Sustain

Guest Joel Wasserman Panelists Richard Littauer | Justin Dorfman Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. Our guest today has been on this podcast before, and we are super excited to have him back on. Joining us is Joel Wasserman, co-founder and Founder of Flossbank and Software Engineer at Google. Today, we’ll find out what happened to Flossbank and what’s happening next as Joel tells the story of how the idea of Flossbank came about, and the challenges and lessons he’s learned along the way. He goes in-depth about the need for funding, the ginormous difference between an open source author and an open source maintainer, and diversity in open source. Download this episode now to hear more! [00:01:23] What is Flossbank? [00:05:59] Onboarding can be difficult, and Joel fills us in on some lessons he’s learned. [00:09:53] Richard brings up a point of finding the right person, and wonders what issues Joel had was because he was the middleman or something else, and if it’s hard to find money for any project in open source. Joel mentions Nadia Eghbal’s book as the best book he’s ever read on the open source ecosystem. [00:12:58] Justin talks about a blog post Joel wrote last June on “The Flossbank Attempt,” where he made a comment “don’t hesitate to reach out,” and he tells us what other projects are actively asking him for advice. [00:15:20] We hear what Joel thinks of the benefits of GitHub sponsors and Open Collective are in comparison to his and why they’re able to garner some money, and his thoughts on that part of the ecosystem. [00:18:26] Joel tells us if there will be any sort of government grants going down the dependency tree and if he’s thought about that kind of money coming into the system and if there are benefits. [00:22:26] We hear what Joel thinks about the idea the maybe Flossbank was never going to work because there’s isn’t as much altruism in the world from companies and that he’s asking for something that’s impossible. [00:29:38] Joel talks about payment mechanisms and something cool they did with Flossbank, working with a company called Coil that uses Interledger. [00:32:13] Joel details his realistic and optimistic view on people wanting to invest in open source and getting money off it, and about diversity in open source. [00:38:50] Find out where you can follow Joel on the web. Quotes [00:05:04] “What we didn’t know and what we quickly found out is that a lot of companies want to have a relationship with the maintainer they are donating to.” [00:06:21] “Small companies, startups, are acutely aware of the open source they rely on.” [00:18:53] “People just take it for granted and they say, “Well, why should I fund it if the next person isn’t funding it?” [00:22:48] “There’s a ginormous rarely spoken difference between an open source author and an open source maintainer. An author chooses to put that license up. An author has given no promise to working on this, to securing it toward making sure that other companies get what they want, bug fixes, future maintenance, making sure their dependencies, no guarantees.” [00:24:00] “Open source maintainers are what I’m advocating to get paid and open source maintainers are the ones who are keeping code up to date, making sure it’s secure, making sure the dependencies are up to date, making sure the dependencies are secure, those people are putting in work.” [00:28:09] “Maintainership is work. It’s a triage of bugs, a triage of feature requests, it’s actual improvements to a package, it’s a long-term commitment, it’s a dramatically different persona and role than author.” [00:32:26] “You should be giving to your entire open source dependency tree because you don’t know what you depend on, or you don’t know what maintainer needs that money to do their work, to keep their package secured, to keep their package up to date until it breaks.” Spotlight [00:39:01] Joel’s spotlight is Nadia Eghbal’s book, Working in Public: The Making and Maintenance of Open Source Software. [00:40:01] Justin’s spotlight is the Open Technology Fund. [00:40:19] Richard’s spotlight is the book, Sacred Economics: Money, Gift & Society in The Age of Transition by Charles Eisenstein. Links SustainOSS SustainOSS Twitter SustainOSS Discourse podcast@sustainoss.org Richard Littauer Twitter Justin Dorfman Twitter Joel Wasserman Twitter Flossbank Sustain Podcast-Episode 58: Joel Wasserman on Flossbank and Sustainability Giving Back to Dependencies Feross-Introducing ‘funding’ experiment Working in Public: The Making and Maintenance of Open Source Software by Nadia Eghbal The Flossbank Attempt by Joel Wasserman Sustain Podcast-Episode 148-Ali Nehzat of thanks.dev and OSS Funding Sustain Podcast-Episode 152-Dudley Carr and Wes Carr on StackAid thanks.dev Stackaid Coil Interledger Foundation Open Technology Fund Sacred Economics: Money, Gift & Society in The Age of Transition by Charles Eisenstein Credits Produced by Richard Littauer Edited by Paul M. Bahr at Peachtree Sound Show notes by DeAnn Bahr Peachtree Sound Special Guest: Joel Wasserman.Support Sustain

