Comment by TuringTest
1 year ago
> While I applaud the OP for the initiative, if this ever takes off it will cause people to exploit the system in the following ways
It's true that the metrics used in this story could lead to being exploited. But the value of the initiative is not in the specific method used to donate, but in the idea of finding worthy yet non-obvious projects to donate and in leading by example.
If the initiative catches on, the community can find better, harder-to-exploit methods to find deserving targets, as for example it has happend with NGOs. This idea could create a healthy ecosystem that supports FLOSS software, just like the idea of a stock exchange supported the emergence of public traded corporations in the XVIII and XIX centuries.
Exactly! The idea is to use available data for evaluating the value and risk of OSS and then allocate donations accordingly to the wide algo-based systemic index, not to a narrow set of manually picked projects (usually large or popular ones).
The current algorithm is far from being perfect (it's an MVP) and will never be, but with more measurable inputs and after multiple iterations with the help of the community, it can lead to an analogue of "S&P500" for OSS, that's worth using for donating to reduce the risk of the global OSS supply chain we all rely on.
As with publicly traded companies, having a decentralized set of private donors with skin in the game helps a lot to efficiently evolve the approach and make it harder to exploit in the future. And on the contrary, I would not trust an algorithm created and maintained by some state-owned or simply very large institution.
Even an index fund has some human-curated criteria for what to include, though, right? The S&P 500 isn't open to just anyone. So it seems totally legitimate to have it be not completely algorithmic.
If there were an "Open 500" that was trying to be like the open equivalent to the S&P 500, I would happily donate to it. Right now I do GitHub sponsors but it feels kind of random.
You just don't want to include projects like React or TypeScript that are operated by a for-profit company - they don't need our donations. You want it to be, this money is actually going to an organization that will invest it in software quality.
Totally agree! Actually I had outlined similar ideas and even an example (Pydantic) in https://news.ycombinator.com/item?id=42353209
In a nutshell:
- Algorithmic does not always mean automatic. An algorithm can have a human-in-the-loop element, as S&P500 or NASDAQ Composite have.
- Future versions of the index will account for known funding of OSS owners and maybe even exclude well-funded companies.
If everyone use their own idiosyncratic algorithm for choosing OSS to donate to, it's going to be awfully hard to exploit.
There are probably only so many obvious metrics from which to pick and you wouldn't have to game them all, just pick the easiest ones and keep grinding. Fraudsters are usually motivated and not that dumb.