This is a great initiative in supporting open source. I’m the founder of https://thanks.dev mentioned in the article and I’ve been speaking to a lot of community members over the last year.
There’s a lot of great work being done in the background that we don’t hear about and there’s an opportunity to do a lot more. I’ve learnt an immense amount since I’ve been working on this project and the diversity in thought & perspective I’ve encountered has been amazing!
Hi Ali,
I just discovered your project and I have a question.
Why isn't it a public page with all the OSS projects that already have register maintainers and the one that have donation pending but with no maintainer registered?
Otherwise how do you notify maintainers of projects that did not join your platform that money is pending for them if they would register?
How do you decide how much money to allocate to a dependency? Especially in ecosystems like NodeJS where there are 1000s of dependencies for a single project. And most of the dependencies are very small, does trivial things but is used by a vast number of packages.
I’d like to see GitHub build into their product a way for Organizations to set donation budgets per user.
For example, Microsoft could allocate $100 annual budget per user in their GH Engineer team. The people on those teams could then donate those dollars to whatever open source projects they see fit on GitHub.
I know this would require a lot of paperwork, etc, etc, but they’ve already buried themselves in it with donations and seemed to have outsourced most of that to Stripe.
I know there would be some shady shit and scams that would happen if this was built, like people donating to their cousins OSS project that has 2 stars and is a fork of Scriptaculous, but there’s lots of different ways to minimize those risks so it’s a moot point.
Overall this approach would lower donation friction for both the company and the employee and inject a lot more cash into the donation ecosystem.
Agree! I would love to see this, as its exactly the kind of "benefit" (or "perk" if you will) we were hoping to offer at Sentry. This is our way-more-of-a-pita implementation of getting users voices into what projects we fund, but also ensuring we fund critical infrastructure we rely on.
thanks.dev sounds pretty shady. They seem to collect donations for projects on their behalf without telling them. So while you think you are donating to some dependency you really are giving the money to thanks.dev where they can hold onto the money until someone realizes their project has more than the minimum amount. The FAQ says that if people don't withdraw the money within 3 months it just gets sent to other people. This means that someone could donate $100 to a project and then that money ends up never making it to the author of the project. Or if you have a small project your donations never reach enough for you to withdraw them.
The article mentions that thanks.dev has a global blacklist of people who you can't donate to. This means they have the power to make certain dependencies get a bigger share of the money that is being donated.
Only projects that sign in are receiving funds. thanks.dev only makes money from tips at time of donation. The minimum withdrawal amount is $1 and that's a UI limitation mostly. Good idea re the global blacklist being overridable by the end user!
Hope that clarifies things. Let me know if you have any other concerns. :)
Not sure I understand the question correctly, but the way it's working is that Sentry have allocated a monthly budget to be distributed to their dependency tree. That budget gets trickled down to the projects that have signed in. The list and breakdowns are visible here https://thanks.dev/p/gh/getsentry.
Donors decide how much to tip thanks.dev at time of donation.
Please let me know if I missed the question or if I can improve thanks.dev in any way. I'm very keen to learn. :)
Donations are only allocated to the projects in the dependency tree that have signed up with thanks.dev. In the Sentry list for example if you click the more link at the bottom you'll see all the projects that hadn't signed in. The ones showing verified next to their name signed in after the funds for this month were processed. I see how this is causing a bit of confusion and will work on improving this aspect asap.
If you're improving the UI around here it would also be good to see how the list was determined. For automated detection in particular it seems like the tooling used also should be made public to allow testing. I know of at least one dependency that I would expect to turn up on sentry's list that doesn't. (A first guess: a bug in how you handle Rust workspaces, using the root to calculate dependency depth; alternatively a bug in your handling of non-lowercase github usernames, I notice there are only lowercase usernames in the list, but that might just be an artifact of your UI design).
How does a project sign in? As a developer, I have no idea if you are holding money for my project, or how to claim existing or future funds owing. Everything I see is about analyzing my tree and donating to other people.
As long as they are upfront about it with the donors that seems pretty fair. If I donate money to a project but the author doesn't want/need the money then I am fine with them instead giving it to another one of my dependencies. I can imaging companies like it as well since they can immediately write off the donation, rather than wait 3 weeks to see if their money will be returned.
It's definitely opt in. Sorry I just noticed the FAQs weren't up to date – should be fixed now. You can see the break down of Sentry's donation at https://thanks.dev/p/gh/getsentry. The feedback has been overwhelmingly positive from maintainers.
Why would it be fraud if they're upfront about it?
It looks like the entire point of thanks.dev is that you give them your dependency list and they attempt to distribute your donation budget between your dependencies. Their target audience specifically doesn't want to think about where exactly the cash goes, they just want to make sure it goes to maintainers of software they use.
No one is being defrauded when the exact distribution of the funds changes because the exact distribution of funds is explicitly delegated to thanks.dev.
What do you mean "own projects"? At first I thought you were implying that he somehow had a say in how the donations were distributed. But it seems like he is just a unaffiliated recipient? Anyone who does python web work would probably list him as highly core to the ecosystem so that would make sense.
He's not unaffiliated, he's a Director of Engineering at Sentry [0]. Whether that means he has a say in who got paid I don't know, but I can see how that would feel a bit off to OP.
Edit: I'm also not 100% sure which projects OP was referring to. I just looked through the Google sheet and can't find anything by him, but I could have missed something.
Possible but not actual. Pallets is the project in question here, and Armin is only barely involved anymore, specifically he doesn't see any of the money they raise.
I wish that were true but it's just not realistic to pay every engineer those kinds of salaries. Also, there's a lot of companies that employ software engineers where they are not in the SV market so they can't afford those kinds of salaries
With all due respect, they don't need this money. Rust is a great project, and deserving, but they already have plenty of sponsors.
I would have rather seen 150 x $100 go to smaller projects. So much great software is being written, by people who are barely scraping by, and even $100 could be the motivation for someone to finish something widely useful.
> Additionally, we gave $67,500 to five foundations covering the core languages (Python, JavaScript, and Rust) and infrastructure components (Postgres, Apache) that we use to deliver Sentry.
There's nothing wrong with a company prioritizing donations to the projects that impact their work the most. Programming languages have by far the biggest impact on their programmers' day-to-day work, so it makes sense that Sentry would target them for outsized donations.
This is a great initiative in supporting open source. I’m the founder of https://thanks.dev mentioned in the article and I’ve been speaking to a lot of community members over the last year.
There’s a lot of great work being done in the background that we don’t hear about and there’s an opportunity to do a lot more. I’ve learnt an immense amount since I’ve been working on this project and the diversity in thought & perspective I’ve encountered has been amazing!
Happy to chat if anyone is interested.
Big kudos to Chad & Sentry!
Ali,