Comment by airstrike
1 year ago
I think you can solve that by funding the dependencies you rely on and have them fund their dependencies and so on...
A related project I recently found out about is https://www.drips.network/ The more I think about it, the more I like it.
In fact, TFA says
> But how should one decide which users to sponsor and how much to donate to each one? It requires data on their importance, and I used PyPI to roughly estimate it for Python packages.
It's better to have one of the slabs in the XKCD comic fund the ones immediately below it than to have users look at the whole thing from the outside and try to arbitrarily allocate importance via some metric like PyPI downloads, GitHub stars and whatnot
It's a good start, but it's vulnerable to sticky fingers, patronage relationships and so on if the money becomes serious. For example, what if a project writes internal code instead of having a dependency on someone else's library? Do they get to keep the money which would have gone to an external contributor, creating an incentive to pull everything in-house? Or do they still have to push the same amount of money upstream? That creates the opposite incentive, a bag of free money which can be directed to third-party libraries which purely by coincidence happen to be staffed by members of the downstream project and/or their pals.
But as I said elsewhere, I'm not using this to dismiss the idea or assert that it can't improve things overall. The status quo seems to be pretty bad, so an alternative certainly doesn't have to be flawless to be better overall.