brainwane, (edited )
@brainwane@social.coop avatar

Some enterprises, in the wake of , are focusing on their metrics for dependencies they ingest..... rather than investing money, developer time, or other resources* to directly support maintainers.

But as I mentioned to a friend recently:

If downstreams do not provide at least as much support as a motivated attacker would, we're likely to continue to get these kinds of outcomes - & to be deceived, as attackers shape their efforts to trick the metrics.

chaosmonkey,
@chaosmonkey@masto.ai avatar

@brainwane I've done a fair bit of work in my time, in various areas but mostly dev work.

While I still work on open source, I've scaled down my work and narrowed it quite a bit.... despite still believing that all code should be .

Here's some / experiences from my time as a FOSS dev:

  • at most 1 percent of users contribute back, even less so in monetary ways
  • Apart from time and (to live), equipment was my big blocker (10+ years old hardware)

cntd

chaosmonkey,
@chaosmonkey@masto.ai avatar

@brainwane

continued

  • I was able to find a few souls to help manage the project but no devs
  • most devs wanted to just scratch their own itch and be done
  • giving full transparent views of the costs in running a project, reactions went from "wow great job" to "you spend too much"
  • rarely I got "I'm gonna help out financially" and only a few ever actually did (in terms of dollars, not even tens of..)
  • meanwhile everyone wanted more features, stability and releases. Quick to complain

cntd

chaosmonkey,
@chaosmonkey@masto.ai avatar

@brainwane

cntd

As I said, I still do but care a lot less... the last straw was when I got a literal from someone because I hadn't worked on a in a while. (due to personal circumstances)

I dropped that project like a brick, locked everything down and went underground for 2-3 years. Not because I was afraid but rather fed up. Not the best approach but still.

(many) Open source devs are , , often and sometimes ...

brainwane,
@brainwane@social.coop avatar

@chaosmonkey Thank you for sharing your experiences and I am sorry those things happened to you. Yours is one of the stories I will keep in mind as I do my work.

codonell,
@codonell@fosstodon.org avatar

@brainwane Fantastic writeup. I empathize most with the coaching and cheerleading 😃

brainwane,
@brainwane@social.coop avatar

@codonell Thank you!

And yeah - I think the coaching and cheerleading option is one that feels squishy and illegible to a lot of organizations and thus harder to recommend, so I am glad to be able to point to the pipenv example, and would welcome further case studies.

pauamma,
@pauamma@mstdn.social avatar

@brainwane Thanks for the transcript.

brainwane,
@brainwane@social.coop avatar

@pauamma You are welcome!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • opensource
  • DreamBathrooms
  • magazineikmin
  • InstantRegret
  • thenastyranch
  • cubers
  • Youngstown
  • ethstaker
  • slotface
  • mdbf
  • rosin
  • Durango
  • kavyap
  • GTA5RPClips
  • khanakhh
  • JUstTest
  • tacticalgear
  • ngwrru68w68
  • cisconetworking
  • modclub
  • everett
  • osvaldo12
  • normalnudes
  • provamag3
  • anitta
  • tester
  • Leos
  • megavids
  • lostlight
  • All magazines
    •