Comment by cbeach
1 year ago
In case anyone else was wondering:
Goodhart's law is an adage often stated as, "When a measure becomes a target, it ceases to be a good measure"
1 year ago
In case anyone else was wondering:
Goodhart's law is an adage often stated as, "When a measure becomes a target, it ceases to be a good measure"
In concrete terms, what you would or will see, if enough money starts going down this track, is open-source contributors changing their behaviour as they seek to make projects "donation-optimised" and to maximise their personal share of donations, and likely also "donation-bait" projects which exist simply to game the system. But even though all this could get quite bad, it's still quite likely to be less bad than the status quo. EDIT: If you're thinking of making such a contribution yourself I don't think the downsides should deter you yet, at least unless you're lucky enough to have control of a truly large bag.
On that note, the article states that it donates more to higher risk projects, and risk increases by OpenSSF score. One question I had about the article is does that mean that projects with more security vulns get a higher donation? If so, then that might become a perverse incentive to leave security gaps in your code.