devtools.fm: Developer Tools, Open Source, Software Development Feross Aboukhadijeh - Socket
Jan 16, 2024
Open source legend Feross Aboukhadijeh discusses his journey into open source, challenges of open source funding, and his company Socket. Socket aims to level up OSS security and can detect complex vulnerabilities using static and dynamic analysis. They delve into the world of open source security, including device identifiers, managing open source packages, controversial funding experiments, the risks of relying on code maintainers, and the importance of considering the software supply chain.
AI Snips
Chapters
Transcript
Episode notes
Delegate Maintainer Responsibilities
- Give trusted contributors commit access to share maintainer load and reduce burnout.
- Reserve publish rights but be liberal with GitHub commit access to build maintainers' teams.
The Funding Problem For OSS
- Open source often cannot capture value via paywalls because volunteers will recreate open alternatives.
- Funding typically works via contracts, open-core models, or sponsorship-marketing, not micro-paywalls.
Install-Time Funding Backlash
- Feross tried showing sponsor messages during npm install as an experiment to fund open source.
- The experiment provoked outrage, lost sponsors customers, and NPM later blocked that pattern.