Idea: Dependency Funding Tool

I have drafted a proposal for what I call “The Dependency Funding Tool” (TDFT).

It’s purpose is to provide funding to all free software projects, regardless of their proximity or visible to the people utilizing them.

TL;DR

  • The tool relies on a federated graph of project (as nodes) connected by dependencies (directed and weighted edges)
  • To calculate how reliant one project is on another all paths between the two projects in the dependency graph are taken, their edge weights multiplied and then summed up.
  • The tool analyzes the usage of a person and creates a list of projects they are directly or indirectly reliant on by calculating for each program they interact with directly all the projects they depend on and sorting them by their dependency.
  • The tool can be configured to send automatic recurring fees or direct people to a project’s CONTRIBUTE files.
1 Like

The problem @CSDUMMI describes is also acknowledged in this article linked from SustainOSS forum: Sponsoring dependencies: The next step in open source sustainability - Sustain Open Source Forum

Hostea is a collective that dedicates 25% of its income to funding dependencies. It needs tooling to implement its revenue sharing model.

This was already discussed in the forge federation general chatroom and I do realize the tools discuss here does not exactly fit. But I suppose it’s worth mentioning, in case someone comes up with a brilliant idea that would bring it in scope.

1 Like

@CSDUMMI as mentioned in chat, on Hacker News I bumped into a discussion about Microsoft open-sourcing a Software Bill of Materials (SBOM) project. Didn’t know what a SBOM meant, but it looks to be interesting for this project. I documented here. There are existing tools that can do the dependency analysis that this idea needs.

A python function implementing the revenue sharing model was done and can be found here. It is a NP-hard problem and there will be cases where it cannot compute the optimal solution in a finite time despite the heuristics. But Hostea is small still and this is unlikely to happen right now.

1 Like

Podcast - Nicholas Zakas on Sponsoring Dependencies, All The Way Down

1 Like

My conclusions

It is implied that eslint gets too much funding and is sustained by donations, although most of the costs of developing it are not funded in this way. Developers are paid by companies out of a budget that is not reflected in the eslint sponsor pages.

It is one more example showing that donations are, for most of Free Software projects, covering only a small fraction of the cost to run it.

If a Free Software project is not sustained by donations, distributing a fraction of the donations to dependencies is unlikely to have a significant impact on their sustainability. The amount distributed to dependencies should instead be a fraction of the actual budget of the Free Software project.

Notes

  • extremely successful project
  • ESlint has been been going on for 9 years, developed by people paid by companies
  • three years ago they starting accepting donations
  • did not know how to spend it and stashed it until ~2021
  • start to spend it in the past year / two years
  • donates ~3k per month to dependencies
  • receives ~10k per month from sponsors
  • most donations are from large companies
  • about ten people work on a daily basis on eslint
  • donations to dependencies is on a case by case basis

Did not work:

  • paid a part time maintainer
  • paid a full time maintainer

Works fine and keeps going:

  • pay for the redesign the website
  • ongoing hired a technical writer to work on the documentation

My remarks

  • the cost of paying ~10 eslint maintainers on a daily basis is an order of magnitude more expensive than what eslint gets in funding
  • the current eslint budget is therefore a fraction of the cost to maintain eslint
  • there is no analysis of the cost of running eslint: who gets paid how much to do what
  • there is no strategy to increasing funding to cover the majority of the cost instead of a fraction of the cost
1 Like
1 Like

Though this project uses Coinbase (cryptocoin-tech which I’d personally avoid) the mechanism for funding might inspire:

I found a commercial service, currently in beta, that is somewhat based on this idea:

The top-level comment thread in this HN discussion on Krita.org receiving zero contributions from companies delves into the idea of Dependency Funding. Some noteworthy feedback to take into account, as well as links to existing services.

The comment by lars_francke:

I want someone to build this:

SBOM (Software Bill of Materials) are slowly becoming ubiquitus around the world due to regulation.

I want to be able to aggregate all SBOMs within my company, have a small tool that scans my machine and creates a SBOM for all Open Source tools I use (e.g. Firefox, VLC etc.), uploads that to my corporate registry.

This data is then submitted to a donation aggregator which analyzes those SBOMs and distributes my monthly donation across all those projects.

It is so hard dealing with those individual donor portals and various forms to donate to foundations et. al.

If this whole project could be run as a non-profit foundation itself that’d be perfect.