a contractor (and that also should be part of any other
> contributor's clause) I can work with multiple stakeholders - even
> competitors (and this is an important clause that I make sure in my
> contract).
There are reasons for competitors to co-operate.
>
> Currently, as an independent contributor i have/had business relationship with:
>
> * Google
> * AWS
> * Astronomer
>
> (And some more are coming). They are competitors, buti also they are
> cooperating on Airflow - so called "coopetition". This is next to
> impossible for an Employee to have several employment contracts with
> competitors at the same time.
This is how a vendor independent project ought to work.
Perhaps a review of https://blogs.apache.org/foundation/entry/the-apache-way-to-sustainable ?
>
> Also it allows me to lead projects and initiatives, where there is a
> value brought by all those different stakeholders. Being independent
> and paid by all of those make it also easier for other stakeholders to
> join the efforts.
>
> This is all extremely different to situations where the people
> contributing are employed by a single Employer. That also works - of
> course, and there is nothing wrong with that. But it is very
> different.
Everyone’s situation is uniquely theirs.
All the best,
Dave
>
> J.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
> Definitely another good way to support projects. I think 2. and 3.
> originating in user companies can actually help foster vendor neutrality
> as these companies are really just users. Whether the people are
> employees or contractors is not important. What *is* important is that
> they have time and mandate to contribute broadly to the project rather
> than just trying to get specific features in.
There is a huge difference actually.
Employees - almost by definition - cannot work for competitors at the
same time. Individual contributors can.
As a contractor (and that also should be part of any other
contributor's clause) I can work with multiple stakeholders - even
competitors (and this is an important clause that I make sure in my
contract).
Currently, as an independent contributor i have/had business relationship with:
* Google
* AWS
* Astronomer
(And some more are coming). They are competitors, buti also they are
cooperating on Airflow - so called "coopetition". This is next to
impossible for an Employee to have several employment contracts with
competitors at the same time.
Also it allows me to lead projects and initiatives, where there is a
value brought by all those different stakeholders. Being independent
and paid by all of those make it also easier for other stakeholders to
join the efforts.
This is all extremely different to situations where the people
contributing are employed by a single Employer. That also works - of
course, and there is nothing wrong with that. But it is very
different.
J.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Phil Steitz <ph...@gmail.com>.
On 3/4/22 4:08 AM, Jarek Potiuk wrote:
>> 1. We can all afford to volunteer our discretionary time as we see
>> fit. Not just rich or retired people have discretionary time.
>> 2. Employers can support OSS communities by allowing their employees to
>> contribute as part of their jobs, but not in a "job shop" or directed way.
>> 3. Employers can support OSS by allowing their people to scratch itches
>> directly.
> I personally think there is a 4 th way. I discovered it ~4 years ago
> in Polidea, the
> software house I co-owned, worked on and sold and eventually turned it
> successfully
> into my personal "business model". This is is not at all obvious why
> it would work and
> it was a bit of surprise for me when I discovered it and when I
> successfully made living
> from it (and also successfully helped with upp-ing the value of the
> company I co founded
> so that it could be acquired) - at the same time contributing a lot to
> the success of
> Apache Airflow project which became the most contributed (in terms of numbers of
> contributors) project of the ASF.
>
> The model is:
>
> 4. Organization and stakeholders in the project, rather than paying
> their own employees,
> pay independent third-parties to contribute to the OSS (software
> houses or individuals).
> This all with understanding the limitations it brings in influencing
> direction of the project
> and recognizing value of the parties who are intimately familiar with
> not only code,
> but also community and simply are the best to "make things happens" -
> all according
> to the rules and limitations of the ASF and (unlike the models 2. 3. )
> increasing
> vendor neutrality in the project rather than decreasing it.
Definitely another good way to support projects. I think 2. and 3.
originating in user companies can actually help foster vendor neutrality
as these companies are really just users. Whether the people are
employees or contractors is not important. What *is* important is that
they have time and mandate to contribute broadly to the project rather
than just trying to get specific features in.
Phil
> I think this model makes it possible to kill two birds with the same stone:
>
> * make the model when you can make living from open source contributions
> * increase vendor neutrality in the projects
>
> It is largely described in the article which I wrote a few years back in Polidea
> and reposted it after Polidea has been acquired. Since then I learned (and
> tested on myself) that this is a sustainable model not only for 3rd party
> software houses, but also for independent contributors like me.
>
> https://medium.com/@jarekpotiuk/the-evolution-of-open-source-standing-on-the-shoulders-of-giants-db22dcdbca04
>
> I really wish we could together find some ways to replicate that and
> make many individual
> contributors to follow this model.
>
> J.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
>
> 1. We can all afford to volunteer our discretionary time as we see
> fit. Not just rich or retired people have discretionary time.
> 2. Employers can support OSS communities by allowing their employees to
> contribute as part of their jobs, but not in a "job shop" or directed way.
> 3. Employers can support OSS by allowing their people to scratch itches
> directly.
I personally think there is a 4 th way. I discovered it ~4 years ago
in Polidea, the
software house I co-owned, worked on and sold and eventually turned it
successfully
into my personal "business model". This is is not at all obvious why
it would work and
it was a bit of surprise for me when I discovered it and when I
successfully made living
from it (and also successfully helped with upp-ing the value of the
company I co founded
so that it could be acquired) - at the same time contributing a lot to
the success of
Apache Airflow project which became the most contributed (in terms of numbers of
contributors) project of the ASF.
The model is:
4. Organization and stakeholders in the project, rather than paying
their own employees,
pay independent third-parties to contribute to the OSS (software
houses or individuals).
This all with understanding the limitations it brings in influencing
direction of the project
and recognizing value of the parties who are intimately familiar with
not only code,
but also community and simply are the best to "make things happens" -
all according
to the rules and limitations of the ASF and (unlike the models 2. 3. )
increasing
vendor neutrality in the project rather than decreasing it.
I think this model makes it possible to kill two birds with the same stone:
* make the model when you can make living from open source contributions
* increase vendor neutrality in the projects
It is largely described in the article which I wrote a few years back in Polidea
and reposted it after Polidea has been acquired. Since then I learned (and
tested on myself) that this is a sustainable model not only for 3rd party
software houses, but also for independent contributors like me.
https://medium.com/@jarekpotiuk/the-evolution-of-open-source-standing-on-the-shoulders-of-giants-db22dcdbca04
I really wish we could together find some ways to replicate that and
make many individual
contributors to follow this model.
J.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Phil Steitz <ph...@gmail.com>.
On 3/3/22 3:20 PM, Matt Sicker wrote:
> I'd like to see a better solution proposed for maintaining vendor
> neutrality while funding the individuals working on the project. If
> every workable solution is denied, then the only people who can afford
> to work on Apache projects would be rich people, retired people, and
> those who are being paid by another employer to do the exact same
> thing. In fact, this is probably relevant to the demographics here as
> discovered in D&I surveys.
Umm, no.
1. We can all afford to volunteer our discretionary time as we see
fit. Not just rich or retired people have discretionary time.
2. Employers can support OSS communities by allowing their employees to
contribute as part of their jobs, but not in a "job shop" or directed way.
3. Employers can support OSS by allowing their people to scratch itches
directly.
I have personally done 1 and enabled 2 and 3 for 20+ years now. I think
1 and 3 are really what built the ASF. People working on things that
they are actually interested in and scratching their own itches leads to
great software that developers love to work on and use. We don't need
to turn into some kind of job shop, glorified joint venture or
pseudo-employer to tap into the vast and renewable resource in the user
-> contributor -> committer pipeline. Getting more *user* employers to
support 2 and 3 is definitely needed, but I think it is smarter and
better for the long term health of the ASF to focus on that (and
removing barriers to entry in vendor-dominated projects) rather than
becoming a de facto commercial software company.
Phil
>
> On Thu, Mar 3, 2022 at 4:15 PM Craig Russell <ap...@gmail.com> wrote:
>> I very much like the direction here.
>>
>> One other top post that falls into item 2 (rules of engagement):
>>
>> Apache does operate in the open with discussions, bug fixes, etc. all out for anyone to see. Except for security issues.
>>
>> I'd like to discuss how we treat committers with security privileges with regard to third parties who may be contracting for the committers' resources.
>>
>> Is it acceptable for committers to inform a third party of security issues before the CVE is public because of their relationship with the third party?
>>
>> Regards,
>> Craig
>>
>>> On Mar 2, 2022, at 6:12 AM, Roman Shaposhnik <ro...@shaposhnik.org> wrote:
>>>
>>> Hi!
>>>
>>> top-posting here, since I'd like to summarize a few points to see where we
>>> can
>>> take this discussion. Before I do that I wanted to thank Bertrand and Jim
>>> for
>>> excellent, short emails/summaries and also special thanks to Chris for an
>>> extremely informative recap of his efforts.
>>>
>>> Personally, I'd like to focus on 3 things. Please let me know if I'm missing
>>> anything or you disagree:
>>>
>>> 1. building a robust list of what we at ASF perceive as potential value
>>> that can be offered to *our* members, committers and contributors
>>> by the 3d parties like Tidelift (again, I'm simply using them as an
>>> example here -- anybody else would do just fine).
>>>
>>> 2. building a list of "rules of engagement" that we feel must be met
>>> for these types of relationships to be compatible with the way we
>>> govern our communities.
>>>
>>> 3. document all the learning, pitfalls, etc. that we've collectively
>>> amassed by trying to solve this type of a problem on a one-by-one
>>> basis.
>>>
>>> To expand on those points: I really do think that 3d parties (if done
>>> right) can take care of a lot of pain points for us. Again -- I'm NOT
>>> saying that a magic entity like that even exists today (maybe Tidelift
>>> is really not the right solution for us -- dunno yet) -- what I'm saying
>>> is that I really would like to understand how that type of a service
>>> should look like. Or take Jarek's example of ridesharing: most
>>> of people focus on ridesharing companies just matching riders to
>>> drivers, but that's just the tip of the iceberg -- ridesharing companies
>>> solve huge amounts of arbitration issues (such as insurance, license,
>>> etc.). Common folk don't get to see those -- but that's a huge value they
>>> offer to drivers (and arguably riders) on top of just finding "customers".
>>> Same with 3d parties for us I have in mind (see Chris's list of gotchas).
>>>
>>> For now, I propose a few Cofluence pages under ComDev where this
>>> type of information gets collected. I'll do it later tonight -- so feel free
>>> to just add to this thread for now.
>>>
>>> Once we've collected that type of info -- we can then sort of "evaluate
>>> vendors" against that list and see what they are missing, etc. We can
>>> even issue a wide "call to apply" for various companies if we feel like it.
>>>
>>> Makes sense?
>>>
>>> Thanks,
>>> Roman.
>>>
>>> On Tue, Mar 1, 2022 at 9:43 AM Bertrand Delacretaz <bd...@apache.org>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Le lun. 28 févr. 2022 à 21:15, Jarek Potiuk <ja...@potiuk.com> a écrit :
>>>>
>>>>> ...Proposal:
>>>>> I think we all agree that ASF meets the criteria of Tidelift already.
>>>>> Why don't Tidelift (in the places where open-source projects included are
>>>>> listed) explain that ASF projects meet the criteria, and any one is free
>>>>> to deal directly with the committers of all ASF projects directly...
>>>> I'd say we all agree that *in theory* ASF projects meet Tidelift's
>>>> criteria, quoting from earlier in this thread, with my own numbering
>>>> added:
>>>>
>>>> Le lun. 28 févr. 2022 à 19:30, Joshua Simmons
>>>> <jo...@tidelift.com> a écrit :
>>>>> ...*What Tidelift expects from maintainers*Maintainers provide two
>>>> things to
>>>>> our customers: (1) information (licensing details, context on CVEs) and
>>>>> (2) continuity (comfort that the package is maintained and is highly
>>>> likely to
>>>>> continue to be maintained). We also expect maintainers (3) to abide by a
>>>> Code
>>>>> of Conduct....
>>>> I think for (3) we're good, the ASF will intervene if projects are not ok.
>>>>
>>>> But for (1) and (2) I think the ASF *wants* our projects to be good
>>>> citizens, and we work towards that and support them, but entities such
>>>> as Tidelift or others could add value by measuring and reporting what
>>>> actually happens.
>>>>
>>>> Does Apache FOO actually provide good information on security issues and
>>>> CVEs?
>>>> Timely response? What's their average/min/max response time, how many
>>>> "in-flight" CVEs?
>>>> Does Apache FOO release often enough? Maybe based on project maturity
>>>> categories, new, established, mostly dormant etc.
>>>>
>>>> We could of course measure these things ourselves, and we do have some
>>>> data.
>>>>
>>>> But I think having external entities provide factual data on how well
>>>> our projects are doing can be useful, and for customers of Tidelift
>>>> and the like that certainly has value.
>>>>
>>>> Whatever mechanism our contributors use to finance themselves, having
>>>> information on which projects are most worthy of trust can help end
>>>> users select and finance the right projects and people.
>>>>
>>>> -Bertrand
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>>> For additional commands, e-mail: dev-help@community.apache.org
>>>>
>>>>
>> Craig L Russell
>> clr@apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Matt Sicker <bo...@gmail.com>.
I'd like to see a better solution proposed for maintaining vendor
neutrality while funding the individuals working on the project. If
every workable solution is denied, then the only people who can afford
to work on Apache projects would be rich people, retired people, and
those who are being paid by another employer to do the exact same
thing. In fact, this is probably relevant to the demographics here as
discovered in D&I surveys.
On Thu, Mar 3, 2022 at 4:15 PM Craig Russell <ap...@gmail.com> wrote:
>
> I very much like the direction here.
>
> One other top post that falls into item 2 (rules of engagement):
>
> Apache does operate in the open with discussions, bug fixes, etc. all out for anyone to see. Except for security issues.
>
> I'd like to discuss how we treat committers with security privileges with regard to third parties who may be contracting for the committers' resources.
>
> Is it acceptable for committers to inform a third party of security issues before the CVE is public because of their relationship with the third party?
>
> Regards,
> Craig
>
> > On Mar 2, 2022, at 6:12 AM, Roman Shaposhnik <ro...@shaposhnik.org> wrote:
> >
> > Hi!
> >
> > top-posting here, since I'd like to summarize a few points to see where we
> > can
> > take this discussion. Before I do that I wanted to thank Bertrand and Jim
> > for
> > excellent, short emails/summaries and also special thanks to Chris for an
> > extremely informative recap of his efforts.
> >
> > Personally, I'd like to focus on 3 things. Please let me know if I'm missing
> > anything or you disagree:
> >
> > 1. building a robust list of what we at ASF perceive as potential value
> > that can be offered to *our* members, committers and contributors
> > by the 3d parties like Tidelift (again, I'm simply using them as an
> > example here -- anybody else would do just fine).
> >
> > 2. building a list of "rules of engagement" that we feel must be met
> > for these types of relationships to be compatible with the way we
> > govern our communities.
