How I Got Robbed Of My First Kernel Contribution
- Ariel Miculas tl;dr: “I spent a lot of time and effort doing root cause analysis, fixing the bug, testing and validating the fix, getting feedback from other engineers at my company, adapting the fix to the latest kernel version, and sending two different patches to the maintainer… Instead of accepting my patch or guiding me towards a better solution, he went ahead and implemented his own fix, giving me credit only for reporting the issue.”featured in #452
How Much Are GitHub Stars Worth To You?
- Yassin Eldeeb Aleksandra Sikora tl;dr: The authors show us how stars have become a commodity and how to evaluate an open source project. “The best and most obvious way to judge an open-source project is to look at the code but this can be kind of tedious… so an alternative that we have all naturally developed on our own or have been advised to, is to see how many people have starred a project, and then pick the one with the most stars.”featured in #420
There Is No Secure Software Supply-Chain
- John McBride tl;dr: "The security of open source software is under threat and we’re running out of people to reliably maintain those projects. And as our stacks get deeper, our dependencies become more interlinked, leading to terrifying compromises in the secure software supply-chain. For a perfect example of what’s happening in the open source world right now, we don’t need to look much further than the extremely popular Gorilla toolkit for Go."featured in #378
featured in #366
This Program Is Illegally Packaged In 14 Distributions
- Artemis Everfree tl;dr: "We’ve got distributions of a Go package that includes entirely unlicensed code. We’ve got a host of Go packages that may not be complying with the terms of the license, when the distributions can even agree what the license is. And it’s apparently not limited to just go. Is this normal? Is this legal? I don’t really know."featured in #346
Commit 1 To 1000 And Beyond: Two Years Of Maintaining An Open-Source Project
- Sayan Nandan tl;dr: "I started writing what is now known as Skytable, a NoSQL database project. Ever since, I have been maintaining Skytable, mostly in my free time and have recently been spending a lot of time on it. Here’s a little story on my two years of experience in maintaining an open-source project: what it’s like, the highs and lows and the future."featured in #329
Don't Be That Open-Source User, Don't Be Me
tl;dr: I would discover a bug or something would break my workflow with a new release and I would head to GitHub to report it... What I didn’t consider was that my interactions were taking time & attention from the project. User support is a cost. If you take anything away from this post I hope it is that these costs need to be paid by someone, the maintainer."featured in #326
featured in #319
How To Pay Professional Maintainers
- Filippo Valsorda tl;dr: To successfully fund an OS project, a company needs to: (1) Pay the maintainers, not people external to the project. (2) Pay "real money" i.e. what they could make as senior engineers. (3) Pay for maintenance, not features or support. (4) Keep paying and assess performance at contract renewal time.featured in #300
Support Open Source That You Use By Paying The Maintainers To Talk To Your Team
- Simon Willison tl;dr: "Reach out to the maintainers and offer them generous speaking fees for remote talks to your engineering team." Simon believes that companies are more likely to spend on a one-off paid speaking opportunities than pay a monthly donation. If the maintainer is not an experienced speaker, find a member of your team to act as a host and gather questions from your engineers in advance to run the session as a Q&A.featured in #294