I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
-
I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
Basically, connecting a blockchain based funding system to a Software Bill of Materials (SBOM) to fund not just the sexy top project, but also the underlying libraries. Aka when you donate to or pay for a project, it would automatically donate to its dependencies as well (like the random person in Nebraska).
What do we think, #fediverse?
-
I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
Basically, connecting a blockchain based funding system to a Software Bill of Materials (SBOM) to fund not just the sexy top project, but also the underlying libraries. Aka when you donate to or pay for a project, it would automatically donate to its dependencies as well (like the random person in Nebraska).
What do we think, #fediverse?
@Gina@fosstodon.org @ethereumfoundation@mastodon.social the question, as always when it comes to blockchains is, why does this require a blockchain?
-
@Gina@fosstodon.org @ethereumfoundation@mastodon.social the question, as always when it comes to blockchains is, why does this require a blockchain?
@projectmoon @ethereumfoundation I'm guessing because of the smart contract element and because it's cheaper.
I'm not sure, I'm in no way a blockchain expert. Also not sure how it would work with or without blockchain.
-
I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
Basically, connecting a blockchain based funding system to a Software Bill of Materials (SBOM) to fund not just the sexy top project, but also the underlying libraries. Aka when you donate to or pay for a project, it would automatically donate to its dependencies as well (like the random person in Nebraska).
What do we think, #fediverse?
@Gina @ethereumfoundation
My feeling is, "blockchain" strongly implies it's a grift, not above-board. -
@projectmoon @ethereumfoundation I'm guessing because of the smart contract element and because it's cheaper.
I'm not sure, I'm in no way a blockchain expert. Also not sure how it would work with or without blockchain.
@Gina@fosstodon.org @ethereumfoundation@mastodon.social don't know about the cost, but can't you just basically parse the dependency list and go hunting for liberapay accounts from the dep's readme? lol
-
I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
Basically, connecting a blockchain based funding system to a Software Bill of Materials (SBOM) to fund not just the sexy top project, but also the underlying libraries. Aka when you donate to or pay for a project, it would automatically donate to its dependencies as well (like the random person in Nebraska).
What do we think, #fediverse?
@Gina Generally, the idea of a donation hitting a bill of materials so the underlying tools get funded seems like a good idea. Doing it through the blockchain feels like a scam.
-
I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
Basically, connecting a blockchain based funding system to a Software Bill of Materials (SBOM) to fund not just the sexy top project, but also the underlying libraries. Aka when you donate to or pay for a project, it would automatically donate to its dependencies as well (like the random person in Nebraska).
What do we think, #fediverse?
@Gina my initial thought is that because this is presumably using blockchain tech, it likely won't be great for the planet, so I'd not want it on that basis
-
I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
Basically, connecting a blockchain based funding system to a Software Bill of Materials (SBOM) to fund not just the sexy top project, but also the underlying libraries. Aka when you donate to or pay for a project, it would automatically donate to its dependencies as well (like the random person in Nebraska).
What do we think, #fediverse?
@Gina I like the concept, not the idea.
1. No part of this proposal needs a blockchain or Ethereum. Proposing this idea is a marketing effort by stapling an attractive idea to the side of an unattractive one.
2. Deriving a contribution-splitting model from an SBOM is interestingly difficult! Even more so if you try to walk a dependency tree instead of a flat list. How are contributions split? Equally among dependencies? Does every library dependency contribute equal value? To whom?
1/2
-
I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
Basically, connecting a blockchain based funding system to a Software Bill of Materials (SBOM) to fund not just the sexy top project, but also the underlying libraries. Aka when you donate to or pay for a project, it would automatically donate to its dependencies as well (like the random person in Nebraska).
What do we think, #fediverse?
@Gina My main question would be why they think their approach would work better than what Tidelift does (this is not taking a position on whether or not what Tidelift does is particularly effective at improving open source sustainability, it's just the main existing instance of a comparable concept that I am aware of)
-
@Gina My main question would be why they think their approach would work better than what Tidelift does (this is not taking a position on whether or not what Tidelift does is particularly effective at improving open source sustainability, it's just the main existing instance of a comparable concept that I am aware of)
@ancoghlan I wasn't familiar with Tidelift yet, will look into them now, thanks!
-
@Gina I like the concept, not the idea.
1. No part of this proposal needs a blockchain or Ethereum. Proposing this idea is a marketing effort by stapling an attractive idea to the side of an unattractive one.
2. Deriving a contribution-splitting model from an SBOM is interestingly difficult! Even more so if you try to walk a dependency tree instead of a flat list. How are contributions split? Equally among dependencies? Does every library dependency contribute equal value? To whom?