> >
> > 3. document all the learning, pitfalls, etc. that we've collectively
> > amassed by trying to solve this type of a problem on a one-by-one
> > basis.
> >
> > To expand on those points: I really do think that 3d parties (if done
> > right) can take care of a lot of pain points for us. Again -- I'm NOT
> > saying that a magic entity like that even exists today (maybe Tidelift
> > is really not the right solution for us -- dunno yet) -- what I'm saying
> > is that I really would like to understand how that type of a service
> > should look like. Or take Jarek's example of ridesharing: most
> > of people focus on ridesharing companies just matching riders to
> > drivers, but that's just the tip of the iceberg -- ridesharing companies
> > solve huge amounts of arbitration issues (such as insurance, license,
> > etc.). Common folk don't get to see those -- but that's a huge value they
> > offer to drivers (and arguably riders) on top of just finding "customers".
> > Same with 3d parties for us I have in mind (see Chris's list of gotchas).
> >
> > For now, I propose a few Cofluence pages under ComDev where this
> > type of information gets collected. I'll do it later tonight -- so feel free
> > to just add to this thread for now.
> >
> > Once we've collected that type of info -- we can then sort of "evaluate
> > vendors" against that list and see what they are missing, etc. We can
> > even issue a wide "call to apply" for various companies if we feel like it.
> >
> > Makes sense?
> >
> > Thanks,
> > Roman.
> >
> > On Tue, Mar 1, 2022 at 9:43 AM Bertrand Delacretaz <bd...@apache.org>
> > wrote:
> >
> >> Hi,
> >>
> >> Le lun. 28 févr. 2022 à 21:15, Jarek Potiuk <ja...@potiuk.com> a écrit :
> >>
> >>> ...Proposal:
> >>> I think we all agree that ASF meets the criteria of Tidelift already.
> >>> Why don't Tidelift (in the places where open-source projects included are
> >>> listed) explain that ASF projects meet the criteria, and any one is free
> >>> to deal directly with the committers of all ASF projects directly...
> >>
> >> I'd say we all agree that *in theory* ASF projects meet Tidelift's
> >> criteria, quoting from earlier in this thread, with my own numbering
> >> added:
> >>
> >> Le lun. 28 févr. 2022 à 19:30, Joshua Simmons
> >> <jo...@tidelift.com> a écrit :
> >>> ...*What Tidelift expects from maintainers*Maintainers provide two
> >> things to
> >>> our customers: (1) information (licensing details, context on CVEs) and
> >>> (2) continuity (comfort that the package is maintained and is highly
> >> likely to
> >>> continue to be maintained). We also expect maintainers (3) to abide by a
> >> Code
> >>> of Conduct....
> >>
> >> I think for (3) we're good, the ASF will intervene if projects are not ok.
> >>
> >> But for (1) and (2) I think the ASF *wants* our projects to be good
> >> citizens, and we work towards that and support them, but entities such
> >> as Tidelift or others could add value by measuring and reporting what
> >> actually happens.
> >>
> >> Does Apache FOO actually provide good information on security issues and
> >> CVEs?
> >> Timely response? What's their average/min/max response time, how many
> >> "in-flight" CVEs?
> >> Does Apache FOO release often enough? Maybe based on project maturity
> >> categories, new, established, mostly dormant etc.
> >>
> >> We could of course measure these things ourselves, and we do have some
> >> data.
> >>
> >> But I think having external entities provide factual data on how well
> >> our projects are doing can be useful, and for customers of Tidelift
> >> and the like that certainly has value.
> >>
> >> Whatever mechanism our contributors use to finance themselves, having
> >> information on which projects are most worthy of trust can help end
> >> users select and finance the right projects and people.
> >>
> >> -Bertrand
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> >> For additional commands, e-mail: dev-help@community.apache.org
> >>
> >>
>
> Craig L Russell
> clr@apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Craig Russell <ap...@gmail.com>.
I very much like the direction here.
One other top post that falls into item 2 (rules of engagement):
Apache does operate in the open with discussions, bug fixes, etc. all out for anyone to see. Except for security issues.
I'd like to discuss how we treat committers with security privileges with regard to third parties who may be contracting for the committers' resources.
Is it acceptable for committers to inform a third party of security issues before the CVE is public because of their relationship with the third party?
Regards,
Craig
> On Mar 2, 2022, at 6:12 AM, Roman Shaposhnik <ro...@shaposhnik.org> wrote:
>
> Hi!
>
> top-posting here, since I'd like to summarize a few points to see where we
> can
> take this discussion. Before I do that I wanted to thank Bertrand and Jim
> for
> excellent, short emails/summaries and also special thanks to Chris for an
> extremely informative recap of his efforts.
>
> Personally, I'd like to focus on 3 things. Please let me know if I'm missing
> anything or you disagree:
>
> 1. building a robust list of what we at ASF perceive as potential value
> that can be offered to *our* members, committers and contributors
> by the 3d parties like Tidelift (again, I'm simply using them as an
> example here -- anybody else would do just fine).
>
> 2. building a list of "rules of engagement" that we feel must be met
> for these types of relationships to be compatible with the way we
> govern our communities.
>
> 3. document all the learning, pitfalls, etc. that we've collectively
> amassed by trying to solve this type of a problem on a one-by-one
> basis.
>
> To expand on those points: I really do think that 3d parties (if done
> right) can take care of a lot of pain points for us. Again -- I'm NOT
> saying that a magic entity like that even exists today (maybe Tidelift
> is really not the right solution for us -- dunno yet) -- what I'm saying
> is that I really would like to understand how that type of a service
> should look like. Or take Jarek's example of ridesharing: most
> of people focus on ridesharing companies just matching riders to
> drivers, but that's just the tip of the iceberg -- ridesharing companies
> solve huge amounts of arbitration issues (such as insurance, license,
> etc.). Common folk don't get to see those -- but that's a huge value they
> offer to drivers (and arguably riders) on top of just finding "customers".
> Same with 3d parties for us I have in mind (see Chris's list of gotchas).
>
> For now, I propose a few Cofluence pages under ComDev where this
> type of information gets collected. I'll do it later tonight -- so feel free
> to just add to this thread for now.
>
> Once we've collected that type of info -- we can then sort of "evaluate
> vendors" against that list and see what they are missing, etc. We can
> even issue a wide "call to apply" for various companies if we feel like it.
>
> Makes sense?
>
> Thanks,
> Roman.
>
> On Tue, Mar 1, 2022 at 9:43 AM Bertrand Delacretaz <bd...@apache.org>
> wrote:
>
>> Hi,
>>
>> Le lun. 28 févr. 2022 à 21:15, Jarek Potiuk <ja...@potiuk.com> a écrit :
>>
>>> ...Proposal:
>>> I think we all agree that ASF meets the criteria of Tidelift already.
>>> Why don't Tidelift (in the places where open-source projects included are
>>> listed) explain that ASF projects meet the criteria, and any one is free
>>> to deal directly with the committers of all ASF projects directly...
>>
>> I'd say we all agree that *in theory* ASF projects meet Tidelift's
>> criteria, quoting from earlier in this thread, with my own numbering
>> added:
>>
>> Le lun. 28 févr. 2022 à 19:30, Joshua Simmons
>> <jo...@tidelift.com> a écrit :
>>> ...*What Tidelift expects from maintainers*Maintainers provide two
>> things to
>>> our customers: (1) information (licensing details, context on CVEs) and
>>> (2) continuity (comfort that the package is maintained and is highly
>> likely to
>>> continue to be maintained). We also expect maintainers (3) to abide by a
>> Code
>>> of Conduct....
>>
>> I think for (3) we're good, the ASF will intervene if projects are not ok.
>>
>> But for (1) and (2) I think the ASF *wants* our projects to be good
>> citizens, and we work towards that and support them, but entities such
>> as Tidelift or others could add value by measuring and reporting what
>> actually happens.
>>
>> Does Apache FOO actually provide good information on security issues and
>> CVEs?
>> Timely response? What's their average/min/max response time, how many
>> "in-flight" CVEs?
>> Does Apache FOO release often enough? Maybe based on project maturity
>> categories, new, established, mostly dormant etc.
>>
>> We could of course measure these things ourselves, and we do have some
>> data.
>>
>> But I think having external entities provide factual data on how well
>> our projects are doing can be useful, and for customers of Tidelift
>> and the like that certainly has value.
>>
>> Whatever mechanism our contributors use to finance themselves, having
>> information on which projects are most worthy of trust can help end
>> users select and finance the right projects and people.
>>
>> -Bertrand
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
>>
Craig L Russell
clr@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Bill Cole <bi...@apache.org>.
On 2022-03-03 at 02:40:09 UTC-0500 (Thu, 3 Mar 2022 07:40:09 +0000)
Christofer Dutz <de...@community.apache.org>
is rumored to have said:
> Just thinking out loud ...
>
> The ASF could never be an entity that people could come to looking for commercial support.
> That would just be in conflict with being a non-profit charitable organization.
Perhaps in principle but at least in the US, not in law. Non-profits are able to support themselves with commercial operations, although they may need to be careful about anti-competitive practices.
Having worked in commercial operations of non-profits a couple of times in my life, I would concur that the ASF *SHOULD NEVER* be an entity that people could come to looking for commercial support, even if it were in an entirely legal way. Paying people to provide support feels tantamount to paying them for development. A perfectly good thing for others to do, not the ASF.
> However, we also have this discussion about the endowment from the pinaple funds donation.
> How about having the ASF as it is, was and hopefully will always be, and a second entity that people could come to for commercial support.
> In contrast to the usual external companies, the board of this entity could be linked to the board of the ASF?
> This would ensure that the company is run in line with the values of the ASF.
>
> Please tell me if this is just complete nonsense ;-)
This is akin to Mozilla Corp. and Mozilla Fdn. Not fundamentally nonsense, but not really a fit for ASF in my opinion.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
I quite agree with Dave - Tidelift should not be any different and should
be treated exactly the same as anyone else.
I really think what ASF could do is to (and this is how I understand
Roman's proposal):
* clarify the rules and limits (so that companies like Tidelift - or
Google, or AWS or whoever else knows what to expect and how to adjust their
expectations (i.e not approaching the ASF and PMC but approaching
individuals instead, not expecting PMC to endorse the company)
* help individual contributors - for example by providing them with
"compatible" or "example" rules and expectations that the contracts with
individuals can have
* make it clear that such practices are OK and somewhat promote/endorse it
(in the sense of laying out transparent, easy to find and refer-to rules
above) - also that would give some of the contributors a courage to discuss
and reach out themselves, they might not even be aware that they can ask to
be paid and what the rules are.
I think currently many of the contributors and stakeholders simply do not
know that there are some limits and rules and we can simply continue having
companies like Tidelift approaching ASF and attempting to convince ASF over
and over to something that is not compatible with the ASF rules - simply
because they do not know.
J.
On Thu, Mar 3, 2022 at 8:41 AM Christofer Dutz <ch...@c-ware.de>
wrote:
> Just thinking out loud ...
>
> The ASF could never be an entity that people could come to looking for
> commercial support.
> That would just be in conflict with being a non-profit charitable
> organization.
>
> However, we also have this discussion about the endowment from the pinaple
> funds donation.
> How about having the ASF as it is, was and hopefully will always be, and a
> second entity that people could come to for commercial support.
> In contrast to the usual external companies, the board of this entity
> could be linked to the board of the ASF?
> This would ensure that the company is run in line with the values of the
> ASF.
>
> Please tell me if this is just complete nonsense ;-)
>
> Chris
>
>
>
> -----Original Message-----
> From: Dave Fisher <wa...@comcast.net>
> Sent: Donnerstag, 3. März 2022 07:33
> To: dev@community.apache.org
> Subject: Re: Effective ways of getting individuals funded to work on ASF
> projects
>
> We can’t know the motivations of anyone funding a “tidelift” effort.
>
> And we have trademarks / brand to help deal with misnamed vendor product.
>
> PMCs have the same guarantees with vendors and funders - none.
>
> Do we need a clearer statement about participation as individuals?
>
> Do we need clarification about how a PMC can ask for help?
>
> Trying to keep it simple.
>
> All the best,
> Dave
>
> Sent from my iPhone
>
> > On Mar 2, 2022, at 10:20 PM, Ralph Goers <ra...@dslextreme.com>
> wrote:
> >
> > My experience with vendors that employee people to work on ASF
> > projects is that they have their own internal processes that are
> > separate from the ASF’s. For example, as part of their product they
> > might deliver Apache Foo for Acme Bar. The version they ship might not
> exactly match what the ASF distributes.
> >
> > Tidelift doesn’t deliver a product so has no way to achieve this.
> >
> > That said, Tidelift certainly could provide resources to run the
> > processes they deem necessary and get the folks they are paying to
> > execute those. But any issues that are found would have to be resolved
> in the project, not in something Tidelift distributes.
> >
> > Ralph
> >
> >
> >
> >> On Mar 2, 2022, at 6:10 PM, Dave Fisher <wa...@comcast.net> wrote:
> >>
> >> The way this discussion is going makes me want to ask why should
> tidelift be any different from a vendor that pays individuals to work on
> ASF projects as part of their employment?
> >>
> >> The same neutrality ought to apply. Why do we need to make a new
> classification?
> >>
> >> All the best,
> >> Dave
> >>
> >> Sent from my iPhone
> >>
> >>>> On Mar 2, 2022, at 4:31 PM, Willem Jiang <wi...@gmail.com>
> wrote:
> >>>
> >>> +1.
> >>> It will make the maintainer's life easier with this collected
> information.
> >>> When we bring the commercial support to the ASF project daily
> >>> development, we still need to follow certain rules to avoid the
> >>> conflict with the Apache way we believed.
> >>>
> >>> Willem Jiang
> >>>
> >>> Twitter: willemjiang
> >>> Weibo: 姜宁willem
> >>>
> >>>> On Thu, Mar 3, 2022 at 1:08 AM Jarek Potiuk <ja...@potiuk.com> wrote:
> >>>>
> >>>> Thanks Roman for the initiative. +1 on it.
> >>>>
> >>>> I think this might allow us to focus on what we (ASF) think is
> >>>> really important and needed by the individuals who work on ASF
> >>>> projects, and set our boundaries and limits their individual
> >>>> approach as well as clear limits and boundaries for the
> >>>> organisations that would like to apply - and then let any entity who
> wants to help to see how they can fit-in.
> >>>>
> >>>> Happy to help with hashing it out.
> >>>>
> >>>> J.
> >>>>
> >>>> On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz
> >>>> <bd...@apache.org>
> >>>> wrote:
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik
> >>>>> <ro...@shaposhnik.org> a écrit :
> >>>>>> ...Once we've collected that type of info -- we can then sort of
> >>>>> "evaluate
> >>>>>> vendors" against that list and see what they are missing, etc. We
> >>>>>> can even issue a wide "call to apply" for various companies if we
> >>>>>> feel like
> >>>>> it...
