Don McCurdyNov 20, 2024

I've been expecting something like this since the XZ hack, but still ... frustrated/annoyed/sad to see Microsoft and 13 (!) partners jointly announcing that their answer is to “educate” open source maintainers.

It's nice that they're compensating maintainers for the time spent on that training, but ... compliance with corporate security policies is still a whole lot of ongoing, unpaid work after that? Sigh.

https://github.blog/news-insights/company-news/announcing-github-secure-open-source-fund/

Announcing GitHub Secure Open Source Fund: Help secure the open source ecosystem for everyone

Applications for the new GitHub Secure Open Source Fund are now open! Applications will be reviewed on a rolling basis until they close on January 7 at 11:59 pm PT. Programming and funding will begin in early 2025.

The GitHub Blog
Show threadDon McCurdyNov 20, 2024

If your company relies on open source software and wants to support maintainers, please don't do it this way.

Better models include:

- Tidelift
- Open Source Pledge
- Sovereign Tech Fund Fellowship for Maintainers

Show threadLutin Discret
@donmccurdy and @copiepublique (if you are a french company)
Nov 20, 2024 at 12:50pmWeb
Show threadDon McCurdyNov 20, 2024
@lutindiscret @copiepublique wasn’t aware of this, thank you!