Guest Paul Berschick Panelists Richard Littauer Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. Richard is very excited to have a repeat guest on today, and that is Paul Berschick. Paul is here to tell us a little bit about his conference, FOSS Backstage 2023, which is being held in Berlin, in-person and online, March 13-14. He gives us some important details about the event, from what’s happening this year, some exciting speakers that will be there, and where you can register and sign up ASAP. Download this episode to get all the details and we hope to see you there! [00:00:53] What’s happening at FOSS Backstage this year? [00:02:26] Paul tells us about some of the speakers that he’s excited about having. [00:03:37] There’s going to be podcasts rooms there and podcasts hosts, which of course Richard will be there. Will there be any more hosts joining in? [00:04:17] Find out how to register for FOSS Backstage, booking accommodations, traveling, and places to go online for more info. Links SustainOSS SustainOSS Twitter SustainOSS Discourse podcast@sustainoss.org Richard Littauer Twitter Paul Berschick Twitter FOSS Backstage 2023 FOSS Backstage 2023 Twitter FOSS Backstage 2023 Mastodon Sustain Podcast-Episode 120: FOSS Backstage 2022 with Rich Bowen & Paul Berschick Credits Produced by Richard Littauer Edited by Paul M. Bahr at Peachtree Sound Show notes by DeAnn Bahr Peachtree Sound Special Guest: Paul Berschick.Support Sustain

Guest Yadira Sánchez Benítez Panelists Richard Littauer | Amanda Casari | Leslie Hawthorn Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. Today we have joining us, Yadira Sánchez Benítez, who’s been on this podcast before, and we decided to bring her back since there’s so much more we wanted to discuss with her. Yadira is a lecturer in Data Science in London at UAL. She’s also a creative technologist, examining the role technology plays in our everyday lives and ecosystems, engaging, and actively dismantling the tech-violent pipelines reinforcing hegemonic structures and reimagining and co-creating spaces where technologies and art are pluriversal and liberatory, which we’ll learn more about today. Also, Yadira tells us about her Fellowship with the Software Sustainability Institute, what open source means in community work, her work with other communities that have language barriers to get them more involved, and she talks about the importance of being aware of privileges we hold in different spaces. Download his episode now to learn more! [00:02:29] Yadira explains how she gets paid for what she does, how she got into that position, and her Fellowship with the Software Sustainability Institute. [00:05:36] We hear some examples of what hegemonic control of open source production is in the aspect of community work. Also, Yadira tells us a little bit about AlterMundi, based in Argentina, that’s doing amazing work in the area of open source from a different perspective. [00:09:45] We find out if there’s a way for people who want to learn more to get better engaged with what’s coming out in these communities across Central and South America. [00:13:04] Leslie saw Yadira’s really cool wearables and electronic art in her portfolio and wonders if she’ll see her at a future Chaos Communications Congress Conference to show them off, and she tells us more about her creative work. [00:19:31] Amanda wonders what Yadira’s experience has been working in statistical processes or data centered processes that are taken over by larger groups, and she shares her thoughts on how practitioners can work together to prevent this kind of weaponization. [00:24:26] Richard wonders how we can work with people who are in tech and don’t have roots to indigenous areas, and what can we do in tech to help heal those wounds and accept that he’s as legitimate a person as anyone else. [00:28:29] Yadira shares thoughts on how to easily help decolonize your open source projects or how to make it easier for people who don’t have the privilege. [00:34:59] Find out where you can follow Yadira and her work on the web. Quotes [00:06:31] “We rely a lot in documentation and platforms to propagate the work that we do. However, when you work with communities that may not have fast internet or access to these platforms, that doesn’t work.” [00:26:19] “We need to be more aware of the privileges we hold in different spaces and times.” [00:26:57] “How can I act in solidarity with people when I’m in a position of power or privilege?” [00:29:28] “It’s very important to ask the question – open source for whom and for what?” Spotlight [00:36:46] Amanda’s spotlight is an essay, Apache Appropriation by Natives in Tech. [00:37:13] Leslie’s spotlight is the Outreachy program. [00:37:41] Richard’s spotlights are the Middlebury Abenaki course and the Nulhegan Band of the Coosuk Abenaki Nation. [00:38:19] Yadira’s spotlight is a talk on YouTube: Indigenous Futures: A Conversation with Yásnaya Elena Aguilar Gil-Twenty Summers 2022. Links SustainOSS SustainOSS Twitter SustainOSS Discourse podcast@sustainoss.org Richard Littauer Twitter Amanda Casari Twitter Leslie Hawthorn