> >>>>>
> >>>>> +1, I like the idea!
> >>>>>
> >>>>> -Bertrand
> >>>>>
> >>>>> ------------------------------------------------------------------
> >>>>> --- To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> >>>>> For additional commands, e-mail: dev-help@community.apache.org
> >>>>>
> >>>>>
> >>>
> >>> --------------------------------------------------------------------
> >>> - To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> >>> For additional commands, e-mail: dev-help@community.apache.org
> >>>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> >> For additional commands, e-mail: dev-help@community.apache.org
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> > For additional commands, e-mail: dev-help@community.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Maxim Solodovnik <so...@gmail.com>.
Commertial support link at our project
Is not very much visited :(
from mobile (sorry for typos ;)
On Thu, Mar 3, 2022, 14:41 Christofer Dutz <ch...@c-ware.de>
wrote:
> Just thinking out loud ...
>
> The ASF could never be an entity that people could come to looking for
> commercial support.
> That would just be in conflict with being a non-profit charitable
> organization.
>
> However, we also have this discussion about the endowment from the pinaple
> funds donation.
> How about having the ASF as it is, was and hopefully will always be, and a
> second entity that people could come to for commercial support.
> In contrast to the usual external companies, the board of this entity
> could be linked to the board of the ASF?
> This would ensure that the company is run in line with the values of the
> ASF.
>
> Please tell me if this is just complete nonsense ;-)
>
> Chris
>
>
>
> -----Original Message-----
> From: Dave Fisher <wa...@comcast.net>
> Sent: Donnerstag, 3. März 2022 07:33
> To: dev@community.apache.org
> Subject: Re: Effective ways of getting individuals funded to work on ASF
> projects
>
> We can’t know the motivations of anyone funding a “tidelift” effort.
>
> And we have trademarks / brand to help deal with misnamed vendor product.
>
> PMCs have the same guarantees with vendors and funders - none.
>
> Do we need a clearer statement about participation as individuals?
>
> Do we need clarification about how a PMC can ask for help?
>
> Trying to keep it simple.
>
> All the best,
> Dave
>
> Sent from my iPhone
>
> > On Mar 2, 2022, at 10:20 PM, Ralph Goers <ra...@dslextreme.com>
> wrote:
> >
> > My experience with vendors that employee people to work on ASF
> > projects is that they have their own internal processes that are
> > separate from the ASF’s. For example, as part of their product they
> > might deliver Apache Foo for Acme Bar. The version they ship might not
> exactly match what the ASF distributes.
> >
> > Tidelift doesn’t deliver a product so has no way to achieve this.
> >
> > That said, Tidelift certainly could provide resources to run the
> > processes they deem necessary and get the folks they are paying to
> > execute those. But any issues that are found would have to be resolved
> in the project, not in something Tidelift distributes.
> >
> > Ralph
> >
> >
> >
> >> On Mar 2, 2022, at 6:10 PM, Dave Fisher <wa...@comcast.net> wrote:
> >>
> >> The way this discussion is going makes me want to ask why should
> tidelift be any different from a vendor that pays individuals to work on
> ASF projects as part of their employment?
> >>
> >> The same neutrality ought to apply. Why do we need to make a new
> classification?
> >>
> >> All the best,
> >> Dave
> >>
> >> Sent from my iPhone
> >>
> >>>> On Mar 2, 2022, at 4:31 PM, Willem Jiang <wi...@gmail.com>
> wrote:
> >>>
> >>> +1.
> >>> It will make the maintainer's life easier with this collected
> information.
> >>> When we bring the commercial support to the ASF project daily
> >>> development, we still need to follow certain rules to avoid the
> >>> conflict with the Apache way we believed.
> >>>
> >>> Willem Jiang
> >>>
> >>> Twitter: willemjiang
> >>> Weibo: 姜宁willem
> >>>
> >>>> On Thu, Mar 3, 2022 at 1:08 AM Jarek Potiuk <ja...@potiuk.com> wrote:
> >>>>
> >>>> Thanks Roman for the initiative. +1 on it.
> >>>>
> >>>> I think this might allow us to focus on what we (ASF) think is
> >>>> really important and needed by the individuals who work on ASF
> >>>> projects, and set our boundaries and limits their individual
> >>>> approach as well as clear limits and boundaries for the
> >>>> organisations that would like to apply - and then let any entity who
> wants to help to see how they can fit-in.
> >>>>
> >>>> Happy to help with hashing it out.
> >>>>
> >>>> J.
> >>>>
> >>>> On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz
> >>>> <bd...@apache.org>
> >>>> wrote:
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik
> >>>>> <ro...@shaposhnik.org> a écrit :
> >>>>>> ...Once we've collected that type of info -- we can then sort of
> >>>>> "evaluate
> >>>>>> vendors" against that list and see what they are missing, etc. We
> >>>>>> can even issue a wide "call to apply" for various companies if we
> >>>>>> feel like
> >>>>> it...
> >>>>>
> >>>>> +1, I like the idea!
> >>>>>
> >>>>> -Bertrand
> >>>>>
> >>>>> ------------------------------------------------------------------
> >>>>> --- To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> >>>>> For additional commands, e-mail: dev-help@community.apache.org
> >>>>>
> >>>>>
> >>>
> >>> --------------------------------------------------------------------
> >>> - To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> >>> For additional commands, e-mail: dev-help@community.apache.org
> >>>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> >> For additional commands, e-mail: dev-help@community.apache.org
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> > For additional commands, e-mail: dev-help@community.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
RE: Effective ways of getting individuals funded to work on ASF projects
Posted by Christofer Dutz <ch...@c-ware.de>.
Just thinking out loud ...
The ASF could never be an entity that people could come to looking for commercial support.
That would just be in conflict with being a non-profit charitable organization.
However, we also have this discussion about the endowment from the pinaple funds donation.
How about having the ASF as it is, was and hopefully will always be, and a second entity that people could come to for commercial support.
In contrast to the usual external companies, the board of this entity could be linked to the board of the ASF?
This would ensure that the company is run in line with the values of the ASF.
Please tell me if this is just complete nonsense ;-)
Chris
-----Original Message-----
From: Dave Fisher <wa...@comcast.net>
Sent: Donnerstag, 3. März 2022 07:33
To: dev@community.apache.org
Subject: Re: Effective ways of getting individuals funded to work on ASF projects
We can’t know the motivations of anyone funding a “tidelift” effort.
And we have trademarks / brand to help deal with misnamed vendor product.
PMCs have the same guarantees with vendors and funders - none.
Do we need a clearer statement about participation as individuals?
Do we need clarification about how a PMC can ask for help?
Trying to keep it simple.
All the best,
Dave
Sent from my iPhone
> On Mar 2, 2022, at 10:20 PM, Ralph Goers <ra...@dslextreme.com> wrote:
>
> My experience with vendors that employee people to work on ASF
> projects is that they have their own internal processes that are
> separate from the ASF’s. For example, as part of their product they
> might deliver Apache Foo for Acme Bar. The version they ship might not exactly match what the ASF distributes.
>
> Tidelift doesn’t deliver a product so has no way to achieve this.
>
> That said, Tidelift certainly could provide resources to run the
> processes they deem necessary and get the folks they are paying to
> execute those. But any issues that are found would have to be resolved in the project, not in something Tidelift distributes.
>
> Ralph
>
>
>
>> On Mar 2, 2022, at 6:10 PM, Dave Fisher <wa...@comcast.net> wrote:
>>
>> The way this discussion is going makes me want to ask why should tidelift be any different from a vendor that pays individuals to work on ASF projects as part of their employment?
>>
>> The same neutrality ought to apply. Why do we need to make a new classification?
>>
>> All the best,
>> Dave
>>
>> Sent from my iPhone
>>
>>>> On Mar 2, 2022, at 4:31 PM, Willem Jiang <wi...@gmail.com> wrote:
>>>
>>> +1.
>>> It will make the maintainer's life easier with this collected information.
>>> When we bring the commercial support to the ASF project daily
>>> development, we still need to follow certain rules to avoid the
>>> conflict with the Apache way we believed.
>>>
>>> Willem Jiang
>>>
>>> Twitter: willemjiang
>>> Weibo: 姜宁willem
>>>
>>>> On Thu, Mar 3, 2022 at 1:08 AM Jarek Potiuk <ja...@potiuk.com> wrote:
>>>>
>>>> Thanks Roman for the initiative. +1 on it.
>>>>
>>>> I think this might allow us to focus on what we (ASF) think is
>>>> really important and needed by the individuals who work on ASF
>>>> projects, and set our boundaries and limits their individual
>>>> approach as well as clear limits and boundaries for the
>>>> organisations that would like to apply - and then let any entity who wants to help to see how they can fit-in.
>>>>
>>>> Happy to help with hashing it out.
>>>>
>>>> J.
>>>>
>>>> On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz
>>>> <bd...@apache.org>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik
>>>>> <ro...@shaposhnik.org> a écrit :
>>>>>> ...Once we've collected that type of info -- we can then sort of
>>>>> "evaluate
>>>>>> vendors" against that list and see what they are missing, etc. We
>>>>>> can even issue a wide "call to apply" for various companies if we
>>>>>> feel like
>>>>> it...
>>>>>
>>>>> +1, I like the idea!
>>>>>
>>>>> -Bertrand
>>>>>
>>>>> ------------------------------------------------------------------
>>>>> --- To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>>>> For additional commands, e-mail: dev-help@community.apache.org
>>>>>
>>>>>
>>>
>>> --------------------------------------------------------------------
>>> - To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>> For additional commands, e-mail: dev-help@community.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Dave Fisher <wa...@comcast.net>.
We can’t know the motivations of anyone funding a “tidelift” effort.
And we have trademarks / brand to help deal with misnamed vendor product.
PMCs have the same guarantees with vendors and funders - none.
Do we need a clearer statement about participation as individuals?
Do we need clarification about how a PMC can ask for help?
Trying to keep it simple.
All the best,
Dave
Sent from my iPhone
> On Mar 2, 2022, at 10:20 PM, Ralph Goers <ra...@dslextreme.com> wrote:
>
> My experience with vendors that employee people to work on ASF projects is that
> they have their own internal processes that are separate from the ASF’s. For example,
> as part of their product they might deliver Apache Foo for Acme Bar. The version they
> ship might not exactly match what the ASF distributes.
>
> Tidelift doesn’t deliver a product so has no way to achieve this.
>
> That said, Tidelift certainly could provide resources to run the processes they deem
> necessary and get the folks they are paying to execute those. But any issues that are
> found would have to be resolved in the project, not in something Tidelift distributes.
>
> Ralph
>
>
>
>> On Mar 2, 2022, at 6:10 PM, Dave Fisher <wa...@comcast.net> wrote:
>>
>> The way this discussion is going makes me want to ask why should tidelift be any different from a vendor that pays individuals to work on ASF projects as part of their employment?
>>
>> The same neutrality ought to apply. Why do we need to make a new classification?
>>
>> All the best,
>> Dave
>>
>> Sent from my iPhone
>>
>>>> On Mar 2, 2022, at 4:31 PM, Willem Jiang <wi...@gmail.com> wrote:
>>>
>>> +1.
>>> It will make the maintainer's life easier with this collected information.
>>> When we bring the commercial support to the ASF project daily
>>> development, we still need to follow certain rules to avoid the
>>> conflict with the Apache way we believed.
>>>
>>> Willem Jiang
>>>
>>> Twitter: willemjiang
>>> Weibo: 姜宁willem
>>>
>>>> On Thu, Mar 3, 2022 at 1:08 AM Jarek Potiuk <ja...@potiuk.com> wrote:
>>>>
>>>> Thanks Roman for the initiative. +1 on it.
>>>>
>>>> I think this might allow us to focus on what we (ASF) think is really
>>>> important and needed by the individuals who work on ASF projects, and set
>>>> our boundaries and limits their individual approach as well as clear limits
>>>> and boundaries for the organisations that would like to apply - and then
>>>> let any entity who wants to help to see how they can fit-in.
>>>>
>>>> Happy to help with hashing it out.
>>>>
>>>> J.
>>>>
>>>> On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz <bd...@apache.org>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik <ro...@shaposhnik.org> a
>>>>> écrit :
>>>>>> ...Once we've collected that type of info -- we can then sort of
>>>>> "evaluate
>>>>>> vendors" against that list and see what they are missing, etc. We can
>>>>>> even issue a wide "call to apply" for various companies if we feel like
>>>>> it...
>>>>>
>>>>> +1, I like the idea!
>>>>>
>>>>> -Bertrand
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>>>> For additional commands, e-mail: dev-help@community.apache.org
>>>>>
>>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>> For additional commands, e-mail: dev-help@community.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Ralph Goers <ra...@dslextreme.com>.
My experience with vendors that employee people to work on ASF projects is that
they have their own internal processes that are separate from the ASF’s. For example,
as part of their product they might deliver Apache Foo for Acme Bar. The version they
ship might not exactly match what the ASF distributes.
Tidelift doesn’t deliver a product so has no way to achieve this.
That said, Tidelift certainly could provide resources to run the processes they deem
necessary and get the folks they are paying to execute those. But any issues that are
found would have to be resolved in the project, not in something Tidelift distributes.
Ralph
> On Mar 2, 2022, at 6:10 PM, Dave Fisher <wa...@comcast.net> wrote:
>
> The way this discussion is going makes me want to ask why should tidelift be any different from a vendor that pays individuals to work on ASF projects as part of their employment?
>
> The same neutrality ought to apply. Why do we need to make a new classification?
>
> All the best,
> Dave
>
> Sent from my iPhone
>
>> On Mar 2, 2022, at 4:31 PM, Willem Jiang <wi...@gmail.com> wrote:
>>
>> +1.
>> It will make the maintainer's life easier with this collected information.
>> When we bring the commercial support to the ASF project daily
>> development, we still need to follow certain rules to avoid the
>> conflict with the Apache way we believed.
>>
>> Willem Jiang
>>
>> Twitter: willemjiang
>> Weibo: 姜宁willem
>>
>>> On Thu, Mar 3, 2022 at 1:08 AM Jarek Potiuk <ja...@potiuk.com> wrote:
>>>
>>> Thanks Roman for the initiative. +1 on it.
>>>
>>> I think this might allow us to focus on what we (ASF) think is really
>>> important and needed by the individuals who work on ASF projects, and set
>>> our boundaries and limits their individual approach as well as clear limits
>>> and boundaries for the organisations that would like to apply - and then
>>> let any entity who wants to help to see how they can fit-in.
>>>
>>> Happy to help with hashing it out.
>>>
>>> J.
>>>
>>> On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz <bd...@apache.org>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik <ro...@shaposhnik.org> a
>>>> écrit :
>>>>> ...Once we've collected that type of info -- we can then sort of
>>>> "evaluate
>>>>> vendors" against that list and see what they are missing, etc. We can
>>>>> even issue a wide "call to apply" for various companies if we feel like
>>>> it...
