Recently I gave a talk (and blog post) about the future of Open Source where I laid out the two biggest issues in the Open Source world today.
Skip straight to the end where I talk about the issues and the Open Source Pledge
The first big issue is developer sustainability and the second is the problem of corporate open source.
We addressed the issue of corporate open source here at GitButler by making our client Fair Source. Today we're doing our part to help tackle the other issue, that of developer sustainability, by joining the Open Source Pledge.
The idea of the Open Source Pledge is pretty simple. If you are paying full time developers to work on a product that depends on Open Source software, make an effort to figure out your dependencies and try to support those project's maintainers.
The guidelines of the pledge are to donate $2000 per full time developer that you employ to open source projects, organizations or maintainers.
Last year we had an average of 4 full time developers and donated $6k to the Tauri project and $2250 to the Svelte project for a total of $8250 or an average of $2062 per developer.
GitButler now has 5 full time developers, which works out to a future pledge of $10k per year. To make sure we're on track for reporting next year, we have set up the following recurring donations:
- $6000/year to the Tauri project via GitHub Sponsors
- $3000/year to the Svelte project via OpenCollective
- $1600/year to the rest of our dependency tree via Thanks.dev
We agree with Sentry and the other members of the pledge that we need to move towards a more sustainable open source ecosystem and this is a solid first step.
I hope that if you're a company that is likewise standing on the shoulders of all of this amazing Open Source software to build whatever it is that you're building, you'll join us in joining the Open Source Pledge or otherwise supporting the developers that you clearly depend on.
May the Source be with you!
Post Script
While that seemed like a good place to end our post, there are a few more things I want to point out while I have your attention, assuming you're interested in some nitty gritty.
While I think this pledge project is by far the most interesting initiative in this space and we were already donating close to the goal just out of the goodness of our dear little OSS loving hearts, we're really doing this to help kick the ball of what is needed here a little further down the field. I don't think this is quite the end game here.
I believe that we need a much more cohesive and easy to use platform and that there needs to be a much clearer ROI for the companies who do step up.
GitHub Sponsors is almost unusable for what we are trying to accomplish.
Yes, you can rather easily donate to a single organization, and yes, you can sort of see a list of the dependencies you have, but it's incredibly difficult to do what we really want to do here:
- Figure out who maintains the software you depend on
- Figure out which of those maintainers want or need sponsorship
- Determine who should receive what, given a budget
- Establish a relationship of some sort between these parties
GitHub's current solution to bulk sponsorship is to download a CSV from one page and then upload that same CSV to the next page. Also you need to manually fill in the amounts, you have no idea what projects these maintainers are connected to (only the number of dependencies), you have little idea who needs what or even where their code is used in your projects, etc, etc. Also we had like 190 maintainers in our list, but GitHub only supports uploading 100 rows at a time. It's just laughably unusable, I'm rather surprised they shipped it like this.
Thanks.dev, who we ended up using in order to try to accomplish this task of fill-in-the-blank for the remainder of our support, since we can't possibly take the time to walk our SBOM and manually determine all the donations, is much much better, but also rather lacking in many important ways.
They don't actually take the donation immediately. I don't know when they will. I set my budget and manually excluded Tauri and Svelte (as we're donating to them elsewhere):
But it hasn't charged us anything yet. Maybe it will tomorrow, maybe at the end of the month, maybe I have it misconfigured. Who knows? I don't really know how it will determine exactly who gets paid. When I update values, it doesn't seem to really update the dependencies chart (I think it happens in the background and you need to come back later), etc.
Most importantly, there is no acknowledgement of our support anywhere. I can't go to a GitButler profile page on Thanks.dev and show off what we're doing. There appears to be zero way to say "look what we're supporting", it seems to basically make our support an anonymous donation, which further reduces an already difficult motivation factor, especially for corporations.
It's going to be difficult to incentivize other companies to do this when they get nothing materially that they don't already enjoy, and in addition to that there isn't even the most minimal recognition of their support.
What we need
I think we badly need some combination of these efforts.
The Open Source Pledge is a great start and that's why we're supporting it and trying to help, but I personally feel that eventually there needs to be a more interesting motivation for companies.
Bruce Perens (a founder of the OSI) has recently spoken a lot about Post Open Source and is trying to figure out something along the lines of a better dual licensing model that gets maintainers paid via a sort of license tax and distribution organization.
What comes after Open Source from the OSS OG
But honestly I think the solution is something in between all of these initiatives.
What I would find valuable, from the point of view of a founder of a company who uses a lot of Open Source software but furthermore works directly with some of the projects to help advance them (for us, Tauri and Gitoxide being the most direct, we work with their developers regularly), I think we need a more nuanced and manageable way to have different levels of relationships with the vast network of open software dependencies that any modern stack has.
From the maintainer side, there needs to be a way for people who want to be professional maintainers or open source developers to register themselves as such. To be able to make a good living from developing and maintaining dozens of projects perhaps. Maybe even be able to take over important projects professionally.
From the company side, it would be nice to both make this process much clearer and easier, and have some more tangible value from participating. First, there needs to be a platform to help us as a company to do what we've done manually - select the projects we depend heavily on and want to work directly with and make sure we have some sort of minimal extra seat at the table - then pay a tax for all the other projects that we are happy to help but don't want or need direct involvement.
Perhaps Thanks.dev can become this, but I'm not sure how much momentum it has (I just learned about it recently and it seems like it's something of a small effort or even a side project). I think GitHub would be ideal for this, but I don't think this is a real priority for them.
In any case, we're slowly working our way there as a community, the Open Source Pledge is the right first step and I hope that as a wave of companies join and run into the same frictions we did, someone steps up to make the entire process much easier and more valuable to the companies who are doing what needs to be done to make Open Source stronger and more sustainable.