Twitter Yadira Sánchez Benítez Twitter Yadira Sánchez Benítez LinkedIn Yadira Sánchez Benítez Instagram Yadira Sánchez Benítez Website Sustain Podcast-Episode 121: FOSS Backstage 2022 with Cornelius Schumacher, Yadira Sánchez Benítez, & Thomas Fricke Software Sustainability Institute APC Association For Progressive Communication-AlterMundi Chaos Computer Club Milpa Three Sisters (agriculture) Apache Appropriation Outreachy Middlebury Language Schools-Abenaki Nulhegan Band of the Coosuk Abenaki Nation Indigenous Futures: A Conversation with Yásnaya Elena Aguilar Gil-Twenty Summers 2022 (YouTube) Credits Produced by Richard Littauer Edited by Paul M. Bahr at Peachtree Sound Show notes by DeAnn Bahr Peachtree Sound Special Guest: Yadira Sánchez Benítez.Support Sustain

Guest Clare Dillon Panelists Richard Littauer | Leslie Hawthorn | Justin Dorfman Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. Today, we are excited to have joining us Clare Dillon, who’s the Executive Director of InnerSource Commons and works with the OSPO++ Network to support the establishment of University and Government Open Source Program Offices globally. In 2021, she Co-founded Open Ireland Network, which is a community of people talking about open source in Ireland. Our discussions today take us through how Clare got into open source and involved with InnerSource Commons, their relationship with the TODO Group, and the importance of the Japanese community in the InnerSource Commons. Also, since Clare Co-founded the Open Ireland Network, she fills us in on what it is, and gives an overview of the research and her findings from a report that was produced with the Irish government on, “Open Source and InnerSource Skills in Ireland: A Call for Action.” There is much more, so download this episode now! [00:02:07] Clare shares her background story of how she got into open source, how she joined an Irish company called Nearform, and meeting Danese Cooper, who introduced her to open source and the concept of InnerSource. [00:04:48] We hear how Clare got involved with InnerSource Commons with Danese Cooper. [00:06:47] When talking about InnerSource Commons, Clare goes in depth on how many people are active members, separate members, and since it’s a 501(c)(3), how big the budget is. She also explains how InnerSource is more about the methods and practices. [00:11:31] Leslie wonders if Clare has found in her experience that organizations that come to InnerSource who may not have any experience with open source are more disposed to community engagement or doing co-development outside of the firewall after they get that experience with InnerSource. [00:16:11] Clare tells us her thoughts about the long-term implications for the health of the open source ecosystem. [00:19:11] On the InnerSource Commons website there is English and Japanese, and we find out how active it is for the people who speak Japanese into InnerSource. [00:21:01] We hear about the InnerSource Commons relationship to the TODO Group and Anna Jiménez, who’s a community participant at InnerSource Commons as well. [00:22:34] Since Clare is the Co-founder of Open Ireland Network, she tells us what it is and gives an overview of the research and her findings from a skills report that was just produced with the Irish government. [00:28:07] We learn is there’s any intent to support the skills agenda in Ireland with more open source work, and if the Irish government plans for economic development in Ireland if that’s something that the Open Ireland Network is encouraging. [00:31:47] Clare shares some thoughts on the long-term implications of nationalistic approaches towards open source markets. [00:36:31] Find out where you can read the report and follow Clare on the web. Quotes [00:09:54] “Many of the original founders of InnerSource Commons were motivated by the idea of creating a whole new set of people who were able and willing to collaborate in the open source community so that they had that experience within their jobs, and therefore would be more likely and able to contribute either within their jobs or in their own private time to the open source community.” [00:26:54] “What was really fascinating to me was there was almost equal emphasis in the folks that responded to the survey about the non-technical skills. So where are the people in sales and marketing who understand this ecosystem? Where are the people in legal professions who understand the legal agreements necessary?” [00:29:33] “One of the most interesting areas that folks are now beginning to be aware of is that it’s not just the technology that gives you a leapfrog in, but also market access.” [00:29:54] “When I was talking to some of the industry development agencies in Ireland, the idea that there are industry vertical foundations focusing on innovation in particular areas were a huge interest to them.” [00:34:32] “If you’re enabling people to do open source in any nation, it enables collaboration across nations.” Spotlight [00:37:43] Justin’s spotlight is Ghost. [00:37:57] Leslie’s spotlight is to go check out the Digital Public Goods