>>>>
>>>> +1, I like the idea!
>>>>
>>>> -Bertrand
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>>> For additional commands, e-mail: dev-help@community.apache.org
>>>>
>>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Dave Fisher <wa...@comcast.net>.
The way this discussion is going makes me want to ask why should tidelift be any different from a vendor that pays individuals to work on ASF projects as part of their employment?
The same neutrality ought to apply. Why do we need to make a new classification?
All the best,
Dave
Sent from my iPhone
> On Mar 2, 2022, at 4:31 PM, Willem Jiang <wi...@gmail.com> wrote:
>
> +1.
> It will make the maintainer's life easier with this collected information.
> When we bring the commercial support to the ASF project daily
> development, we still need to follow certain rules to avoid the
> conflict with the Apache way we believed.
>
> Willem Jiang
>
> Twitter: willemjiang
> Weibo: 姜宁willem
>
>> On Thu, Mar 3, 2022 at 1:08 AM Jarek Potiuk <ja...@potiuk.com> wrote:
>>
>> Thanks Roman for the initiative. +1 on it.
>>
>> I think this might allow us to focus on what we (ASF) think is really
>> important and needed by the individuals who work on ASF projects, and set
>> our boundaries and limits their individual approach as well as clear limits
>> and boundaries for the organisations that would like to apply - and then
>> let any entity who wants to help to see how they can fit-in.
>>
>> Happy to help with hashing it out.
>>
>> J.
>>
>> On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz <bd...@apache.org>
>> wrote:
>>
>>> Hi,
>>>
>>> Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik <ro...@shaposhnik.org> a
>>> écrit :
>>>> ...Once we've collected that type of info -- we can then sort of
>>> "evaluate
>>>> vendors" against that list and see what they are missing, etc. We can
>>>> even issue a wide "call to apply" for various companies if we feel like
>>> it...
>>>
>>> +1, I like the idea!
>>>
>>> -Bertrand
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>> For additional commands, e-mail: dev-help@community.apache.org
>>>
>>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Willem Jiang <wi...@gmail.com>.
+1.
It will make the maintainer's life easier with this collected information.
When we bring the commercial support to the ASF project daily
development, we still need to follow certain rules to avoid the
conflict with the Apache way we believed.
Willem Jiang
Twitter: willemjiang
Weibo: 姜宁willem
On Thu, Mar 3, 2022 at 1:08 AM Jarek Potiuk <ja...@potiuk.com> wrote:
>
> Thanks Roman for the initiative. +1 on it.
>
> I think this might allow us to focus on what we (ASF) think is really
> important and needed by the individuals who work on ASF projects, and set
> our boundaries and limits their individual approach as well as clear limits
> and boundaries for the organisations that would like to apply - and then
> let any entity who wants to help to see how they can fit-in.
>
> Happy to help with hashing it out.
>
> J.
>
> On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz <bd...@apache.org>
> wrote:
>
> > Hi,
> >
> > Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik <ro...@shaposhnik.org> a
> > écrit :
> > > ...Once we've collected that type of info -- we can then sort of
> > "evaluate
> > > vendors" against that list and see what they are missing, etc. We can
> > > even issue a wide "call to apply" for various companies if we feel like
> > it...
> >
> > +1, I like the idea!
> >
> > -Bertrand
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> > For additional commands, e-mail: dev-help@community.apache.org
> >
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
Thanks Roman for the initiative. +1 on it.
I think this might allow us to focus on what we (ASF) think is really
important and needed by the individuals who work on ASF projects, and set
our boundaries and limits their individual approach as well as clear limits
and boundaries for the organisations that would like to apply - and then
let any entity who wants to help to see how they can fit-in.
Happy to help with hashing it out.
J.
On Wed, Mar 2, 2022 at 3:30 PM Bertrand Delacretaz <bd...@apache.org>
wrote:
> Hi,
>
> Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik <ro...@shaposhnik.org> a
> écrit :
> > ...Once we've collected that type of info -- we can then sort of
> "evaluate
> > vendors" against that list and see what they are missing, etc. We can
> > even issue a wide "call to apply" for various companies if we feel like
> it...
>
> +1, I like the idea!
>
> -Bertrand
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Bertrand Delacretaz <bd...@apache.org>.
Hi,
Le mer. 2 mars 2022 à 15:19, Roman Shaposhnik <ro...@shaposhnik.org> a écrit :
> ...Once we've collected that type of info -- we can then sort of "evaluate
> vendors" against that list and see what they are missing, etc. We can
> even issue a wide "call to apply" for various companies if we feel like it...
+1, I like the idea!
-Bertrand
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Roman Shaposhnik <ro...@shaposhnik.org>.
Hi!
top-posting here, since I'd like to summarize a few points to see where we
can
take this discussion. Before I do that I wanted to thank Bertrand and Jim
for
excellent, short emails/summaries and also special thanks to Chris for an
extremely informative recap of his efforts.
Personally, I'd like to focus on 3 things. Please let me know if I'm missing
anything or you disagree:
1. building a robust list of what we at ASF perceive as potential value
that can be offered to *our* members, committers and contributors
by the 3d parties like Tidelift (again, I'm simply using them as an
example here -- anybody else would do just fine).
2. building a list of "rules of engagement" that we feel must be met
for these types of relationships to be compatible with the way we
govern our communities.
3. document all the learning, pitfalls, etc. that we've collectively
amassed by trying to solve this type of a problem on a one-by-one
basis.
To expand on those points: I really do think that 3d parties (if done
right) can take care of a lot of pain points for us. Again -- I'm NOT
saying that a magic entity like that even exists today (maybe Tidelift
is really not the right solution for us -- dunno yet) -- what I'm saying
is that I really would like to understand how that type of a service
should look like. Or take Jarek's example of ridesharing: most
of people focus on ridesharing companies just matching riders to
drivers, but that's just the tip of the iceberg -- ridesharing companies
solve huge amounts of arbitration issues (such as insurance, license,
etc.). Common folk don't get to see those -- but that's a huge value they
offer to drivers (and arguably riders) on top of just finding "customers".
Same with 3d parties for us I have in mind (see Chris's list of gotchas).
For now, I propose a few Cofluence pages under ComDev where this
type of information gets collected. I'll do it later tonight -- so feel free
to just add to this thread for now.
Once we've collected that type of info -- we can then sort of "evaluate
vendors" against that list and see what they are missing, etc. We can
even issue a wide "call to apply" for various companies if we feel like it.
Makes sense?
Thanks,
Roman.
On Tue, Mar 1, 2022 at 9:43 AM Bertrand Delacretaz <bd...@apache.org>
wrote:
> Hi,
>
> Le lun. 28 févr. 2022 à 21:15, Jarek Potiuk <ja...@potiuk.com> a écrit :
>
> > ...Proposal:
> > I think we all agree that ASF meets the criteria of Tidelift already.
> > Why don't Tidelift (in the places where open-source projects included are
> > listed) explain that ASF projects meet the criteria, and any one is free
> > to deal directly with the committers of all ASF projects directly...
>
> I'd say we all agree that *in theory* ASF projects meet Tidelift's
> criteria, quoting from earlier in this thread, with my own numbering
> added:
>
> Le lun. 28 févr. 2022 à 19:30, Joshua Simmons
> <jo...@tidelift.com> a écrit :
> > ...*What Tidelift expects from maintainers*Maintainers provide two
> things to
> > our customers: (1) information (licensing details, context on CVEs) and
> > (2) continuity (comfort that the package is maintained and is highly
> likely to
> > continue to be maintained). We also expect maintainers (3) to abide by a
> Code
> > of Conduct....
>
> I think for (3) we're good, the ASF will intervene if projects are not ok.
>
> But for (1) and (2) I think the ASF *wants* our projects to be good
> citizens, and we work towards that and support them, but entities such
> as Tidelift or others could add value by measuring and reporting what
> actually happens.
>
> Does Apache FOO actually provide good information on security issues and
> CVEs?
> Timely response? What's their average/min/max response time, how many
> "in-flight" CVEs?
> Does Apache FOO release often enough? Maybe based on project maturity
> categories, new, established, mostly dormant etc.
>
> We could of course measure these things ourselves, and we do have some
> data.
>
> But I think having external entities provide factual data on how well
> our projects are doing can be useful, and for customers of Tidelift
> and the like that certainly has value.
>
> Whatever mechanism our contributors use to finance themselves, having
> information on which projects are most worthy of trust can help end
> users select and finance the right projects and people.
>
> -Bertrand
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Bertrand Delacretaz <bd...@apache.org>.
Hi,
Le lun. 28 févr. 2022 à 21:15, Jarek Potiuk <ja...@potiuk.com> a écrit :
> ...Proposal:
> I think we all agree that ASF meets the criteria of Tidelift already.
> Why don't Tidelift (in the places where open-source projects included are
> listed) explain that ASF projects meet the criteria, and any one is free
> to deal directly with the committers of all ASF projects directly...
I'd say we all agree that *in theory* ASF projects meet Tidelift's
criteria, quoting from earlier in this thread, with my own numbering
added:
Le lun. 28 févr. 2022 à 19:30, Joshua Simmons
<jo...@tidelift.com> a écrit :
> ...*What Tidelift expects from maintainers*Maintainers provide two things to
> our customers: (1) information (licensing details, context on CVEs) and
> (2) continuity (comfort that the package is maintained and is highly likely to
> continue to be maintained). We also expect maintainers (3) to abide by a Code
> of Conduct....
I think for (3) we're good, the ASF will intervene if projects are not ok.
But for (1) and (2) I think the ASF *wants* our projects to be good
citizens, and we work towards that and support them, but entities such
as Tidelift or others could add value by measuring and reporting what
actually happens.
Does Apache FOO actually provide good information on security issues and CVEs?
Timely response? What's their average/min/max response time, how many
"in-flight" CVEs?
Does Apache FOO release often enough? Maybe based on project maturity
categories, new, established, mostly dormant etc.
We could of course measure these things ourselves, and we do have some data.
But I think having external entities provide factual data on how well
our projects are doing can be useful, and for customers of Tidelift
and the like that certainly has value.
Whatever mechanism our contributors use to finance themselves, having
information on which projects are most worthy of trust can help end
users select and finance the right projects and people.
-Bertrand
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
>
>
> I don’t care why people pay Tidelift nor do I see a reason I should have
> to.
The fact that you see no added
> value doesn’t mean people won’t pay them, even if it is just so they can
> feel
> that they are contributing to the open source they use.
Proposal:
I think we all agree that ASF meets the criteria of Tidelift already.
Why don't Tidelift (in the places where open-source projects included are
listed) explain that ASF projects meet the criteria, and any one is free
to deal directly with the committers of all ASF projects directly (with
links to the list to projects and committers which are all publicly
available)
The goal of Tidelift is achieved, the rules of ASF are followed. All money
will
go directly to the committers, Tidelift has less coordination and
communication
to do.
Does this make sense?
J,
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Ralph Goers <ra...@dslextreme.com>.
You are still confusing how individuals in ASF projects can work with Tidelift
(or vice versa) vs why anyone would pay them. I don’t care why people pay
Tidelift nor do I see a reason I should have to. The fact that you see no added
value doesn’t mean people won’t pay them, even if it is just so they can feel
that they are contributing to the open source they use.
I’m glad you get paid by Google, although I am not sure that it is the same
group that spoke with the Logging Services PMC. But the fact is, you should
be able to be paid by anyone who wants to pay you, assuming they aren’t
expecting things of you as an individual that you cannot guarantee.
The important difference with Tidelift is that they are not asking for any
specific work to be done, rather they are paying to ensure the project meets
certain standards and will still be around for a good while. To be honest,
I can appreciate that. I’ve seen a lot of projects on GitHub that are pretty
neat but have lots of issues and PRs that no one is looking at and no
commits have been done in years.
Ralph
> On Feb 28, 2022, at 12:40 PM, Jarek Potiuk <ja...@potiuk.com> wrote:
>
> Ralph:
>
>> The ASF doesn’t “need” Tidelift. Nor do we need Google. But there are
> individuals who work on projects who would welcome the opportunity to be
> paid by them
>
> I am being paid for part of my time with Google (among others). With
> contract that recognizes that I cannot "do stuff they want"
> if the community will not agree to it.
>
> Let's enable it for others and show them the path how to do it.
>
> Neither Google nor I needed Tidelift for that. I still do not see what
> Tidelift could
> provide to either me or Google as the intermediary if they cannot influence
> what
> individuals running the project will do. I am scratching my head over and
> over
> and I can't see what it is.
>
> Joshua:
>
> I read the doc carefully. Few times. And I still am puzzled on what
> Tidelift provides
> to either individuals or stakeholders who want to pay those individuals for
> ASF
> projects. The processes are there, maintainers are there, responsible
> disclosure
> is there. Why stakeholders or ASF or individuals would need Tidelift as an
> intermediary ? I don't get it.
>
> J.
>
>
> On Mon, Feb 28, 2022 at 7:30 PM Joshua Simmons <jo...@tidelift.com>
> wrote:
>
>> Good $localtime, folks! I just want to underscore a really important
>> section of the document I provided yesterday, as it seems this detail is
>> lost in the mix. Tidelift very deliberately does not direct development.
>> I'll remain on the sidelines here as y'all deliberate, but I want to make
>> sure we're operating from the same set of facts.
>>
>>
>> *Why Tidelift works with maintainers*We want the open source projects used
>> by our customers—your downstream users—to be as healthy and secure as
>> possible. We believe this requires directly supporting maintainers and
>> their work, both financially and through providing tools and resources that
>> make it easier for them to be successful.
>>
>>
>> *What Tidelift expects from maintainers*Maintainers provide two things to
>> our customers: information (licensing details, context on CVEs) and
>> continuity (comfort that the package is maintained and is highly likely to
>> continue to be maintained). We also expect maintainers to abide by a Code
>> of Conduct. Neither Tidelift nor our customers direct development of
>> Tidelift-supported packages.
>>
>>
>> *What Tidelift expects of projects*We only work with projects that meet
>> certain standards: there must be a responsible vulnerability disclosure
>> process in place, and clear licensing metadata. While mature projects have
>> these standards in place, many of the open source projects we work with
>> have just 1 or 2 maintainers, and it’s not unusual for them to implement
>> these standards as part of preparing to work with us.
>>
>> Some projects–such as those at the ASF–can’t implement those things on our
>> behalf due to policy constraints. Good news is that those projects tend to
>> already meet these standards! Our goal here is to promote good governance.