1/2
@Gina presumably that "value to whom?" question is where smart contacts come in, allowing users to express their personal policy about distribution across SBOMs or dependency trees.
But the mechanism for expressing that policy doesn't exist. Will users write their own smart contracts for each project? They'll need more insight into program construction than the developers to make those decisions! The idea doesn't pass muster.
Let projects support their own dependencies. No blockchain.
2/2
-
I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
Basically, connecting a blockchain based funding system to a Software Bill of Materials (SBOM) to fund not just the sexy top project, but also the underlying libraries. Aka when you donate to or pay for a project, it would automatically donate to its dependencies as well (like the random person in Nebraska).
What do we think, #fediverse?
@Gina @ethereumfoundation I get the idea, but there are so many strange problems folded into it. E.g. how do you distribute the money?
E.g. if you have a node application and you have a dependency like expressjs (a full webserver thingy) and the "isEven" package, do both get the same amount of money? Do you set percentages?
And the questions with all things Blockchain:
1. How does it become real money again?
2. What happens with unclaimed dependencies?
3. How does it attract attackers? -
I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
Basically, connecting a blockchain based funding system to a Software Bill of Materials (SBOM) to fund not just the sexy top project, but also the underlying libraries. Aka when you donate to or pay for a project, it would automatically donate to its dependencies as well (like the random person in Nebraska).
What do we think, #fediverse?
I have a gut feeling that this might be trying to wedge a blockchain into something where no blockchain is needed.
But if there is a way for going beyond individual developers / projects asking donations, and Tidelift in the more corporate space, excellent!
-
I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
Basically, connecting a blockchain based funding system to a Software Bill of Materials (SBOM) to fund not just the sexy top project, but also the underlying libraries. Aka when you donate to or pay for a project, it would automatically donate to its dependencies as well (like the random person in Nebraska).
What do we think, #fediverse?
@Gina @ethereumfoundation
Iβd say this seems like a legitimate blockchain use case. open source maintainers are globally distributed across jurisdictions/countries.automatic dependency splits across hundreds of recipients with no trusted intermediary is genuinely hard to replicate with traditional payment rails.
Using mandate-generated SBOM data as the funding graph is elegant. The hard unsolved piece is the SBOM to wallet mapping, but that's an identity problem, not a blockchain problem.
-
I have a gut feeling that this might be trying to wedge a blockchain into something where no blockchain is needed.
But if there is a way for going beyond individual developers / projects asking donations, and Tidelift in the more corporate space, excellent!
-
I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
Basically, connecting a blockchain based funding system to a Software Bill of Materials (SBOM) to fund not just the sexy top project, but also the underlying libraries. Aka when you donate to or pay for a project, it would automatically donate to its dependencies as well (like the random person in Nebraska).
What do we think, #fediverse?
@Gina @ethereumfoundation you lost me at blockchain.
-
I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
Basically, connecting a blockchain based funding system to a Software Bill of Materials (SBOM) to fund not just the sexy top project, but also the underlying libraries. Aka when you donate to or pay for a project, it would automatically donate to its dependencies as well (like the random person in Nebraska).
What do we think, #fediverse?
@Gina @ethereumfoundation based on my knowledge of the history of music royalties, a well-meaning system won by a massive labor organizing effort, I am extremely skeptical of this idea being effective in practice. There are too many ways to game complicated systems like this and it ends up benefitting the people who have the resources to understand all the complicated pieces (in this case, coders)
-
I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
Basically, connecting a blockchain based funding system to a Software Bill of Materials (SBOM) to fund not just the sexy top project, but also the underlying libraries. Aka when you donate to or pay for a project, it would automatically donate to its dependencies as well (like the random person in Nebraska).
What do we think, #fediverse?
@Gina @ethereumfoundation Sounds like a good use case for smart contracts. Theoretically it would allow anyone donating to a project to know how the funds get split. Practically, per transaction fees are extremely volatile, but apparently cheap now. Most people wouldn't know how to decipher a smart contact and even people who should know have been scammed in the past.
-
I had such an interesting call today with someone from @ethereumfoundation about funding the #opensource ecosystem.
Basically, connecting a blockchain based funding system to a Software Bill of Materials (SBOM) to fund not just the sexy top project, but also the underlying libraries. Aka when you donate to or pay for a project, it would automatically donate to its dependencies as well (like the random person in Nebraska).
What do we think, #fediverse?
@Gina blockchain no thanks
-
Doesn't paint Cloudflare as a raging behemoth destroying privacy, torturing innocents, and ruining everything at any costs so they can have complete control.\
CC: @neil@mastodon.neilzone.co.uk @Gina@fosstodon.org