Charter that’s been published. [00:38:38] Richard’s spotlight is the National Portrait Gallery in Dublin. [00:39:06] Clare’s spotlight is Sue Borchardt, who’s a research artist and her amazing animation series she created on Cultural Evolution. Links SustainOSS SustainOSS Twitter SustainOSS Discourse Richard Littauer Twitter Leslie Hawthorn Twitter Justin Dorfman Twitter Clare Dillon LinkedIn InnerSource Commons NearForm Sustain podcast-Episode 54: Danese Cooper on the History of Open Source, InnerSource, and What’s Next Sustain Podcast-Episode 132: Ana Jiménez Santamaria on OSPOs and the TODO Group Open Ireland Network Ghost Digital Public Goods Charter National Gallery of Ireland Sue Borchardt-Cultural Evolution Series (Vimeo) Sue Borchardt Website Credits Produced by Richard Littauer Edited by Paul M. Bahr at Peachtree Sound Show notes by DeAnn Bahr Peachtree Sound Special Guest: Clare Dillon.Support Sustain

Guest Kailash Nadh Panelists Richard Littauer | Justin Dorfman Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. We’re super excited to have as our guest today, Kailash Nadh. In 2020, he co-founded the FOSS United Foundation, a non-profit organization that supports the FOSS ecosystem in India, where he serves as director. He also has been the CTO of Zerodha, India’s largest stock broking firm for the last decade. Today, our conversations with Kailash will take through the FOSS program at Zerodha, and he’ll explain how they’ve grown to be one of the largest financial tech companies in India. He’ll take us through the journey of starting the FOSS Foundation, Zerodha’s funding for FOSS, and Kailash explains why people getting interested in open source is such a huge valuable concept and philosophy. Download this episode now to learn more! [00:02:20] Kailash tells us about the FOSS program at Zerodha and being a CTO. [00:06:46] There’s a FOSS Pledge on the FOSS United website and Kailash explains who it’s for and if anyone can sign it. [00:08:04] We learn about Zerodha’s yearly budget to the FOSS Foundation. [00:10:36] A question comes up if there are any documents or resources Kailash has in place to help ensure that their interests at Zerodha don’t erode away the native interests of any open source project. [00:13:04] Kailash tells us about paperd.ink. [00:15:04] Justin is curious to know if every part of the product is open source or if there’s some type of proprietary in there and what their focus is for the funds. [00:16:01] Dwayne O’Brien’s name comes up with the FOSS Contributor Fund, and if Kailash has ever talked to him. [00:17:32] Since it’s hard to find people to fund right now, Richard wonders what the intake process is for Kailash to get new contributors and maintainers. [00:18:26] Does Zerodha have Community Managers or social media people to help out the foundation? [00:20:27] We hear about the different conferences in India. [00:23:58] Kailash explains what the people were interested in hearing about at the FOSS focused events and how enticing it is for people to go to them. [00:28:41] We hear Kailash’s views on what he thinks about people getting interested in open source, and he tells us about the social development sector. [00:34:23] A questions comes up if there are any resources people could reach out to if they are in the NGO sector, or social sector. where they can learn what FOSS tools are best for them. [00:36:15] Find out where you can follow Kailash and his work online. Quotes [00:04:00] “We have close to zero SaaS subscriptions even as a really large enterprise.” [00:04:20] “FOSS really is why Zerodha exists today in the form it does.” [00:04:31] “We’ve grown to be one of the largest financial tech companies in India all on the back of FOSS.” [00:06:32] “Building everything community first, first principles, is really key.” [00:08:50] “At Zerodha, we’ve set aside one million dollars a year minimum to fund FOSS.” [00:20:29] “The conference a few months ago was IndiaFOSS, then a conference that happened in Kochi they named KochiFOSS, then DelhiFOSS, and there’s an upcoming one MumbaiFOSS, which has a nice ring to it. This evolved organically with people in Kochi because they really wanted to call it KochiFOSS to identify with the city.” [00:32:50] “FOSS is the answer to the massive systematic risk that is the lack of technical capacity in the most dire of needs.” Spotlight [00:37:13] Justin’s spotlight is a project he’s been working on with his co-worker Camden called, conc: better structured concurrency for go. [00:38:04] Richard’s spotlight is Ben Acker. [00:39:06] Kailash’s spotlight is Matt’s FormMail and Planet Source Code. Links SustainOSS SustainOSS Twitter SustainOSS Discourse podcast@sustainoss.org Richard Littauer Twitter Justin Dorfman Twitter Kailash Nadh LinkedIn Kailash Nadh Website FOSS United FOSS Pledge Zerodha paperd.ink IndiaFOSS KochiFOSS DelhiFOSS conc-GitHub Ben Acker GitHub Matts Script Archive-FormMail Planet Source Code Credits Produced by Richard Littauer Edited by Paul M. Bahr at Peachtree Sound Show notes by DeAnn Bahr Peachtree Sound Special Guest: Kailash Nadh.Support Sustain