>>
>> Josh Simmons (he/they), Sr. Ecosystem Strategy Lead @ Tidelift
>> <https://tidelift.com/>
>> @joshsimmons <https://twitter.com/joshsimmons> |
>> joshua.simmons@tidelift.com
>> | bluesomewhere on IRC
>> TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar
>> ad astra per aspera 🚀
>>
>>
>> On Mon, Feb 28, 2022 at 10:24 AM Jim Jagielski <ji...@jagunet.com> wrote:
>>
>>> Tidelift's model, which expects that maintainers do have direct and
>> almost
>>> unassailable control over a project, is not compatible with the Apache
>> Way.
>>> Tidelift's model works well with projects in which developers and
>>> maintainers can "do stuff" without worrying about building a consensus
>>> around whether or not their contributions are OK or not.
>>>
>>> I'd like to see how that model and Apache could fit together, but I'm at
>> a
>>> loss to think about how. The main benefit that those who fund the work is
>>> not just an expectation that code will be fixed, etc, but a *requirement*
>>> that it be done. They are paying for the guarantee. This requires a
>>> development model in which those paid by Tidelift can forcibly introduce
>>> code and contributions at will. This conflicts with the ASF development
>>> model.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>> For additional commands, e-mail: dev-help@community.apache.org
>>>
>>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
Ralph:
> The ASF doesn’t “need” Tidelift. Nor do we need Google. But there are
individuals who work on projects who would welcome the opportunity to be
paid by them
I am being paid for part of my time with Google (among others). With
contract that recognizes that I cannot "do stuff they want"
if the community will not agree to it.
Let's enable it for others and show them the path how to do it.
Neither Google nor I needed Tidelift for that. I still do not see what
Tidelift could
provide to either me or Google as the intermediary if they cannot influence
what
individuals running the project will do. I am scratching my head over and
over
and I can't see what it is.
Joshua:
I read the doc carefully. Few times. And I still am puzzled on what
Tidelift provides
to either individuals or stakeholders who want to pay those individuals for
ASF
projects. The processes are there, maintainers are there, responsible
disclosure
is there. Why stakeholders or ASF or individuals would need Tidelift as an
intermediary ? I don't get it.
J.
On Mon, Feb 28, 2022 at 7:30 PM Joshua Simmons <jo...@tidelift.com>
wrote:
> Good $localtime, folks! I just want to underscore a really important
> section of the document I provided yesterday, as it seems this detail is
> lost in the mix. Tidelift very deliberately does not direct development.
> I'll remain on the sidelines here as y'all deliberate, but I want to make
> sure we're operating from the same set of facts.
>
>
> *Why Tidelift works with maintainers*We want the open source projects used
> by our customers—your downstream users—to be as healthy and secure as
> possible. We believe this requires directly supporting maintainers and
> their work, both financially and through providing tools and resources that
> make it easier for them to be successful.
>
>
> *What Tidelift expects from maintainers*Maintainers provide two things to
> our customers: information (licensing details, context on CVEs) and
> continuity (comfort that the package is maintained and is highly likely to
> continue to be maintained). We also expect maintainers to abide by a Code
> of Conduct. Neither Tidelift nor our customers direct development of
> Tidelift-supported packages.
>
>
> *What Tidelift expects of projects*We only work with projects that meet
> certain standards: there must be a responsible vulnerability disclosure
> process in place, and clear licensing metadata. While mature projects have
> these standards in place, many of the open source projects we work with
> have just 1 or 2 maintainers, and it’s not unusual for them to implement
> these standards as part of preparing to work with us.
>
> Some projects–such as those at the ASF–can’t implement those things on our
> behalf due to policy constraints. Good news is that those projects tend to
> already meet these standards! Our goal here is to promote good governance.
>
> Josh Simmons (he/they), Sr. Ecosystem Strategy Lead @ Tidelift
> <https://tidelift.com/>
> @joshsimmons <https://twitter.com/joshsimmons> |
> joshua.simmons@tidelift.com
> | bluesomewhere on IRC
> TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar
> ad astra per aspera 🚀
>
>
> On Mon, Feb 28, 2022 at 10:24 AM Jim Jagielski <ji...@jagunet.com> wrote:
>
> > Tidelift's model, which expects that maintainers do have direct and
> almost
> > unassailable control over a project, is not compatible with the Apache
> Way.
> > Tidelift's model works well with projects in which developers and
> > maintainers can "do stuff" without worrying about building a consensus
> > around whether or not their contributions are OK or not.
> >
> > I'd like to see how that model and Apache could fit together, but I'm at
> a
> > loss to think about how. The main benefit that those who fund the work is
> > not just an expectation that code will be fixed, etc, but a *requirement*
> > that it be done. They are paying for the guarantee. This requires a
> > development model in which those paid by Tidelift can forcibly introduce
> > code and contributions at will. This conflicts with the ASF development
> > model.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> > For additional commands, e-mail: dev-help@community.apache.org
> >
> >
>
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Joshua Simmons <jo...@tidelift.com>.
Good $localtime, folks! I just want to underscore a really important
section of the document I provided yesterday, as it seems this detail is
lost in the mix. Tidelift very deliberately does not direct development.
I'll remain on the sidelines here as y'all deliberate, but I want to make
sure we're operating from the same set of facts.
*Why Tidelift works with maintainers*We want the open source projects used
by our customers—your downstream users—to be as healthy and secure as
possible. We believe this requires directly supporting maintainers and
their work, both financially and through providing tools and resources that
make it easier for them to be successful.
*What Tidelift expects from maintainers*Maintainers provide two things to
our customers: information (licensing details, context on CVEs) and
continuity (comfort that the package is maintained and is highly likely to
continue to be maintained). We also expect maintainers to abide by a Code
of Conduct. Neither Tidelift nor our customers direct development of
Tidelift-supported packages.
*What Tidelift expects of projects*We only work with projects that meet
certain standards: there must be a responsible vulnerability disclosure
process in place, and clear licensing metadata. While mature projects have
these standards in place, many of the open source projects we work with
have just 1 or 2 maintainers, and it’s not unusual for them to implement
these standards as part of preparing to work with us.
Some projects–such as those at the ASF–can’t implement those things on our
behalf due to policy constraints. Good news is that those projects tend to
already meet these standards! Our goal here is to promote good governance.
Josh Simmons (he/they), Sr. Ecosystem Strategy Lead @ Tidelift
<https://tidelift.com/>
@joshsimmons <https://twitter.com/joshsimmons> | joshua.simmons@tidelift.com
| bluesomewhere on IRC
TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar
ad astra per aspera 🚀
On Mon, Feb 28, 2022 at 10:24 AM Jim Jagielski <ji...@jagunet.com> wrote:
> Tidelift's model, which expects that maintainers do have direct and almost
> unassailable control over a project, is not compatible with the Apache Way.
> Tidelift's model works well with projects in which developers and
> maintainers can "do stuff" without worrying about building a consensus
> around whether or not their contributions are OK or not.
>
> I'd like to see how that model and Apache could fit together, but I'm at a
> loss to think about how. The main benefit that those who fund the work is
> not just an expectation that code will be fixed, etc, but a *requirement*
> that it be done. They are paying for the guarantee. This requires a
> development model in which those paid by Tidelift can forcibly introduce
> code and contributions at will. This conflicts with the ASF development
> model.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jim Jagielski <ji...@jaguNET.com>.
Tidelift's model, which expects that maintainers do have direct and almost unassailable control over a project, is not compatible with the Apache Way. Tidelift's model works well with projects in which developers and maintainers can "do stuff" without worrying about building a consensus around whether or not their contributions are OK or not.
I'd like to see how that model and Apache could fit together, but I'm at a loss to think about how. The main benefit that those who fund the work is not just an expectation that code will be fixed, etc, but a *requirement* that it be done. They are paying for the guarantee. This requires a development model in which those paid by Tidelift can forcibly introduce code and contributions at will. This conflicts with the ASF development model.
> On Feb 28, 2022, at 12:50 PM, Jarek Potiuk <ja...@potiuk.com> wrote:
>
>> So while I agree with everything Bertrand said I don’t think it resolves
> the real issue.
> TideLift is providing a guarantee to its customers that projects it
> sponsors meet certain
> standards. The standards they are looking for should really be set by the
> ASF, not
> individual projects.
>
> This is the part I do not understand. What Tidelift can promise to their
> customers and on what basis?
> According to ASF rules where only individuals in the project can make
> decisions - this means that Tidelift
> has no mechanisms whatsoever to fulfill their promise.
>
> And if ASF sets the standards - why do we need Tidelift at all ?
> To be perfectly blunt - I am afraid that until Tidelift resolves any
> of the real problems of individual committers we mentioned with Bertrand
> (including facilitating direct relationship commiter <> stakeholder),
> I do not see what's the added value of Tidelift. Seems like unnecessary
> intermediary.
>
> J.
>
>
> On Mon, Feb 28, 2022 at 5:10 PM Ralph Goers <ra...@dslextreme.com>
> wrote:
>
>> First, I would like to clarify Gary’s email as I don’t think he
>> characterized it quite correctly.
>> The Logging PMC concluded we could not be part of an arrangement with
>> TideLift and
>> that the issues needed to be worked out at the foundation level. The
>> primary issue was
>> that TideLift had requirements on advertising and process details that
>> required approval
>> of the PMC in order for individuals to be able to be paid. We met with a
>> Google
>> security team in January and had similar issues where they required a
>> process that isn’t
>> aligned with the ASF’s requirements on how releases are to be performed.
>>
>> Second, from my point of view the ASF should have discussions with
>> TideLift and Google to
>> see if those issues can be resolved. The ideal scenario would be that
>> TideLift and Google
>> can simply sponsor individuals from any ASF project because all ASF
>> projects must
>> conform to guidelines that meet their criteria - i.e. the PMC doesn’t even
>> have to be
>> involved. But this obviously requires that the foundation work with these
>> third parties to
>> either improve our processes where needed or get the third party to accept
>> our processes.
>>
>> So while I agree with everything Bertrand said I don’t think it resolves
>> the real issue.
>> TideLift is providing a guarantee to its customers that projects it
>> sponsors meet certain
>> standards. The standards they are looking for should really be set by the
>> ASF, not
>> individual projects.
>>
>> Ralph
>>
>>
>>> On Feb 28, 2022, at 5:03 AM, Bertrand Delacretaz <bd...@apache.org>
>> wrote:
>>>
>>> Hi,
>>>
>>> Le lun. 28 févr. 2022 à 11:06, Jarek Potiuk <ja...@potiuk.com> a écrit :
>>>> ...the relationships I have is direct relationship with the
>>>> stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely
>> "removing
>>>> bureaucratic obstacles" but they are not "between" me and my
>> stakeholders.
>>>> They are "on a side". They get a small cut sometimes (which I gladly
>> pay)
>>>> but I want to talk to the stakeholders directly without any
>> intermediaries
>>>> and establish a long-term relationship with them as an individual....
>>>
>>> I think that's a key point, and listing such requirements for
>>> platforms that can help our contributors get funding sounds useful.
>>>
>>> Here's a quick list of initial requirements that we might include:
>>> -Contributors can get steady funding for their work
>>> -ASF is out of the loop of financial transactions
>>> -Contributors must use a standard ASF disclaimer (draft at [1])
>>> -Contributors can establish a direct relationship with sponsors
>>> -Several "funding intermediaries" are available
>>> -ASF might define the wording that contributors can use when
>>> advertising themselves (based on facts, etc.)
>>>
>>> I like the idea of the ASF facilitating these things.
>>>
>>> Maintaining a comdev page that lists criteria like the above, with
>>> pointers to the relevant ASF policies, and lists intermediaries that
>>> our contributors have successfully used, might be a good start.
>>>
>>> -Bertrand
>>>
>>> [1] https://community.apache.org/committers/funding-disclaimer.html
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>> For additional commands, e-mail: dev-help@community.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Ralph Goers <ra...@dslextreme.com>.
I don’t agree. First, the “added value” Tidelift provides is not our problem.
If they can’t attract customers then the individuals on the projects they
support won’t get any money.
But, as I said, Tidelift could have a mechanism to fulfill their promises if the
ASF had overall project requirements such as requiring that a project have
3 active committers AND 3 active PMC members. The distinction might not
seem like much but there are projects that are still functioning because they
still have 3 PMC members but no one is committing anything. So when
issues arise it could take a long timeto get a release cut to fix the issue since,
presumably there could be a lot of dependency updates required.
“Why do we need Tidelift at all?”
The ASF doesn’t “need” Tidelift. Nor do we need Google. But there are
individuals who work on projects who would welcome the opportunity to be
paid by them. Currently, they cannot because Tidelift can’t guarantee
anything to their customers regarding ASF projects and Google has security
requirements that we can’t meet because they contract the ASF release policies.
Tidelift cannot resolve problems that are not in its control. Neither can ASF
projects.
I had thought that both the VPs of Fundraising and Legal were going to reach
out to Tidelift to discuss these issues. I don’t recall seeing any feedback from
that to see if any progress was made.
> On Feb 28, 2022, at 10:50 AM, Jarek Potiuk <ja...@potiuk.com> wrote:
>
>> So while I agree with everything Bertrand said I don’t think it resolves
> the real issue.
> TideLift is providing a guarantee to its customers that projects it
> sponsors meet certain
> standards. The standards they are looking for should really be set by the
> ASF, not
> individual projects.
>
> This is the part I do not understand. What Tidelift can promise to their
> customers and on what basis?
> According to ASF rules where only individuals in the project can make
> decisions - this means that Tidelift
> has no mechanisms whatsoever to fulfill their promise.
>
> And if ASF sets the standards - why do we need Tidelift at all ?
> To be perfectly blunt - I am afraid that until Tidelift resolves any
> of the real problems of individual committers we mentioned with Bertrand
> (including facilitating direct relationship commiter <> stakeholder),
> I do not see what's the added value of Tidelift. Seems like unnecessary
> intermediary.
>
> J.
>
>
> On Mon, Feb 28, 2022 at 5:10 PM Ralph Goers <ra...@dslextreme.com>
> wrote:
>
>> First, I would like to clarify Gary’s email as I don’t think he
>> characterized it quite correctly.
>> The Logging PMC concluded we could not be part of an arrangement with
>> TideLift and
>> that the issues needed to be worked out at the foundation level. The
>> primary issue was
>> that TideLift had requirements on advertising and process details that
>> required approval
>> of the PMC in order for individuals to be able to be paid. We met with a
>> Google
>> security team in January and had similar issues where they required a
>> process that isn’t
>> aligned with the ASF’s requirements on how releases are to be performed.
>>
>> Second, from my point of view the ASF should have discussions with
>> TideLift and Google to
>> see if those issues can be resolved. The ideal scenario would be that
>> TideLift and Google
>> can simply sponsor individuals from any ASF project because all ASF
>> projects must
>> conform to guidelines that meet their criteria - i.e. the PMC doesn’t even
>> have to be
>> involved. But this obviously requires that the foundation work with these
>> third parties to
>> either improve our processes where needed or get the third party to accept
>> our processes.
