GitHub and Sovereign Tech Agency: Funding Open Source Ecosystems

Introduction of Participants and Context

• The stream is part of GitHub's programs to support the open source ecosystem, specifically open source software maintainers, and is hosted by Cara from the open source programs team at GitHub 4m59s.
• The community for software maintainers, maintainers.executive.com, is mentioned as a place where funding opportunities, such as those from the Sovereign Tech agency, are posted, and where maintainers can apply to join and ask questions 5m12s.
• Felix, the director of developer policy at GitHub, is introduced as the moderator, and his team works on advocating for open-source software towards policy makers and setting up public funds 5m56s.
• Adriana Gru, co-founder and CEO of the Sovereign Tech agency, is introduced, and her organization is described as an independent organization under the German government's ministry of economic affairs 6m31s.
• David, a free software developer, is introduced, and he shares his experience working on Arch Linux-related projects, including the alpm project, which is funded by the SDA 6m58s.
• Arch Linux is described as a community-based Linux distribution with no company backing, driven by enthusiasts who build and drive the community 8m31s.
• The discussion aims to explore the funding opportunities for open-source software projects, such as Arch Linux, and how they can benefit from the Sovereign Tech agency's fund 7m52s.

David's Experience with Arch Linux and Sovereign Tech Agency

• Arch Linux has its own package management system called Pacman, which comes with its own ecosystem of applications for managing the system 9m26s.
• The user started using Arch Linux for Pro Audio and music programming, but noticed that many packages were lacking or outdated due to a lack of available maintainers 10m12s.
• The user began packaging programs themselves, which led to learning about different programming languages, build systems, and becoming a packager in 2017 10m30s.
• The user became involved with projects related to installation media, repository management, and package management, which require ongoing work and maintenance 11m3s.
• The work on Arch Linux is not commercially backed and relies on volunteer contributions, with most work happening on a day-to-day basis whenever people have time 11m29s.
• The user learned about the Sovereign Tech agency in 2022 while searching for funding for small-scale projects, including repository management software 12m0s.
• The user was interested in the Sovereign Tech agency because it offers funding opportunities for projects that may not fit the focus of other organizations, such as refactoring or fixing existing projects 12m55s.

The Sovereign Tech Fund's Mission and Approach

• The current funding landscape for open-source projects often focuses on innovation and new developments, but neglects maintenance and existing code, which is also crucial for the ecosystem 13m18s.
• The Sovereign Tech fund aims to address this gap by investing in the maintenance and development of open-source software and its communities 13m51s.
• The fund's approach is based on contracting, where milestones and timelines are set, and the fund pays for the work done, which can be carried out by individual developers, communities, foundations, or companies 16m27s.
• The Sovereign Tech fund is funded by the German Ministry of Economic Affairs and uses public money to invest in public code, with the understanding that this is essential digital infrastructure 17m5s.
• The fund's goal is to support the development of open-source software that is participatory, transparent, secure, and inclusive of many different communities 15m20s.
• The fund's approach is designed to recognize the importance of open-source software and its communities, which have been doing vital work for a long time with little recognition 15m34s.
• The fund's model is intended to be an example for other countries to follow, and it may be of interest to individuals involved in their own open-source projects 17m18s.

Funding Impact on Arch Linux Package Management

• The funding from the Sovereign Tech Agency will allow the recipient to focus more on improving the package management system, specifically Pacman, which has been in use for over 20 years and has limitations due to its ad-hoc design and lack of clear specification 17m37s.
• The current limitations of Pacman make it hard to rely on, particularly when it comes to metadata specification and passing, and the goal is to improve this to make the system more robust 18m11s.
• The project also aims to improve cryptographic signature verification, which is currently relying on the brittle and hard-to-use gpgme library, and move towards a stateless approach to avoid vendor lock-in 20m1s.
• The funding will enable people to work on specific topics in a funded capacity, which is a change from the mostly volunteer-driven nature of the Arch Linux project, and will allow for better planning and consecutive work 21m29s.
• The improved package management system and cryptographic signature verification will have a broader impact on the Arch Linux ecosystem, including service development and reliability 19m28s.