Guest Dudley Carr | Wes Carr Panelists Richard Littauer | Justin Dorfman Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. On this episode, we have two guests joining us. Today, we’ll be talking with Dudley Carr and Wes Carr, who are brothers and Founders of StackAid, which is a monthly subscription you can use to automatically fund all of your dependencies. We’ll be discussing all things StackAid, learn more about Wes and Dudley’s backgrounds, some long-term goals they have, and exciting things on the horizon for StackAid. Go ahead and download this episode now to learn more! [00:02:43] Wes tells us what StackAid is and how it’s different. Also, he explains why they chose to only fund first and second order. [00:05:44] Since StackAid’s goal is to help developers get money for their careers, we find out how many users are using the platform, how many maintainers, and their corporate sponsor. [00:06:58] In 2006, their start-up got acquired, so we hear about that start-up. [00:09:17] Dudley worked at Google and then switched to Moz and started working on Node.js stuff, and he explains when he made the decision to start tackling dependency payments, helping maintainers, and how they’re self-funding the work. [00:13:41] We’ll find about Sentry being the only corporate sponsor currently for StackAid and why the most important base they can rely on is individual developers. [00:19:14] Richard wonders what Wes and Dudley are going to do to convince developers to donate more of their money besides putting out content and they explain what their focus is right now. [00:22:23] A question comes up if Wes or Dudley have looked into the minimum viable income that they think has an effect on a project’s health. [00:24:49] We hear what Wes and Dudley are doing to help diversify the developer stack and how they allocate their funds. [00:28:59] Dudley explains the reasons why they have zero guides to for people to tell them how they should spend their money in order to make the project more sustainable. [00:31:44] Wes shares the hardest part about building StackAid so far, and some long- term goals and exciting things coming up for StackAid. [00:38:08] Find out where you can follow along with Wes and Dudley online. Quotes [00:08:13] “We attended a peer-to-peer conference back in the day where Shawn Fanning was attending this kind of stuff, and then we bumped into some Google people.” [00:09:30] “Wes and I have been close to open source for a very long time. We’ve consumed it since the late nineties and have benefited from it tremendously.” [00:10:36] “We wanted to make a concrete contribution back into the open source community in some form.” [00:17:16] “I think evangelism is super important.” [00:17:50] “It’s like saying I’m not going to recycle, but I expect the company that I work for to recycle.” [00:23:50] “There’s an amount of space that we need to be able to buy people and give them that freedom and that cushion so that they can think of new things or reinvest it in things that they’ve done.” Spotlight [00:38:54] Justin’s spotlight is asdf. [00:39:40] Richard’s spotlight is Donald Hall’s and his essay, The Third Thing: Poet Donald Hall on the Secret to Lasting Love (The Marginalian). [00:40:16] Dudley’s spotlight is the NSQ project. [00:40:52] Wes’s spotlight is Benthos. Links SustainOSS SustainOSS Twitter SustainOSS Discourse podcast@sustainoss.org Richard Littauer Twitter Justin Dorfman Twitter Dudley Carr LinkedIn Dudley Carr Twitter Wes Carr LinkedIn Wes Carr Twitter StackAid Twitter StackAid-Mastodon Social StackAid Sustain Podcast-Episode 148: Ali Nehzat of thanks.dev and OSS Funding Sustain Podcast-Episode 96: Chad Whitacre and how Sentry is giving $150k to their OSS Dependencies Sustain Podcast-Episode 149: Naytri Sramek on the GitHub Accelerator and M12 GitHub Fund asdf The Third Thing: Poet Donald Hall on the Secret to Lasting Love (The Marginalian) NSQ Benthos Credits Produced by Richard Littauer Edited by Paul M. Bahr at Peachtree Sound Show notes by DeAnn Bahr Peachtree Sound Special Guests: Dudley Carr and Wes Carr.Support Sustain

Panelists Richard Littauer | Pia Mancini | Ben Nickolls Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. This is a short episode today because we are headed to London in early February for a Sustain event. Why are we going to London? Well, it’s the State of Open Con 2023, February 7-8, an event that is all things open source, including legal, governance, technology itself, hardware, and data, put on mainly by Amanda Brock and Open UK, and funded by IEEE SA and many other sponsors. You’ll find out all the details on this event, how to get tickets, and the two-day session Sustain is having that they would love for you to join in on. Download this episode now to learn more! [00:00:44] Ben gives all the details on what’s going on in London with State of Open Con 2023. [00:02:29] Find out how you can get your hands on some tickets to the event, and if you need any financial assistance, they are offering it, but it is limited. [00:04:13] Pia fills us in on why she’s going to this