>>
>> So while I agree with everything Bertrand said I don’t think it resolves
>> the real issue.
>> TideLift is providing a guarantee to its customers that projects it
>> sponsors meet certain
>> standards. The standards they are looking for should really be set by the
>> ASF, not
>> individual projects.
>>
>> Ralph
>>
>>
>>> On Feb 28, 2022, at 5:03 AM, Bertrand Delacretaz <bd...@apache.org>
>> wrote:
>>>
>>> Hi,
>>>
>>> Le lun. 28 févr. 2022 à 11:06, Jarek Potiuk <ja...@potiuk.com> a écrit :
>>>> ...the relationships I have is direct relationship with the
>>>> stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely
>> "removing
>>>> bureaucratic obstacles" but they are not "between" me and my
>> stakeholders.
>>>> They are "on a side". They get a small cut sometimes (which I gladly
>> pay)
>>>> but I want to talk to the stakeholders directly without any
>> intermediaries
>>>> and establish a long-term relationship with them as an individual....
>>>
>>> I think that's a key point, and listing such requirements for
>>> platforms that can help our contributors get funding sounds useful.
>>>
>>> Here's a quick list of initial requirements that we might include:
>>> -Contributors can get steady funding for their work
>>> -ASF is out of the loop of financial transactions
>>> -Contributors must use a standard ASF disclaimer (draft at [1])
>>> -Contributors can establish a direct relationship with sponsors
>>> -Several "funding intermediaries" are available
>>> -ASF might define the wording that contributors can use when
>>> advertising themselves (based on facts, etc.)
>>>
>>> I like the idea of the ASF facilitating these things.
>>>
>>> Maintaining a comdev page that lists criteria like the above, with
>>> pointers to the relevant ASF policies, and lists intermediaries that
>>> our contributors have successfully used, might be a good start.
>>>
>>> -Bertrand
>>>
>>> [1] https://community.apache.org/committers/funding-disclaimer.html
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>>> For additional commands, e-mail: dev-help@community.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
>> For additional commands, e-mail: dev-help@community.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
> So while I agree with everything Bertrand said I don’t think it resolves
the real issue.
TideLift is providing a guarantee to its customers that projects it
sponsors meet certain
standards. The standards they are looking for should really be set by the
ASF, not
individual projects.
This is the part I do not understand. What Tidelift can promise to their
customers and on what basis?
According to ASF rules where only individuals in the project can make
decisions - this means that Tidelift
has no mechanisms whatsoever to fulfill their promise.
And if ASF sets the standards - why do we need Tidelift at all ?
To be perfectly blunt - I am afraid that until Tidelift resolves any
of the real problems of individual committers we mentioned with Bertrand
(including facilitating direct relationship commiter <> stakeholder),
I do not see what's the added value of Tidelift. Seems like unnecessary
intermediary.
J.
On Mon, Feb 28, 2022 at 5:10 PM Ralph Goers <ra...@dslextreme.com>
wrote:
> First, I would like to clarify Gary’s email as I don’t think he
> characterized it quite correctly.
> The Logging PMC concluded we could not be part of an arrangement with
> TideLift and
> that the issues needed to be worked out at the foundation level. The
> primary issue was
> that TideLift had requirements on advertising and process details that
> required approval
> of the PMC in order for individuals to be able to be paid. We met with a
> Google
> security team in January and had similar issues where they required a
> process that isn’t
> aligned with the ASF’s requirements on how releases are to be performed.
>
> Second, from my point of view the ASF should have discussions with
> TideLift and Google to
> see if those issues can be resolved. The ideal scenario would be that
> TideLift and Google
> can simply sponsor individuals from any ASF project because all ASF
> projects must
> conform to guidelines that meet their criteria - i.e. the PMC doesn’t even
> have to be
> involved. But this obviously requires that the foundation work with these
> third parties to
> either improve our processes where needed or get the third party to accept
> our processes.
>
> So while I agree with everything Bertrand said I don’t think it resolves
> the real issue.
> TideLift is providing a guarantee to its customers that projects it
> sponsors meet certain
> standards. The standards they are looking for should really be set by the
> ASF, not
> individual projects.
>
> Ralph
>
>
> > On Feb 28, 2022, at 5:03 AM, Bertrand Delacretaz <bd...@apache.org>
> wrote:
> >
> > Hi,
> >
> > Le lun. 28 févr. 2022 à 11:06, Jarek Potiuk <ja...@potiuk.com> a écrit :
> >> ...the relationships I have is direct relationship with the
> >> stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely
> "removing
> >> bureaucratic obstacles" but they are not "between" me and my
> stakeholders.
> >> They are "on a side". They get a small cut sometimes (which I gladly
> pay)
> >> but I want to talk to the stakeholders directly without any
> intermediaries
> >> and establish a long-term relationship with them as an individual....
> >
> > I think that's a key point, and listing such requirements for
> > platforms that can help our contributors get funding sounds useful.
> >
> > Here's a quick list of initial requirements that we might include:
> > -Contributors can get steady funding for their work
> > -ASF is out of the loop of financial transactions
> > -Contributors must use a standard ASF disclaimer (draft at [1])
> > -Contributors can establish a direct relationship with sponsors
> > -Several "funding intermediaries" are available
> > -ASF might define the wording that contributors can use when
> > advertising themselves (based on facts, etc.)
> >
> > I like the idea of the ASF facilitating these things.
> >
> > Maintaining a comdev page that lists criteria like the above, with
> > pointers to the relevant ASF policies, and lists intermediaries that
> > our contributors have successfully used, might be a good start.
> >
> > -Bertrand
> >
> > [1] https://community.apache.org/committers/funding-disclaimer.html
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> > For additional commands, e-mail: dev-help@community.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
>
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Ralph Goers <ra...@dslextreme.com>.
First, I would like to clarify Gary’s email as I don’t think he characterized it quite correctly.
The Logging PMC concluded we could not be part of an arrangement with TideLift and
that the issues needed to be worked out at the foundation level. The primary issue was
that TideLift had requirements on advertising and process details that required approval
of the PMC in order for individuals to be able to be paid. We met with a Google
security team in January and had similar issues where they required a process that isn’t
aligned with the ASF’s requirements on how releases are to be performed.
Second, from my point of view the ASF should have discussions with TideLift and Google to
see if those issues can be resolved. The ideal scenario would be that TideLift and Google
can simply sponsor individuals from any ASF project because all ASF projects must
conform to guidelines that meet their criteria - i.e. the PMC doesn’t even have to be
involved. But this obviously requires that the foundation work with these third parties to
either improve our processes where needed or get the third party to accept our processes.
So while I agree with everything Bertrand said I don’t think it resolves the real issue.
TideLift is providing a guarantee to its customers that projects it sponsors meet certain
standards. The standards they are looking for should really be set by the ASF, not
individual projects.
Ralph
> On Feb 28, 2022, at 5:03 AM, Bertrand Delacretaz <bd...@apache.org> wrote:
>
> Hi,
>
> Le lun. 28 févr. 2022 à 11:06, Jarek Potiuk <ja...@potiuk.com> a écrit :
>> ...the relationships I have is direct relationship with the
>> stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely "removing
>> bureaucratic obstacles" but they are not "between" me and my stakeholders.
>> They are "on a side". They get a small cut sometimes (which I gladly pay)
>> but I want to talk to the stakeholders directly without any intermediaries
>> and establish a long-term relationship with them as an individual....
>
> I think that's a key point, and listing such requirements for
> platforms that can help our contributors get funding sounds useful.
>
> Here's a quick list of initial requirements that we might include:
> -Contributors can get steady funding for their work
> -ASF is out of the loop of financial transactions
> -Contributors must use a standard ASF disclaimer (draft at [1])
> -Contributors can establish a direct relationship with sponsors
> -Several "funding intermediaries" are available
> -ASF might define the wording that contributors can use when
> advertising themselves (based on facts, etc.)
>
> I like the idea of the ASF facilitating these things.
>
> Maintaining a comdev page that lists criteria like the above, with
> pointers to the relevant ASF policies, and lists intermediaries that
> our contributors have successfully used, might be a good start.
>
> -Bertrand
>
> [1] https://community.apache.org/committers/funding-disclaimer.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
> For additional commands, e-mail: dev-help@community.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Bertrand Delacretaz <bd...@apache.org>.
Hi,
Le lun. 28 févr. 2022 à 11:06, Jarek Potiuk <ja...@potiuk.com> a écrit :
>...the relationships I have is direct relationship with the
> stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely "removing
> bureaucratic obstacles" but they are not "between" me and my stakeholders.
> They are "on a side". They get a small cut sometimes (which I gladly pay)
> but I want to talk to the stakeholders directly without any intermediaries
> and establish a long-term relationship with them as an individual....
I think that's a key point, and listing such requirements for
platforms that can help our contributors get funding sounds useful.
Here's a quick list of initial requirements that we might include:
-Contributors can get steady funding for their work
-ASF is out of the loop of financial transactions
-Contributors must use a standard ASF disclaimer (draft at [1])
-Contributors can establish a direct relationship with sponsors
-Several "funding intermediaries" are available
-ASF might define the wording that contributors can use when
advertising themselves (based on facts, etc.)
I like the idea of the ASF facilitating these things.
Maintaining a comdev page that lists criteria like the above, with
pointers to the relevant ASF policies, and lists intermediaries that
our contributors have successfully used, might be a good start.
-Bertrand
[1] https://community.apache.org/committers/funding-disclaimer.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
Yeah. I am observing (and also applauding) Chris's effort and the
problems/struggles, and I think the Tidelift (and similar) model does not
solve any of the problems of individual contributors who want to get paid.
I might be very wrong here - of course - no monopoly on understanding the
Apache Way, but I think there is a big "philosophical" clash between
Tidelift's model and the ASF one. Mostly about "organization" vs.
"individual" relationships and customer relations.
I think the problem is that Tidelift establishes a relationship between
"stakeholders" and "tidelift", not between "stakeholders" and "individual
contributors". In the doc attached by Joshua it's clear those are "our
customers" (i.e. Tidelift customers). Tidelift works with similar
assumptions as Uber and other crowdsourcing "gig economies" - but those
only work because you need some platform so that "ride sharers" can find
"ride needers" and there is no 1-1 long term relationship between those. In
the OSS/ASF world this is different. Committers are "known" and easily
searchable. if a stakeholder in PLC4X wants to do smth with PLC4X - it's
obvious they should come to Chris - there is no need to have an
intermediate platform for that. And I think there is no need for education
and practices from such a platform. I've seen (as I build and successfully
sold a software house) there were numerous attempts on trying to build
business on being the "middle-man" between software developers and
customers - with the promise that the intermediate provides training,
common approach etc. and that the customers can trust the intermediary
ratner than software house which is hired (with an assumption - we can find
you another software house if it will not work and provide an overlook of
the process). But first of all, I never saw it working long term (because
you cannot delegate trust in this way) and secondly - here is a completely
different setup. There is no second Chris to talk to.
This is the huge difference between platforms I mentioned before and
Tidelift - the relationships I have is direct relationship with the
stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely "removing
bureaucratic obstacles" but they are not "between" me and my stakeholders.
They are "on a side". They get a small cut sometimes (which I gladly pay)
but I want to talk to the stakeholders directly without any intermediaries
and establish a long-term relationship with them as an individual.
A the end what we really need is a help in:
* raising awareness among the stakeholders that they can establish
relationships with individual contributors directly
* making the stakeholders aware of the limits they can have in such
relationships
* making the stakeholders aware of the benefits they get from the
relationship even if they cannot "directly require the individuals to do
what they want"
* making it easier to reach out to the potential stakeholders
* helping to establish direct trust relationship between the individual and
stakeholders (not between individual -> intermediary -> stakeholders)
* not putting additional obligations and requirements on the individuals
(this is forbidden in ASF really as I understand it).
* helping with bureaucratic obstacles there
This might be a bit brutal for Tidelift-kind models, but ASF individual
contributors won't need the intermediary (just the bureaucratic stuff) any
more once the trust and relationship with a given stakeholder.
I think it's pretty different from what Tidelift provides for now.
J.
On Mon, Feb 28, 2022 at 9:31 AM Christofer Dutz <ch...@c-ware.de>
wrote:
> Hi Roman,
>
> thanks for bringing this up here … I too want to help with exactly this. I
> tried starting a discussion on this on members@ but that sort of dried up
> and it felt a bit like a monologue or people simply telling me what didn’t
> work for them in the past and therefore I shouldn’t try on my own … but I
> keep on adding stuff in hope someone might be passively consuming.
>
> For this, in 2021 I invested quite a bit of work, time and even money in
> scouting solutions.
>
> I knew most things I tried, would not be successful, but I wanted to do
> them to see in which way they didn’t perform. And I’m glad I tried it.
> Because I did learn things, that I haven’t thought about before. So let me
> share this with you all. Not all things I learned will apply to all
> projects and all industries. My experience is greatly dominated by
> automation industry and my work on PLC4X.
>
> So initially I tried offering paid consulting, training, and
> implementation work for PLC4X. This failed, mainly because the Automation
> industry is not used to this concept. At least the concept of individual
> contractors. Most companies use Perferred-Vendor approaches. This is the
> same in more classical IT-consulting consuming industries. The main
> difference however is that in the automation industry there are no
> proxy-companies as there are in the other parts of the industry, which
> individuals could use as proxies. In the past I have worked for numerous
> Banks by offering services through consulting companies that were listed as
> Preferred vendors. Usually even if a bank approached me directly, they then
> said: So, we’re going to take care of setting things up with company X,
> which is in our Preferred vendor-list, … This infrastructure is completely
> missing in the Automation sector.
>
> In order to make it easier for potential customers to find people willing
> to help, we added:
> https://plc4x.apache.org/users/commercial-support.html
> To the Apache PLC4X website. This was a bit tricky to get right, but I
> think in the end we got it into a form that is in-line with the ASF and
> what we are allowed to do as a non-profit charity.
>
> In parallel I took every chance to speak at conferences or publish in
> tech-magazines. However, our potential customers simply didn’t go to those
> conferences or read those magazines. The automation industry has industrial
> fairs instead of conferences and their magazines are all pay to play. So,
> you need to invest a lot of money to be noticed. This is 100% in conflict
> with the ASF’s mission, and I don’t really see any way how we can change
> this, unless companies are willing to sponsor Open-Source (and ASF) content
> or give us some space at industrial fairs. I definitely don’t see the ASF
> using it’s budget for that, unless it’s a targeted donation explicitly for
> this sort of thing.
>
> I tried platforms like Github Sponsors (Where I must continuously keep on
> searching for how to find the page every time)
> https://github.com/sponsors/ … however this didn’t work at all. I think I
> had one sponsor for 2 or 3 months, but that was a friend from the ASF. The
> problem is that the industry is used to buying products and not to
> consuming services. Also, a donation is not targeted and doesn’t work well
> with industrial book-keeping.
