Are we still talking about supporting open source maintainers? I hope so, because I wrote about a more holistic solution than giving everyone a patreon or whatever.https://jenniferplusplus.com/the-free-software-commons/
-
Are we still talking about supporting open source maintainers? I hope so, because I wrote about a more holistic solution than giving everyone a patreon or whatever.
The free software commons
Free and open source software has become a modern commons, but now it's vulnerable. Freedom isn't sufficient to secure it for the future.
Jennifer++ (jenniferplusplus.com)
-
Jenniferplusplusreplied to Jenniferplusplus on last edited by
The toot length version goes like this
Open source is a public, common resource. Anyone can contribute, and everyone benefits
That makes it a "commons", or perhaps many commons
Commons need long term organized care to sustain them. That's called governance
The governance of the open source commons has been neglected for a long time, and that burden falls on maintainers
What if we didn't do that?The free software commons
Free and open source software has become a modern commons, but now it's vulnerable. Freedom isn't sufficient to secure it for the future.
Jennifer++ (jenniferplusplus.com)
-
Jenniferplusplusreplied to Jenniferplusplus on last edited by
We should definitely also pay maintainers. Maintainers should be compensated for their work. But we need both. All the visions to *just* pay maintainers don't sound like compensation for work they're already doing. It sounds like paying to control that work, and demand additional reporting and compliance work on top that is of no benefit to the maintainer.
-
Luis Villareplied to Jenniferplusplus on last edited by
@jenniferplusplus I have a lot of thoughts I can’t get out this morning, because time, but the tldr is that Ostromian commons are communally maintained, but the median FOSS project is maintained by one person. So, yes, I’m all for working more on commons governance[1], but it is only tangentially relevant for most open source.
[1] For large projects you can’t pay anyone until the commons governance problems are solved, which is part of why we don’t do big projects very much at Tidelift.
-
@jenniferplusplus (loooooots of non-toot length nuance here, to be clear; eg you can conceptualize all of open as several layers of nested/polycentric commons, and we should think a lot harder about treating eg language ecosystems as commons both for governance and economic purposes, especially in the face of AI harvesting of code. But fundamentally individual packages with solo maintainers are difficult to shoehorn into the commons framework.)
-
@jenniferplusplus doesn’t directly touch on your post but you might find this interesting https://blog.tidelift.com/resilient-open-commons
-
Jenniferplusplusreplied to Luis Villa on last edited by
@luis_in_brief You have to take a fairly narrow view of what a foss project and maintenance are in order to conclude it's a one-person affair. The median foss project did not draft their own license text. They depend on numerous other foss projects. They implement specs and standards defined by other people. The sum total of that and more is what makes this a commons, and not a collection of solo charity projects.
-
Jenniferplusplusreplied to Luis Villa on last edited by
@luis_in_brief That is interesting, yes. And you're right that a solo project may not constitute it's own commons. But it very well could be part of one or more of those myriad layered commons.
You seem to be saying that the lack of existing governance excludes these things from a commons framework. I'm saying that makes them a nascent and vulnerable commons that needs to figure out some governance.
-
Luis Villareplied to Jenniferplusplus on last edited by
@jenniferplusplus I’m saying that one person, on their own, is a really ill fit for the entire notion of governance and commons, especially when they’re already struggling for time. The richness of the Ostromian commons model comes in part from the interhuman interactions; having those commitments to a void, or to hypothetical future participants, is a lot to ask in practice.
-
@jenniferplusplus But I am about to jump into four hours of meetings and then two weeks of travel, so want to stress that we’re probably about 95% agreed here.
-
Jenniferplusplusreplied to Luis Villa on last edited by
@luis_in_brief Probably. My view is not that this is something that overburdened solo maintainer owes to everyone else. It's that this is something everyone else* owes** to them, and that service has been lacking. Which is an important part of why they're so overburdened in the first place.
*for some definition of everyone
**not owes exactly, but toot's are only so long -
Stephen Weberreplied to Jenniferplusplus on last edited by
@jenniferplusplus @luis_in_brief I think licenses is a great example of how an individual can borrow governance.
Many times the kind of governance we're talking about is embodied in tooling: how contributors are onboarded, how issues are tracked, how contributions are vetted, how patches get back-ported.
Tools are not everything, and they're highly susceptible to the kind of vendor-takeover that Jennifer talks about. And they don't have to be complex, they can be like license files.
-
Marco 🌳 Zoccareplied to Jenniferplusplus on last edited by
@jenniferplusplus @luis_in_brief I think that as soon as a "solo" OSS project is depended upon by at least another project, that's a commons. And this can be measured and socialized in turn.
-
Jenniferplusplusreplied to Marco 🌳 Zocca on last edited by
@ocramz @luis_in_brief I wouldn't suggest trying to draw bright lines around what project is it isn't a commons in its own right. Luis described things up thread as a multilayered polycentric commons. I think that's much more useful. Projects are components of a big poly-commons. That's plenty to guide large scale action. Local scale action definitionally must be locally managed
-
corbeaucryptoreplied to Jenniferplusplus on last edited by
@jenniferplusplus Hey - that's a great article. Thanks for writing it and sharing it! Couple of observations and questions. When I consider non-digital commons, I imagine fish or trees for example. Usually there's licensure and quotas associated. Hard to put a quota on usage without changing the game considerably. So the idea of contributing back seems like a good place to start. Am I missing a larger perspective here?
Do you see that integrating with SBOM practices? Do you think there should be some governance around deployments? For example - I am thinking of that famous ticket MS put in for VLC support for, what I believe, was videos in Teams? I'm afraid I've (collectively we've) paid more out in supporting open source developers than many vendors who amass great wealth without contributing back. Not mad at that. Just not really sustainable without something feeding back into the system.
-
Jenniferplusplusreplied to corbeaucrypto on last edited by
@corbeaucrypto The limited resource in the foss commons is maintainer's time and attention. If a large corporation takes a dependency on a package and never has another interaction, that really hasn't depleted anything, and that's not really what needs to be monitored and managed.
OTOH, if that same corp comes back 6 months later and starts demanding an SBOM, *that* is extractive, and should likely be seen as violating the rules of the commons.
-
@jenniferplusplus Open Source is not a commons, because increased use doesn't diminish it, in fact, it makes it even better. And no, we don't need more bureaucracy, thank you very much.
-
@deshipu read the post
-
@jenniferplusplus I have read it, I wouldn't be commenting otherwise. You are suggesting that introducing bureaucracy would help, and alleging to how it helps solve the "tragedy of the commons" problem. But open source communities don't have such a problem, they are not competing, and they are not limited by a physical resource that can be depleted and that would require maintenance by a governing body to protect it from devastation. And it would be useless for the problems you mention.