event and the two-day sessions they are having for Sustain about different topics, and they would love for everyone to join them. [00:05:26] Since FOSDEM 2023 is happening February 4-5 in Brussels, Ben points out there will probably be a lot of people traveling from that event to this one by train, so try to make plans for a rest day before this event kicks off. [00:06:40] If you’re going to FOSDEM, get in touch with Justin Dorfman or Abigail Mayes because they’re putting on an awesome event there. Links SustainOSS SustainOSS Twitter SustainOSS Discourse podcasts@sustainoss.org hello@opencollective.com hello@oscollective.org podcast@sustainoss.org Richard Littauer Twitter Pia Mancini Twitter Ben Nickolls Twitter State of Open Con 2023 Sustain Podcast- 2 Episodes with guest Amanda Brock Sustain Podcast-Episode 98: Silona Bonewald and her long-term vision for IEEE and open source FOSDEM 2023 Justin Dorfman Twitter Abigail Cabunoc Mayes Twitter Credits Produced by Richard Littauer Edited by Paul M. Bahr at Peachtree Sound Show notes by DeAnn Bahr Peachtree Sound Support Sustain

Guest Dustin Ingram Panelists Richard Littauer | Justin Dorfman Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. Joining us today is Dustin Ingram, who’s a Staff Software Engineer on Google’s Open Source Security Team, where he works on improving the security of open source software that Google and the rest of the world relies on. He’s also the director of the Python Software Foundation and maintainer of the Python Package Index. Today, we’ll learn about the Open Source Security Team at Google, what they do, the bill they’ve contributed to for Securing Open Source Software Act of 2022, a rewards program they have to pay maintainers called SOS rewards, and Google’s role in the Sigstore project. Also, Dustin talks about the Python Package Index, he shares his opinion on the difference between security and sustainability, and what he’s most excited about with work going on in the next year or two. Download this episode now to find out more! [00:01:10] Dustin fills us in on the Open Source Security Team at Google, what they do there, how they prioritize which packages to work on, and which security bugs to work on. [00:03:25] We hear about the team at Google working on the bill 4913 Securing Open Source Software Act of 2022. [00:04:18] Justin brings up Dan Lorenc and Sigstore, and we learn Google’s role in this project and making sure it’s adopted more heavily in the supply chain. [00:06:05] Dustin explains the model on how Google is working to make sure these projects stick together, and he tells us how an open source maintainer can make their code more reliable by going to Sigstore and other sites to talk to people. [00:09:26] How does Google prioritize and choose which projects are the most important and where they’re going to dedicate developer time to do that work? [00:11:02] Dustin works on the Python Package Index, and he explains what it is, and with the PSF, how many directors they have, and how much he interfaces with other people there. [00:12:17] We hear how Dustin dealt with the fallout from the backlash that happened during the mandatory multifactor authentication for the critical projects. [00:16:52] When it comes to security, Richard wonders if Dustin has put a lot of thought into different grades of where it exists and who it’s for, as well as if there’s a ten to fifty year plan for the maintainers who move on to do other things and people are not going to be developing at all. [00:19:13] Are there plans around educations for maintainers and communities on how to onboard new maintainers and how to increase security without increasing load time for the maintainers working on their projects? [00:20:21] We hear what the Securing Open Source Software Act is all about. [00:22:21] Now that open source is the dominant distribution, Dustin shares his thoughts on if open source will stop working and explains the real strength of open source. [00:24:09] Richard brings up the US government trying to secure their supply chain, working with future maintainers, code packages, working with foundations to figure out how we secure the ecosystem at a large, and wonders if Dustin sees a way for the government to try and secure open source and not regulate it, but try to figure how to manage it without the help of foundations or package managers. [00:26:56] Dustin shares his opinion on the difference between security and sustainability and what he thinks about that and what he’s most excited about with work going on in the next year or two. [00:30:28] Find out where you can follow Dustin and his work on the web. Quotes [00:03:34] “After Log4j, the government got really spooked because they really didn’t know what software they were consuming, and President Biden did an executive order on securing a nation’s cybersecurity, which was about setting a policy for how the government should consume open source.” [00:08:11] “We also do some other things to make that a little easier for open source maintainers to adopt these technologies.” [00:08:17] “One thing we have