Volunteer Contributions and Funding Opportunities

• Working on complex projects in short intervals, such as an hour a day, can lead to loss of context and slow progress, but this issue has improved for certain projects 22m2s.
• Large projects can still have room for volunteer contributors, and people can get involved in various ways, such as through the "What can I do for Arch" page on archlinux.org, which outlines projects and issues that need to be addressed 23m17s.
• The page lists projects with maintainers, as well as issues to be fixed and packaging work, which is a never-ending task that requires a sufficient amount of attention to detail 23m30s.
• For other projects considering applying for funding, the collaboration process starts with a simple application on a platform, where applicants answer a few questions, and the goal is to internalize as much bureaucracy as possible while working with public money 25m30s.
• The application process is designed to be short and straightforward, as the focus is on supporting experts in technology, not experts in drafting proposals for public funding 26m11s.
• The platform aims to bridge the requirements of working with public money while minimizing the time and effort required from applicants 25m48s.

Sovereign Tech Agency's Support and Global Reach

• The goal is to support projects that are digital infrastructure, relied upon by businesses, the public sector, and civil society, and are maintained by small teams of volunteers 24m34s.
• The organization is one of the few that invests public money in digital public infrastructure, supporting critical open-source projects and their maintainers, with a high demand and a small team that is constantly growing and hiring 26m28s.
• They have a platform where project maintainers can provide information about their projects, and the organization also reaches out proactively to offer support, which can include funding or other mechanisms being developed 27m54s.
• The organization aims to work efficiently and in dialogue with project maintainers, assessing the necessary work, time, and people required, and they are in a learning stage to improve their processes 27m35s.
• The organization is open to supporting projects globally, and applicants do not need to be German or based in Germany, with all communication possible in English 28m49s.
• In addition to financial support, the Sovereign Tech Agency also offers dedicated personnel assigned to projects, providing a personal and supportive approach to the projects they fund 30m5s.
• The organization is developing new programs and mechanisms to support communities, which may be of interest to them in the future 28m38s.

Balancing Support and Autonomy in Open Source Funding

• Milestones in open source projects are often defined by the project itself, allowing for autonomy in deciding what needs to be worked on 30m33s.
• Finding a balance between being hands-off and supportive is crucial when providing funding for open source ecosystems, and this balance can vary depending on individual cases 31m9s.
• Simply providing funding may not solve the problem of a lack of support for open source ecosystems, which is partly due to a lack of awareness among stakeholders about their dependence on volunteer work 31m35s.
• The lack of support for open source ecosystems can lead to a breaking point, and investing in existing structures may not be enough; structural change is needed to increase awareness and create more sustainable structures 32m22s.
• To address this issue, efforts are being made to increase awareness and create more sustainable structures, such as a challenge to contribute back to open source projects and improve documentation and support structures 32m41s.

Sovereign Tech Agency's Programs and Initiatives

• A bug resilience program is being run, which focuses on training people to avoid bugs and includes a three-step approach of training, bounty, and fixing 33m5s.
• The bug resilience program is a more holistic approach to bug bounty programs, focusing on public interest and critical software 33m42s.
• A fellowship program has been launched, which aims to provide a more comfortable and secure context for people doing important work in the open source ecosystem 34m0s.
• The fellowship program is compared to care work, which is essential but often underappreciated, and aims to provide ongoing support for important jobs in the open source ecosystem 34m4s.
• The Sovereign Tech Fellowship applications are currently closed, but they will reopen after the first round of fellows has been selected and the program has been refined based on the learnings from the initial cohort 35m5s.
• The fellowship program is part of an iterative process to improve established funding mechanisms for open-source projects, such as bug bounty programs, which have limitations in terms of paying individual developers and ensuring that discovered bugs are fixed 35m52s.

Seeking Funding and Community Support

• When seeking funding, project maintainers should consider getting help from outside, as writing proposals can be challenging for programmers, and it's essential to explain the project in a way that's interesting and clear to outsiders 37m14s.
• One approach to writing a successful proposal is to share the application with someone outside the project and ask for feedback on how to explain the project in a way that makes sense to someone who is not familiar with it 37m36s.
• There are people who want to contribute to open-source projects but may not have programming skills, and they can offer other skills such as writing proposals, design, or project management 38m40s.
• The process of writing proposals and seeking funding is individual and depends on the specific project, but getting feedback from others can help clarify the proposal and make it more effective 37m5s.