>
> I tried contacting companies like tidelift, but no matter what I did, I
> never got any response, but instead every time I got more spam wanting to
> tell me about how awesome open-source is (Yeah … tell me about it ;-) )
>
> I tried setting up a crowd-funding platform. The problem with the existing
> ones was, that they are not made for sponsoring feature development for
> open-source projects. I didn’t want to invest more time in preparing
> marketing videos for a campaign that takes longer to prepare than to
> implement the feature. As I couldn’t find any, I decided to setup my own.
> As I’m lazy and my website was based on WordPress I used WP-Crowdfunding (
> https://www.themeum.com/product/wp-crowdfunding-plugin/) … but I knew I
> had to have this legally checked. So, I hired a lawyer to check what I was
> planning on doing (Which is quite tricky … not many lawyers seemed to be
> willing to do that, guess most are just concentrating on the usual stuff).
>
> Turns out (at least in Germany) a classical crowdfunding is not possible.
> The problem is that if a campaign is not successful, you must pay back the
> invested money. Above that you are required by law to pay interest on that.
> This is where things start getting interesting: As soon as you pay
> interest, you offer bank-like services. And this requires you to run your
> business through BAFIN. Which is a HUGE amount of paperwork and probably
> even expensive. The only option I had, was to run it as a donation without
> any repayments.
>
> Of course, this again brings up the problem that donations don’t go down
> well in corporate accounting. So, I wasn’t expecting much to happen on my
> new crowdfunding platform. But I thought: If this should happen to work, I
> would like to enable others to do the same, so I added a few bucks to the
> lawyer bill and had him prepare something that I was allowed to give to
> others to use (Sort of like “terms of service” with a permissive license).
> This: Having a lawyer check if crowdfunding is possible and if yes, in
> which way and having them prepare the “terms of service” cost quite a bit.
>
> Unfortunately, I was right with the acceptance of this platform:
> Not a single cent got paid into any of the campaigns I listed. The sums
> some of them list were simply test-data I intentionally left there when
> going online ;-).
>
> But one thing I didn’t expect, was that having campaigns listed and having
> a price-tag assigned to them, made companies approach me directly asking
> for a different form of sponsoring the campaigns. So right now, there are 2
> campaigns that are being sponsored and they even got the companies to
> actively participate. So, I will not be doing all the work on my own but
> we’re splitting things up between me and the companies, making them become
> more involved in the project. This is good for me and for the Project.
>
> So, I think we need to do two things:
>
> * List individuals or companies willing to provide services around one
> of our projects
> * List possible features that could be implemented and assign some
> sort of measure to them (like developer-days needed to implement … I would
> strongly object adding prices, but having developer-days should be a
> dimension they can think in and sort of get an idea on what costs to expect)
>
>
> Also, would it be good, if we could establish some sort of standard for
> projects offering this sort of thing, so people get used to it. Similarly
> to “every project has a download page” we need awareness that there’s also
> a “commercial-support” (or whatever we call it) page and some sort of
> feature catalog.
>
> I do think there are ways how we can ensure income to solo developers or
> small companies and still stay in line with the ASF mission. And finding
> these paths is what I would like to do in the future.
>
> Chris
>
> From: Roman Shaposhnik <rv...@apache.org>
> Sent: Sonntag, 27. Februar 2022 23:06
> To: ComDev <de...@community.apache.org>; cdutz@apache.org
> Subject: Effective ways of getting individuals funded to work on ASF
> projects
>
> Hi!
>
> over the past couple of years there has been a number
> of efforts trying to figure out effective ways of getting funded
> for working on ASF projects as individuals and not employees
> at companies building on top of these projects.
>
> Chris's recent experience is but one of them:
> https://lists.apache.org/thread/momxgzzyq03lz54knvzhxm16r8j40vog
>
> My personal frustration with all these threads is that we never
> seem to arrive at any actionable suggestions for how developers
> like Chris can *easily* create these additional income streams.
>
> Rightfully, we at ASF basically say that it must be a 3d party issue
> to solve. It very much is. The problem is that doing so one one-off
> just perpetuates the logistical pain of setting up contracts, etc. etc.
> This creates a pretty significant barrier and, as Chris's experience
> would suggest it typically becomes too insurmountable for individual
> developers.
>
> Sure, there have been interesting attempts to "hack the system"
> and use things like GitCoin, BugMark and a few others to solve for
> this "how do we get back to our open source roots when individuals,
> not corporations were the economic agents around open source".
> But I honestly don't know of any of them becoming viable either.
> At least not so far.
>
> At the risk of tilting at windmills once again, I'd like to see if there's
> enough interest to take a crack at this problem yet again.
>
> And in the spirit of "hacking the system" I'd like to suggest that we
> focus on a 3d party solving it for us. In fact, I suggest we pick a
> very particular 3d party -- TideLift
>
> https://support.tidelift.com/hc/en-us/articles/4406293106324-Quickstart-guide
>
> Now, before you exclaim "who the heck appointed TideLift to solve it for
> us?"
> I'd be the first one to admit that I picked them because I know them
> really well and I do think they are the closest to giving us some of the
> answers.
> But above all, I'm suggesting we look at TideLift because they seem to
> be very much willing to work with us on actually changing their engagement
> model to fit our needs. IOW, it is not like their rules are cast in stone
> -- we can
> assume they are malleable. If anyone knows of a similar 3d party -- let's
> discuss
> that too.
>
> If, however, there's a general consensus about seriously looking
> at them as that 3d party -- I'd like to start collecting names of ASF
> developers (and PMCs) who would be willing to participate in
> a trial program with them of sorts and report back.
>
> If you have comments on anything above -- please reply in-thread.
>
> If you'd be interested in this trial -- you can either do that or just
> reply to me personally.
>
> Thanks,
> Roman.
>
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Martin Desruisseaux <ma...@geomatys.com>.
There is a small but relatively successful funding happening right now.
The Open Geospatial Consortium (OGC) is organizing a code sprint
conjointly with ASF and another open-source organization (OSGeo) [1].
For this code sprint, OGC and OSGeo solicited their sponsors, but ASF
could not (probably not the ASF way, and also geospatial may be too much
a niche domain at ASF). The collected money goes to participants [2].
This is small (10,000$ a few weeks ago, I do not know the amount today)
and only for short events, but this is the second year that this event
happens and if successful enough, it may continue to happen next years.
The advantage is that OGC takes in charge a lot of the burden of
organizing those events. I wonder if ASF should participate to the calls
for sponsors if such code sprints happen again, with some filtering for
bothering only those who have an interest in the target domain
(geospatial in this example).
Martin
[1]https://www.ogc.org/pressroom/pressreleases/4659
[2}https://t.co/zxoN70sKLF
RE: Effective ways of getting individuals funded to work on ASF projects
Posted by Christofer Dutz <ch...@c-ware.de>.
Hi Roman,
thanks for bringing this up here … I too want to help with exactly this. I tried starting a discussion on this on members@ but that sort of dried up and it felt a bit like a monologue or people simply telling me what didn’t work for them in the past and therefore I shouldn’t try on my own … but I keep on adding stuff in hope someone might be passively consuming.
For this, in 2021 I invested quite a bit of work, time and even money in scouting solutions.
I knew most things I tried, would not be successful, but I wanted to do them to see in which way they didn’t perform. And I’m glad I tried it. Because I did learn things, that I haven’t thought about before. So let me share this with you all. Not all things I learned will apply to all projects and all industries. My experience is greatly dominated by automation industry and my work on PLC4X.
So initially I tried offering paid consulting, training, and implementation work for PLC4X. This failed, mainly because the Automation industry is not used to this concept. At least the concept of individual contractors. Most companies use Perferred-Vendor approaches. This is the same in more classical IT-consulting consuming industries. The main difference however is that in the automation industry there are no proxy-companies as there are in the other parts of the industry, which individuals could use as proxies. In the past I have worked for numerous Banks by offering services through consulting companies that were listed as Preferred vendors. Usually even if a bank approached me directly, they then said: So, we’re going to take care of setting things up with company X, which is in our Preferred vendor-list, … This infrastructure is completely missing in the Automation sector.
In order to make it easier for potential customers to find people willing to help, we added:
https://plc4x.apache.org/users/commercial-support.html
To the Apache PLC4X website. This was a bit tricky to get right, but I think in the end we got it into a form that is in-line with the ASF and what we are allowed to do as a non-profit charity.
In parallel I took every chance to speak at conferences or publish in tech-magazines. However, our potential customers simply didn’t go to those conferences or read those magazines. The automation industry has industrial fairs instead of conferences and their magazines are all pay to play. So, you need to invest a lot of money to be noticed. This is 100% in conflict with the ASF’s mission, and I don’t really see any way how we can change this, unless companies are willing to sponsor Open-Source (and ASF) content or give us some space at industrial fairs. I definitely don’t see the ASF using it’s budget for that, unless it’s a targeted donation explicitly for this sort of thing.
I tried platforms like Github Sponsors (Where I must continuously keep on searching for how to find the page every time) https://github.com/sponsors/ … however this didn’t work at all. I think I had one sponsor for 2 or 3 months, but that was a friend from the ASF. The problem is that the industry is used to buying products and not to consuming services. Also, a donation is not targeted and doesn’t work well with industrial book-keeping.
I tried contacting companies like tidelift, but no matter what I did, I never got any response, but instead every time I got more spam wanting to tell me about how awesome open-source is (Yeah … tell me about it ;-) )
I tried setting up a crowd-funding platform. The problem with the existing ones was, that they are not made for sponsoring feature development for open-source projects. I didn’t want to invest more time in preparing marketing videos for a campaign that takes longer to prepare than to implement the feature. As I couldn’t find any, I decided to setup my own. As I’m lazy and my website was based on WordPress I used WP-Crowdfunding (https://www.themeum.com/product/wp-crowdfunding-plugin/) … but I knew I had to have this legally checked. So, I hired a lawyer to check what I was planning on doing (Which is quite tricky … not many lawyers seemed to be willing to do that, guess most are just concentrating on the usual stuff).
Turns out (at least in Germany) a classical crowdfunding is not possible. The problem is that if a campaign is not successful, you must pay back the invested money. Above that you are required by law to pay interest on that. This is where things start getting interesting: As soon as you pay interest, you offer bank-like services. And this requires you to run your business through BAFIN. Which is a HUGE amount of paperwork and probably even expensive. The only option I had, was to run it as a donation without any repayments.
Of course, this again brings up the problem that donations don’t go down well in corporate accounting. So, I wasn’t expecting much to happen on my new crowdfunding platform. But I thought: If this should happen to work, I would like to enable others to do the same, so I added a few bucks to the lawyer bill and had him prepare something that I was allowed to give to others to use (Sort of like “terms of service” with a permissive license). This: Having a lawyer check if crowdfunding is possible and if yes, in which way and having them prepare the “terms of service” cost quite a bit.
Unfortunately, I was right with the acceptance of this platform:
Not a single cent got paid into any of the campaigns I listed. The sums some of them list were simply test-data I intentionally left there when going online ;-).
But one thing I didn’t expect, was that having campaigns listed and having a price-tag assigned to them, made companies approach me directly asking for a different form of sponsoring the campaigns. So right now, there are 2 campaigns that are being sponsored and they even got the companies to actively participate. So, I will not be doing all the work on my own but we’re splitting things up between me and the companies, making them become more involved in the project. This is good for me and for the Project.
So, I think we need to do two things:
* List individuals or companies willing to provide services around one of our projects
* List possible features that could be implemented and assign some sort of measure to them (like developer-days needed to implement … I would strongly object adding prices, but having developer-days should be a dimension they can think in and sort of get an idea on what costs to expect)
Also, would it be good, if we could establish some sort of standard for projects offering this sort of thing, so people get used to it. Similarly to “every project has a download page” we need awareness that there’s also a “commercial-support” (or whatever we call it) page and some sort of feature catalog.
I do think there are ways how we can ensure income to solo developers or small companies and still stay in line with the ASF mission. And finding these paths is what I would like to do in the future.
Chris
From: Roman Shaposhnik <rv...@apache.org>
Sent: Sonntag, 27. Februar 2022 23:06
To: ComDev <de...@community.apache.org>; cdutz@apache.org
Subject: Effective ways of getting individuals funded to work on ASF projects
Hi!
over the past couple of years there has been a number
of efforts trying to figure out effective ways of getting funded
for working on ASF projects as individuals and not employees
at companies building on top of these projects.
Chris's recent experience is but one of them:
https://lists.apache.org/thread/momxgzzyq03lz54knvzhxm16r8j40vog
My personal frustration with all these threads is that we never
seem to arrive at any actionable suggestions for how developers
like Chris can *easily* create these additional income streams.
Rightfully, we at ASF basically say that it must be a 3d party issue
to solve. It very much is. The problem is that doing so one one-off
just perpetuates the logistical pain of setting up contracts, etc. etc.
This creates a pretty significant barrier and, as Chris's experience
would suggest it typically becomes too insurmountable for individual
developers.
Sure, there have been interesting attempts to "hack the system"
and use things like GitCoin, BugMark and a few others to solve for
this "how do we get back to our open source roots when individuals,
not corporations were the economic agents around open source".
But I honestly don't know of any of them becoming viable either.
At least not so far.
At the risk of tilting at windmills once again, I'd like to see if there's
enough interest to take a crack at this problem yet again.
And in the spirit of "hacking the system" I'd like to suggest that we
focus on a 3d party solving it for us. In fact, I suggest we pick a
very particular 3d party -- TideLift
https://support.tidelift.com/hc/en-us/articles/4406293106324-Quickstart-guide
Now, before you exclaim "who the heck appointed TideLift to solve it for us?"
I'd be the first one to admit that I picked them because I know them
really well and I do think they are the closest to giving us some of the answers.
But above all, I'm suggesting we look at TideLift because they seem to
be very much willing to work with us on actually changing their engagement
model to fit our needs. IOW, it is not like their rules are cast in stone -- we can
assume they are malleable. If anyone knows of a similar 3d party -- let's discuss
that too.
If, however, there's a general consensus about seriously looking
at them as that 3d party -- I'd like to start collecting names of ASF
developers (and PMCs) who would be willing to participate in
a trial program with them of sorts and report back.
If you have comments on anything above -- please reply in-thread.
If you'd be interested in this trial -- you can either do that or just reply to me personally.
Thanks,
Roman.
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Rob Tompkins <ch...@gmail.com>.
> On Feb 27, 2022, at 5:06 PM, Roman Shaposhnik <rv...@apache.org> wrote:
>
> Hi!
>
> over the past couple of years there has been a number
> of efforts trying to figure out effective ways of getting funded
> for working on ASF projects as individuals and not employees
> at companies building on top of these projects.
>
> Chris's recent experience is but one of them:
> https://lists.apache.org/thread/momxgzzyq03lz54knvzhxm16r8j40vog
>
> My personal frustration with all these threads is that we never
> seem to arrive at any actionable suggestions for how developers
> like Chris can *easily* create these additional income streams.
