Are we still talking about supporting open source maintainers? I hope so, because I wrote about a more holistic solution than giving everyone a patreon or whatever.https://jenniferplusplus.com/the-free-software-commons/
-
@jenniferplusplus (loooooots of non-toot length nuance here, to be clear; eg you can conceptualize all of open as several layers of nested/polycentric commons, and we should think a lot harder about treating eg language ecosystems as commons both for governance and economic purposes, especially in the face of AI harvesting of code. But fundamentally individual packages with solo maintainers are difficult to shoehorn into the commons framework.)
-
@jenniferplusplus doesn’t directly touch on your post but you might find this interesting https://blog.tidelift.com/resilient-open-commons
-
Jenniferplusplusreplied to Luis Villa on last edited by
@luis_in_brief You have to take a fairly narrow view of what a foss project and maintenance are in order to conclude it's a one-person affair. The median foss project did not draft their own license text. They depend on numerous other foss projects. They implement specs and standards defined by other people. The sum total of that and more is what makes this a commons, and not a collection of solo charity projects.
-
Jenniferplusplusreplied to Luis Villa on last edited by
@luis_in_brief That is interesting, yes. And you're right that a solo project may not constitute it's own commons. But it very well could be part of one or more of those myriad layered commons.
You seem to be saying that the lack of existing governance excludes these things from a commons framework. I'm saying that makes them a nascent and vulnerable commons that needs to figure out some governance.
-
Luis Villareplied to Jenniferplusplus on last edited by
@jenniferplusplus I’m saying that one person, on their own, is a really ill fit for the entire notion of governance and commons, especially when they’re already struggling for time. The richness of the Ostromian commons model comes in part from the interhuman interactions; having those commitments to a void, or to hypothetical future participants, is a lot to ask in practice.
-
@jenniferplusplus But I am about to jump into four hours of meetings and then two weeks of travel, so want to stress that we’re probably about 95% agreed here.
-
Jenniferplusplusreplied to Luis Villa on last edited by
@luis_in_brief Probably. My view is not that this is something that overburdened solo maintainer owes to everyone else. It's that this is something everyone else* owes** to them, and that service has been lacking. Which is an important part of why they're so overburdened in the first place.
*for some definition of everyone
**not owes exactly, but toot's are only so long -
Stephen Weberreplied to Jenniferplusplus on last edited by
@jenniferplusplus @luis_in_brief I think licenses is a great example of how an individual can borrow governance.
Many times the kind of governance we're talking about is embodied in tooling: how contributors are onboarded, how issues are tracked, how contributions are vetted, how patches get back-ported.
Tools are not everything, and they're highly susceptible to the kind of vendor-takeover that Jennifer talks about. And they don't have to be complex, they can be like license files.
-
Marco 🌳 Zoccareplied to Jenniferplusplus on last edited by
@jenniferplusplus @luis_in_brief I think that as soon as a "solo" OSS project is depended upon by at least another project, that's a commons. And this can be measured and socialized in turn.
-
Jenniferplusplusreplied to Marco 🌳 Zocca on last edited by
@ocramz @luis_in_brief I wouldn't suggest trying to draw bright lines around what project is it isn't a commons in its own right. Luis described things up thread as a multilayered polycentric commons. I think that's much more useful. Projects are components of a big poly-commons. That's plenty to guide large scale action. Local scale action definitionally must be locally managed
-
corbeaucryptoreplied to Jenniferplusplus on last edited by
@jenniferplusplus Hey - that's a great article. Thanks for writing it and sharing it! Couple of observations and questions. When I consider non-digital commons, I imagine fish or trees for example. Usually there's licensure and quotas associated. Hard to put a quota on usage without changing the game considerably. So the idea of contributing back seems like a good place to start. Am I missing a larger perspective here?
Do you see that integrating with SBOM practices? Do you think there should be some governance around deployments? For example - I am thinking of that famous ticket MS put in for VLC support for, what I believe, was videos in Teams? I'm afraid I've (collectively we've) paid more out in supporting open source developers than many vendors who amass great wealth without contributing back. Not mad at that. Just not really sustainable without something feeding back into the system.
-
Jenniferplusplusreplied to corbeaucrypto on last edited by
@corbeaucrypto The limited resource in the foss commons is maintainer's time and attention. If a large corporation takes a dependency on a package and never has another interaction, that really hasn't depleted anything, and that's not really what needs to be monitored and managed.
OTOH, if that same corp comes back 6 months later and starts demanding an SBOM, *that* is extractive, and should likely be seen as violating the rules of the commons.