is a rewards program called SOS.dev, and that’s a way that maintainers can get paid for doing what we feel is relevant security work.” [00:21:01] “The US government consumes a lot of open source software. They have a dependency on a lot more than most large companies that you can think of.” [00:21:11] “The answer to Log4j is not to stop using open source, it’s to get better practices around determining what you have and just do industry best practices for finding and fixing vulnerabilities.” Spotlight [00:31:17] Justin’s spotlight is some awesome software called Rewind.ai. [00:32:32] Richard’s spotlight is Geoff Huntley. [00:33:36] Dustin’s spotlight is the Mozilla Open Source Support Program. Links SustainOSS SustainOSS Twitter SustainOSS Discourse podcast@sustainoss.org Richard Littauer Twitter Justin Dorfman Twitter Dustin Ingram Twitter Dustin Ingram LinkedIn Dustin Ingram Website Open Source Vulnerability (OSV) Sustain Podcast-Episode 93: Dan Lorenc and OSS Supply Chain Security at Google Sigstore SOS Rewards Python Package Index (PyPI) Sustain Podcast-Episode 75: Deb Nicholson on the OSI, the future of open source, and SeaGL Open Technology Fund Rewind Geoff Huntley Twitter Explaining NFTs: Geoffrey Huntley interviewed by Coffeezilla about his NFT Bay Heist (YouTube) Mozilla Open Source Support Program Credits Produced by Richard Littauer Edited by Paul M. Bahr at Peachtree Sound Show notes by DeAnn Bahr Peachtree Sound Special Guest: Dustin Ingram.Support Sustain

Guest Naytri Sramek Panelists Richard Littauer | Justin Dorfman Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. Today, we’re super excited to have joining us as our guest, Naytri Sramek, who’s the Senior Director of Strategy at GitHub. Have you heard of the GitHub Accelerator and M12 GitHub Fund? Well, this is a great day to be joining us because Naytri is here to talk about these programs that they’ve been launching to help support and sustain OSS over the long haul. Naytri shares GitHub’s journey which began with the GitHub Sponsors launch in 2019, bringing on enterprise sponsors, and how it led into launching the GitHub Accelerator program and the M12 GitHub Fund. Go ahead and download this episode now to learn more. [00:01:23] Naytri reveals the two things they’ve been launching which are the GitHub Accelerator and the M12 GitHub Fund. She also tells us about bringing on enterprise sponsors since they’ve benefited from open source. [00:06:25] Peter Thomas, who worked at Intuit and is creator of Karate Labs, is brought up and Justin wonders if he’s involved in this venture or if there are others. [00:09:37] A question comes up regarding if the growth of the projects has been tracked with the money that GitHub has given to developers, if they’ve been able to quit their jobs since the money was given to them, and if those projects have improved. [00:15:35] We hear the focus of the GitHub sponsors, the Accelerator, and the M12 Fund. [00:19:57] Justin brings up the difficult issue of how to deal with developers that build these critical pieces of software, but they don’t want to deal with the responsibility and wonders how Naytri and her team deal with this issue. [00:23:18] There’s a 10-week course for the accelerator program and we hear how it works, and if it will be available to everyone in the future on GitHub. [00:29:28] Naytri explains how the communities are being funded. [00:32:47] A point is brought up about how long can these strategies and programs live on so maintainers and open source developers can make a good living, and Naytri goes in depth about the need for more sources of funding and funding models. [00:36:34] Find out where you can learn more about the GitHub Accelerator and the M12 Fund. Quotes [00:17:40] “The M12 GitHub Fund is all about how we do invest in the tools that are built on GitHub’s platform.” [00:24:33] “I want 20 people making $200,000 a year.” [00:24:58] “The GitHub Accelerator course itself will be open source.” [00:28:08] “As we’ve expanded the program into more countries, we’ve doubled the number of countries that sponsors cover right now.” [00:30:10] “Commits aren’t universal. You shouldn’t just be rewarded for the code.” [00:33:07] “The way we’re thinking about the accelerator and the fund is we need so many more sources of funding and funding models to be able to support open source creators as well as communities.” Spotlight [00:37:44] Justin’s spotlight is Jessica Lord, who’s the GitHub Sponsors Product Lead. [00:38:14] Richard’s spotlight is Bill Watterson, author of Calvin and Hobbes. [00:38:23] Naytri’s spotlight is Mike Perham and a 10 year anniversary post he wrote to Sidekiq. Links SustainOSS SustainOSS Twitter SustainOSS Discourse podcast@sustainoss.org Richard Littauer Twitter Justin Dorfman Twitter Naytri Sramek LinkedIn naytri@github.com fund@github.com GitHub Accelerator GitHub Blog- An open source economy-built by developers, for developers by Naytri Sramek Sustain Podcast-Episode 56: Dominic Tarr on Coding What You Want, Living on A Boat, and the Early Days of Node.js Karate Labs Hopscotch Justin Dorfman Tweet: The hard decisions popular open source project maintainers need to make…daily. Jessica Lord-GitHub Bill Watterson-Wikipedia Happy 10th Birthday, Sidekiq! -by Mike Perham Credits Produced by Richard Littauer Edited by Paul M. Bahr at Peachtree Sound Show notes by DeAnn Bahr Peachtree Sound Special Guest: Naytri Sramek.Support Sustain

