Funding software supply chains



All timestamps are based on your local time of:

Posted by: stak
Tags: mozilla
Posted on: 2022-01-10 09:48:19

An author of popular free software packages intentionally inserted infinite loops into his code to break downstream users, as a form of protest. It's not the first time this sort of thing has happened, and it won't be the last. In this particular case I would say that both primary parties are in the wrong.

To the author: if you make your software freely available, obviously people are going to use it without paying for it. Why would you expect anything else?

To the users: if you use some random piece of software in your code without verifying it and just keep blindly updating it, obviously stuff like this is going to happen. Why would you expect anything else?

To me it seems like there's no strongly defined interface here, on either side. So you have to be prepared to accept any kind of behavior from the other party. What's surprising is that this doesn't happen more frequently.

What I would like to see is some mechanism for a formal "pay what you can" style of money transfer. As an author of various open source packages, I do it mostly for personal pleasure, but I also wouldn't be opposed to getting money from those that profit from the work. This is not my primary concern, but if it were easy to set up, why not? On the flip side, as a professional software developer working for a profitable company, I would love to be able to support the (large amounts of) open source work we rely on.

Approaches like Patreon are fine for "artisanal" stuff but they don't scale. What I want to be able to do is take a budget of any amount, say $1m and distribute it programmatically across the free software projects that we use. Ideally with most of it actually going to the project as opposed to getting sucked into transaction fees or middlemen.

So here's a strawman proposal: open source projects that are accepting donations should include a DONATIONS.txt file in their source tree, similar to README.txt, that provides a machine-readable money transfer address. These files can be scraped, collated, and funded by any consumer of the project.

The hard part, of course, is the "machine-readable transfer address" part. Obviously cryptocurrency seems like a good fit for this problem. It's trivial to create a wallet and let it accumulate donations, and only go through the hassle of extracting the value in fiat if there's enough to be worthwhile. And it works at internet scale, that is to say, regardless of what geopolitical area of the world the parties are in.

For people opposed to cryptocurrencies: sure, there are good reasons to be sceptical. But I challenge you offer a viable alternative instead of shooting down this proposal merely on the grounds that it involves cryptocurrencies.

Posted by stak at 2022-01-10 10:51:37
Here's somebody already doing this: https://github.com/openfare/openfare
[ Reply to this ]

[ Add a new comment ]

 
 
(c) Kartikaya Gupta, 2004-2022. User comments owned by their respective posters. All rights reserved.
You are accessing this website via IPv4. Consider upgrading to IPv6!