Do I get this right that you can only nominate projects on Github? It should be known by now that a centralized platform like Github is the complete antithesis to open source.
Do I get this right that you can only nominate projects on Github? It should be known by now that a centralized platform like Github is the complete antithesis to open source.
We discussed this prior to launch, and obviously decided to launch as you see it. :) Our reasoning was that a) standardizing on GitHub URLs makes it easier to do automated analysis as part of the funding model, and b) any project important enough to matter will have at least a GitHub mirror. If you have counter-examples to (b), please comment them on GitHub (see what I did there?) or here and I will copy/paste for you. :)
https://github.com/osendowment/endowment.dev/issues/34
https://gotosocial.org/
Out of ethical disagreement they switched completely to codeberg. And they are certainly not the only ones, given signaling on the fediverse by other EU citizens.
> any project important enough to matter will have at least a GitHub mirror
That might be true, but many of the mirrors are unofficial.
Noted in the abstract, thanks. Concrete examples more useful ofc.
Concrete examples: GNU software, musl C library, everything from x.org and freedesktop.org. Just have a look at the top 1,000 projects from the Debian popularity contest and you'll find many projects outside the Github bubble. Why not use the Debian package name in your nomination form instead of a Github URL? Any project important enough to matter will have a Debian package, right?
If you're trying to come up with something like the "criticality score" based on repo metadata like the OpenSSF, you're likely to fail just like they did. Starting with Debian's popcon data makes a lot more sense, in my opinion.
Thanks, captured here: https://github.com/osendowment/endowment.dev/issues/34#issue...
They haven't pulled the plug on github yet, but my understanding is that Gentoo intends to drop it long term. In general, I would expect any of the projects that leave GH because they want to avoid being used to train AI would avoid leaving even a mirror behind (since that would defeat the point). (This is not intended as a value judgement, just saying that there exist projects that are doing this)
Thanks, noted at https://github.com/osendowment/endowment.dev/issues/34#issue...
So what is your proposed solution?
Nominate any public git repo
(or at least Codeberg, SourceHut, etc.)
Not the person you replied to, but I imagine less gameable signals than stars would make sense. Download count, default installs in multiple distros, industrial use cases in the cloud all come to mind.
Maybe giving money to the endowment gives you a vote? (Kills two birds with one stone.)
The details of how we're thinking about this are in:
https://github.com/osendowment/model
Happy to have you join us there to iterate on the model. We do prioritize input from paid-up members ofc. ;^)
> We aim to focus our support on the core of open-source ecosystems — like ~1% of packages accounting for 99% of downloads and dependencies
I guess this is core of plan and will not change?
Because I was thinking about projects like OpenStreetMap which are generating very useful data used by various open source projects, but are not by itself gathering very big pile of dependencies.
I guess that those would be out of scope.
(note: for OpenStreetMap itself I have gigantic conflict of interest, I received some OSM-related grants for software development)
> We do prioritize input from paid-up members ofc.
Pay-to-play, this reinforces the SV mindset underpinning all of this.
Strongly recommend you revise this if you are trying to present yourself as egalitarian. Feedback and suggestions for improvement ought to be considered on the merits, not who it came from, especially if money is the differentiator. (setting aside the natural reputation based weighting)