Guest Ali Nehzat Panelists Richard Littauer | Justin Dorfman Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. Get ready for an exciting guest today as we welcome, Ali Nehzat, who’s a Software Engineer with a preference for embedded systems and Founder of thanks.dev. Ali’s been around for a while, and he realized that the open source ecosystem needs some help, and his focus is specifically on the OSS funding problem. Today, we’ll learn more about Ali’s story of why he started thanks.dev, what motivated him, people that inspired him through his journey, and he reveals his mission for OSS developers. But it doesn’t stop there! Ali dives into different aspects he’s experimenting for funding, he tells us how payouts are supported so developers get paid, and how he’s planning on making this more sustainable. Download this episode now to find out more! [00:02:53] We find out the difference between thanks.dev and the other platforms, and Ali tells us his story about being motivated by Brian Carlson from the Node.js community, who’s behind node-postgres. [00:08:13] Ali talks about thanks.dev’s approach with helping to convince people to give money to open source. [00:11:20] We hear the tools that thanks.dev offers to its engineers to help them figure out how to sell giving back to open source. [00:14:07] After having conversations with OSPO companies, Ali explains how everything is a learning experience currently with thanks.dev, and he states the reason for thanks.dev not getting involved with code of conduct right now and what the mission is. [00:17:51] Licensing landscape is brought up by Ali and the conversations happening around it. [00:20:51] Ali fills us in on the insightful conversations he had with Joel Wasserman who really helped him in his journey, as well as other people, with thanks.dev, as well as some ideas to solve the funding with open source and make sure thanks.dev is sustainable going forward. [00:23:05] As far as projects go, Ali tells us who’s he’s worked with to get more funding. [00:26:06] Justin wonders if there’s any papers Ali’s read dealing with the complexities and edge cases, he explains how he would like to publish blog posts he wrote, and the testing and the experiments he’s been doing, and the impact Duane O’Brien from Indeed has made. [00:29:28] Richard brings up payment payouts and wonders how Ali is making sure the money actually gets to the developers and that helps the sustainability of those projects. [00:33:50] Ali is currently not getting a salary for this, but he tells us how fundraising through family and friends helped him, and how he’s planning to make this sustainable for him. [00:35:37] Find out where you can follow Ali on the web. Quotes [00:03:20] “Currently, thanks.dev is focusing on an experiment if you make it super easy for companies to donate to their dependency trees, what would be the outcome of that?” [00:04:41] “When I got interested in the funding space and in the challenges that open source maintainers face, it was actually all motivated by Brian Carlson in the Node.js community, who’s the person behind node-postgres.” [00:06:35] “It’s not just funding, it’s project management and it’s community management. There’s a whole array of other problems that can be attacked.” [00:09:12] “When I hit that barrier, the approach I took was to add a line item to my invoices for the OSS ecosystem.” [00:22:02] “The biggest learning is that to solve the funding problem in open source, you have to look at it from the perspective of the marketplace.” [00:23:50] “Then there’s a whole cohort of donors on GitHub and Open Collective that are engineering managers that are going to their own organizations and getting donations done and figuring out the motivations and actions behind these people.” [00:26:52] “The input that Duane O'Brien has had on thanks.dev has made such a huge impact.” Spotlight [00:37:32] Justin’s spotlight is CodeMirror. [00:38:19] Richard’s spotlight is Atom. [00:39:04] Ali’s spotlight is Brian Carlson. Links SustainOSS SustainOSS Twitter SustainOSS Discourse podcast@sustainoss.org Richard Littauer Twitter Justin Dorfman Twitter Ali Nehzat LinkedIn Ali Nehzat Twitter thanks.dev Twitter ali@thanks.dev thanks.dev Sustain Podcast-Episode 58: Joel Wasserman on Flossbank and Sustainably Giving Back to Dependencies Sustain Podcast-Episode 96: Chad Whitacre and how Sentry is giving $150 to their OSS Dependencies Sustain Podcast- 2 episodes featuring guest, Duane O’Brien Sustain Podcast-2 episodes featuring guest, Nicholas Zakas CodeMirror Atom Brian Carlson-GitHub node-postgres Credits Produced by Richard Littauer Edited by Paul M. Bahr at Peachtree Sound Show notes by DeAnn Bahr Peachtree Sound Special Guest: Ali Nehzat.Support Sustain