>
> Rightfully, we at ASF basically say that it must be a 3d party issue
> to solve. It very much is. The problem is that doing so one one-off
> just perpetuates the logistical pain of setting up contracts, etc. etc.
> This creates a pretty significant barrier and, as Chris's experience
> would suggest it typically becomes too insurmountable for individual
> developers.
I whole heartedly agree that this is indeed a problem. During my tenure at Capital One I repeatedly got poor reviews for making contributions to the ASF, even though I had gone through their trusted contributor program. It’s almost as if I had to hide my open source contributions from my employeer. I think this problem is far deeper and more systemic than people think it is at first sight.
-Rob
>
> Sure, there have been interesting attempts to "hack the system"
> and use things like GitCoin, BugMark and a few others to solve for
> this "how do we get back to our open source roots when individuals,
> not corporations were the economic agents around open source".
> But I honestly don't know of any of them becoming viable either.
> At least not so far.
>
> At the risk of tilting at windmills once again, I'd like to see if there's
> enough interest to take a crack at this problem yet again.
>
> And in the spirit of "hacking the system" I'd like to suggest that we
> focus on a 3d party solving it for us. In fact, I suggest we pick a
> very particular 3d party -- TideLift
>
> https://support.tidelift.com/hc/en-us/articles/4406293106324-Quickstart-guide
>
> Now, before you exclaim "who the heck appointed TideLift to solve it for
> us?"
> I'd be the first one to admit that I picked them because I know them
> really well and I do think they are the closest to giving us some of the
> answers.
> But above all, I'm suggesting we look at TideLift because they seem to
> be very much willing to work with us on actually changing their engagement
> model to fit our needs. IOW, it is not like their rules are cast in stone
> -- we can
> assume they are malleable. If anyone knows of a similar 3d party -- let's
> discuss
> that too.
>
> If, however, there's a general consensus about seriously looking
> at them as that 3d party -- I'd like to start collecting names of ASF
> developers (and PMCs) who would be willing to participate in
> a trial program with them of sorts and report back.
>
> If you have comments on anything above -- please reply in-thread.
>
> If you'd be interested in this trial -- you can either do that or just
> reply to me personally.
>
> Thanks,
> Roman.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Joshua Simmons <jo...@tidelift.com>.
Hi folks, Josh here with my Tidelift hat on. (I wear many hats, as some of
you know!) I want to be extremely respectful of the discourse y'all are
having here, and so will be sparing in my engagement.
The conversations that played out after I reached out to Apache Log4j
PMC–across Legal, ComDev, and Fundraising in January and February–were
extremely edifying. We found at least one area where Tidelift _does_ need
to adjust course in order to square with ASF policy, and other areas of
concern that are very worthy of discussion.
Having had those conversations, I've taken some time to prepare a brief
document (attached) that provides more background on Tidelift, and attempts
to summarize the concerns that have been raised. (I welcome corrections if
I got anything wrong, and will gladly evolve the doc to include other
salient points that come up.)
The most important thing for me, as both a member of open source
communities and as an employee of Tidelift, is that we address systemic
resource disparities in open source in a manner that amplifies the best
qualities of open source and in line with the spirit of open source.
Solving the resource problem in a way that properly rises to the challenge
requires open dialog and a collective spirit of problem solving, across
many different types of stakeholders–including critical foundations like
the ASF.
All that is to say: Tidelift is not here to offer an inflexible path to
solving these problems, nor are we here claiming to be the end-all-be-all.
Rather, we are here to learn how to work with individual community members
and align with ASF policy, to come up with creative solutions, and to make
open source work better for everyone.
I'll be happy to answer any questions that folks have, but otherwise will
mostly focus my energy on listening and learning.
With gratitude,
Josh
Josh Simmons (he/they), Sr. Ecosystem Strategy Lead @ Tidelift
<https://tidelift.com/>
@joshsimmons <https://twitter.com/joshsimmons> | joshua.simmons@tidelift.com
| bluesomewhere on IRC
TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar
ad astra per aspera 🚀
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Ted Dunning <td...@apache.org>.
I was in the peanut gallery when Tidelift approached the logging project.
To me, it looked like Tidelift wanted fairly significant service level guarantees for a very low cost and then wanted to monetize their position of having such guarantees.
Aside from whether or not the details were right, the overall shape seemed wrong to me. Long on guarantees and indemnification by the individuals signing on and short on benefits to the individuals or the project.
On 2022/02/27 22:11:26 Gary Gregory wrote:
> We just went through this with Log4j and decided that the Tidelift model
> was not compatible with Apache. Hopefully someone on our PMC can provide a
> recap.
>
> Gary
>
> On Sun, Feb 27, 2022, 17:06 Roman Shaposhnik <rv...@apache.org> wrote:
>
> > Hi!
> >
> > over the past couple of years there has been a number
> > of efforts trying to figure out effective ways of getting funded
> > for working on ASF projects as individuals and not employees
> > at companies building on top of these projects.
> >
> > Chris's recent experience is but one of them:
> > https://lists.apache.org/thread/momxgzzyq03lz54knvzhxm16r8j40vog
> >
> > My personal frustration with all these threads is that we never
> > seem to arrive at any actionable suggestions for how developers
> > like Chris can *easily* create these additional income streams.
> >
> > Rightfully, we at ASF basically say that it must be a 3d party issue
> > to solve. It very much is. The problem is that doing so one one-off
> > just perpetuates the logistical pain of setting up contracts, etc. etc.
> > This creates a pretty significant barrier and, as Chris's experience
> > would suggest it typically becomes too insurmountable for individual
> > developers.
> >
> > Sure, there have been interesting attempts to "hack the system"
> > and use things like GitCoin, BugMark and a few others to solve for
> > this "how do we get back to our open source roots when individuals,
> > not corporations were the economic agents around open source".
> > But I honestly don't know of any of them becoming viable either.
> > At least not so far.
> >
> > At the risk of tilting at windmills once again, I'd like to see if there's
> > enough interest to take a crack at this problem yet again.
> >
> > And in the spirit of "hacking the system" I'd like to suggest that we
> > focus on a 3d party solving it for us. In fact, I suggest we pick a
> > very particular 3d party -- TideLift
> >
> >
> > https://support.tidelift.com/hc/en-us/articles/4406293106324-Quickstart-guide
> >
> > Now, before you exclaim "who the heck appointed TideLift to solve it for
> > us?"
> > I'd be the first one to admit that I picked them because I know them
> > really well and I do think they are the closest to giving us some of the
> > answers.
> > But above all, I'm suggesting we look at TideLift because they seem to
> > be very much willing to work with us on actually changing their engagement
> > model to fit our needs. IOW, it is not like their rules are cast in stone
> > -- we can
> > assume they are malleable. If anyone knows of a similar 3d party -- let's
> > discuss
> > that too.
> >
> > If, however, there's a general consensus about seriously looking
> > at them as that 3d party -- I'd like to start collecting names of ASF
> > developers (and PMCs) who would be willing to participate in
> > a trial program with them of sorts and report back.
> >
> > If you have comments on anything above -- please reply in-thread.
> >
> > If you'd be interested in this trial -- you can either do that or just
> > reply to me personally.
> >
> > Thanks,
> > Roman.
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Jarek Potiuk <ja...@potiuk.com>.
I am extremely interested in this and I very much support the effort that
Roman describes. But I do think Tidelift is not necessarily a good (and
quite for sure not the only) solution.
I think their interest is a bit separated from ASF one. They mostly want to
promote their service to get the cut of the payments (this is what I see).
Maybe not even the payments they get through ASF but to get popularity and
get the cut later. This is fine as a business model. But I am not sure ASF
should endorse it. There should be - at most - a range of solutions that
ASF can say "you are free to use". I think the "popularity" of a service
should come from the corporate users wanting to use them as
"intermediaries". Those services should be really a solution to make it
easier (and trusted) to get money transferred between parties. And there
might be many of those.
I am currently an independent OSS contributor and get the money from the
stakeholders in various ways - direct contracts and using the preferred
mechanism of my customers (or "stakeholders"). I use various
"intermediaries":
* SAP Ariba - for Google
* https://www.letsdeel.com/ - for Astronomer
* Github Sponsors - for Amazon and others (some of them in advance
discussions)
There is an initial overhead to set it up, but once it's set-up it's easy
to fulfill all the "bureaucratic" stuff on a regular basis. That's what
they promise and deliver. Those platforms provide invoicing and money
transfer mechanisms and charge very, very little for it (compared to
setting up the legal relationship). What is really important and takes a
lot of the time and effort and money is to have contracts with those
parties that protect my freedom and independence as OSS contributor for ASF
projects as well as becoming a valuable party for my partners.
I am lucky enough to be able to negotiate "independence" but also have
enough resources/contracts/stamina/negotiating power to have my lawyers (in
Poland and Slovakia where I have my second business entity) and enough
income to be able to spend a substantial amount of money on setting this
up. I am also lucky to have friendly and competent lawyers that became my
friends over time, not only business partners. I've involved my lawyers in
all the contract discussions and I have some templates but many of the
contributors do not have this freedom/capabilities.
I think some "standards", "policies", "allowed clauses", "templates" might
be of a great help to the committers who just want to "do the stuff" and
don't have enough resources. Happy to help - for starting to share my
contract templates if that might help others.
But those are just technicalities, and I have a much more important comment.
There is - of course - a completely different story. But what is really
important is how to build the relationship, how to find those who will pay
for your job and convince them to do so. But I am afraid none of
Tidelift's or other platforms can help with it. Personal reputation in the
project, building it, spending time, being vocal about it, self-promotion,
speaking, being present is the only way to get people to want you to pay
for your job and none of the platforms can help with it when personal
effort is not spent on "selling" your work. There are no shortcuts for
that. Thinking that when you do a good job, you will be noticed, is
wishful thinking IMHO. If you want success, you need to act beyond doing a
good IT job. And I think possibly making people aware of that and teaching
them how not only to do a good job but also sell it is a way to go.
That's one thing I've learned over the many years in the industry - if you
do a bad job. then selling it is hard. If you do a good job, selling is
easy - but if you won't do it yourself - no-one will do it for you. There
is no-one else but you who can sell your job and you need to learn how to
do it. But many people in our industry do not realise that. I think some
kind of awareness, sharing experience, and providing guidelines to people
who want to earn on open-source contributions (in a very good sense of it)
is something that IMHO ASF can help with (and happy to help with it too - I
am thinking on the next talk "how to make living on contributing to OSS"
talk at Apache Con for one).
Maybe in ASF we should focus on teaching our people to sell the great job
they are doing and not be afraid of it.
J.
On Sun, Feb 27, 2022 at 11:17 PM Roman Shaposhnik <ro...@shaposhnik.org>
wrote:
> On Sun, Feb 27, 2022 at 11:11 PM Gary Gregory <ga...@gmail.com>
> wrote:
>
> > We just went through this with Log4j and decided that the Tidelift model
> > was not compatible with Apache. Hopefully someone on our PMC can provide
> a
> > recap.
> >
>
> Please correct me if I'm wrong, but as I remember there wasn't any attempt
> to work with TideLift on changing the engagement model on their end,
> was there?
> This time I'm suggesting that we work together with TideLift to come up
> with the new rules (or to agree -- together -- that no such rules exist).
>
> Basically, the exercise I'm suggesting is different.
>
> Still, the kind of recap you have in mind would be super useful.
>
> Thanks,
> Roman.
>
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Roman Shaposhnik <ro...@shaposhnik.org>.
On Sun, Feb 27, 2022 at 11:11 PM Gary Gregory <ga...@gmail.com>
wrote:
> We just went through this with Log4j and decided that the Tidelift model
> was not compatible with Apache. Hopefully someone on our PMC can provide a
> recap.
>
Please correct me if I'm wrong, but as I remember there wasn't any attempt
to work with TideLift on changing the engagement model on their end,
was there?
This time I'm suggesting that we work together with TideLift to come up
with the new rules (or to agree -- together -- that no such rules exist).
Basically, the exercise I'm suggesting is different.
Still, the kind of recap you have in mind would be super useful.
Thanks,
Roman.
Re: Effective ways of getting individuals funded to work on ASF projects
Posted by Gary Gregory <ga...@gmail.com>.
We just went through this with Log4j and decided that the Tidelift model
was not compatible with Apache. Hopefully someone on our PMC can provide a
recap.
Gary
On Sun, Feb 27, 2022, 17:06 Roman Shaposhnik <rv...@apache.org> wrote:
> Hi!
>
> over the past couple of years there has been a number
> of efforts trying to figure out effective ways of getting funded
> for working on ASF projects as individuals and not employees
> at companies building on top of these projects.
>
> Chris's recent experience is but one of them:
> https://lists.apache.org/thread/momxgzzyq03lz54knvzhxm16r8j40vog
>
> My personal frustration with all these threads is that we never
> seem to arrive at any actionable suggestions for how developers
> like Chris can *easily* create these additional income streams.
>
> Rightfully, we at ASF basically say that it must be a 3d party issue
> to solve. It very much is. The problem is that doing so one one-off
> just perpetuates the logistical pain of setting up contracts, etc. etc.
> This creates a pretty significant barrier and, as Chris's experience
> would suggest it typically becomes too insurmountable for individual
> developers.
>
> Sure, there have been interesting attempts to "hack the system"
> and use things like GitCoin, BugMark and a few others to solve for
> this "how do we get back to our open source roots when individuals,
> not corporations were the economic agents around open source".
> But I honestly don't know of any of them becoming viable either.
> At least not so far.
>
> At the risk of tilting at windmills once again, I'd like to see if there's
> enough interest to take a crack at this problem yet again.
>
> And in the spirit of "hacking the system" I'd like to suggest that we
> focus on a 3d party solving it for us. In fact, I suggest we pick a
> very particular 3d party -- TideLift
>
>
> https://support.tidelift.com/hc/en-us/articles/4406293106324-Quickstart-guide
>
> Now, before you exclaim "who the heck appointed TideLift to solve it for
> us?"
> I'd be the first one to admit that I picked them because I know them
> really well and I do think they are the closest to giving us some of the
> answers.
> But above all, I'm suggesting we look at TideLift because they seem to
> be very much willing to work with us on actually changing their engagement
> model to fit our needs. IOW, it is not like their rules are cast in stone
> -- we can
> assume they are malleable. If anyone knows of a similar 3d party -- let's
> discuss
> that too.
>
> If, however, there's a general consensus about seriously looking
> at them as that 3d party -- I'd like to start collecting names of ASF
> developers (and PMCs) who would be willing to participate in
> a trial program with them of sorts and report back.
>
> If you have comments on anything above -- please reply in-thread.
>
> If you'd be interested in this trial -- you can either do that or just
> reply to me personally.
>
> Thanks,
> Roman.
>