Sovereign Tech Agency's Project Selection Criteria and Support

• The Sovereign Tech Agency is currently working on several important software projects and has more ideas in development, and they are looking for ways to support and fund open-source ecosystems 34m55s.
• When deciding to support a project, community health, diversity, transparency, and processes in place are considered, but it's also acknowledged that sometimes a single person is taking care of a crucial software component, and support will be provided to that person 39m13s.
• The goal is to work with the realities of open-source communities, accepting that they might not be perfect, and to make gradual improvements and structural changes that lead to more sustainability, diversity, and better governance 39m58s.
• A more diverse community, better governance structures, a healthier environment, and collaboration are important for the security and success of a software project, but it's not always possible to have these in place from the start 40m19s.
• The Sovereign Tech fund and agency are working to provide support and instruments to help projects improve, such as fellowships, programs to attract new talent, and different formats to help new people develop confidence and become part of a community 40m56s.
• A project doesn't have to be perfect when it comes to governance and diversity, but if they want to improve, they can highlight that in their application, and the Sovereign Tech agency will provide support and make it a more important criteria in the future 41m32s.

Other Funding Opportunities and Collaboration

• The Sovereign Tech agency is evolving, and there is a diversity of funds available, such as the Prototype fund for starting projects and the GitHub secure open-source fund for growing projects that need funding and education around secure software development practices 42m16s.
• The GitHub secure open-source fund is open for applications until January 7, and it's recommended to check it out, especially for projects that are growing fast and need funding and education around secure software development practices 43m4s.
• The Sovereign Tech Agency combines funding and education, mentorship, and community to promote secure software development and improve cybersecurity posture, with different projects requiring different types of funding 43m14s.

Sovereign Tech Agency's Funding and Political Landscape

• The agency is funded through a contract with the Ministry of Economic Affairs, allowing it to operate on a longer time frame and not be dependent on quick, highly political decisions 45m0s.
• Despite the changing political landscape in Germany, the agency has a secure position due to its support across parties and its focus on open digital infrastructure as a foundation for economies, governments, and civil societies 45m26s.
• The agency is working to make funding for open digital infrastructure a public service, available for everyone, and is setting an example for institutions and governments worldwide 46m42s.

Sovereign Tech Agency's Recusal Policy and Focus

• The agency has a recusal policy in place, ensuring that administrators who invest in commercial projects are not involved in decisions about open source projects that might appear to compete with them 47m18s.
• The agency acknowledges the potential tensions between commercial interests and open source projects, but sees its role as promoting open digital infrastructure as a public service, regardless of where projects are based or who maintains them 47m49s.
• The focus is on software that is widely used across different sectors, communities, and companies, with little to no risk of benefiting one actor more than another, due to its deep integration into the ecosystem 48m0s.
• The software should be benefiting a diverse group of end-users and other users who build on top of it, and the investment should be in the public's interest 49m1s.

Sovereign Tech Fund's Investment Criteria and Examples

• The Sovereign Tech Fund has criteria for deciding which software projects to invest in, which can be found on their website, and these criteria include the software's impact on a diverse group of users 49m22s.
• End-user software is rare as a funding recipient, and direct commercial competitions are more likely to receive funding 49m50s.
• The Sovereign Tech Fund invested in ActivityPub, which allows many other projects to build upon and profit from a better software 50m3s.

Contract Types and Collaboration with Other Governments

• The fund uses different contracts, including milestone contracts and time-based contracts, depending on the conversation with the people they are commissioning work with 50m40s.
• There are conversations with other governments about setting up institutions similar to the Sovereign Tech Agency, including a promising development on the European level with the European Digital Infrastructure Consortium 51m24s.
• The European Digital Infrastructure Consortium aims to join forces between European member states to set up joint programs and scale up initiatives, with the involvement of the French, Dutch, and Estonian governments 51m51s.
• The goal is to provide an example and share learnings and a blueprint that can be picked up by others 52m23s.

International Recognition and Advocacy for Similar Agencies

• The German government's Sovereign Tech agency was showcased at the United Nations' Open Source Program Office Summit, receiving a positive reception and being pointed to as an example of good digital governance by governments worldwide 53m5s.
• The European Union is being encouraged to set up a similar agency, with GitHub advocating for the idea, as it would make sense given the EU's long-term budget planning 53m46s.
• The idea for the Sovereign Tech fund was developed in response to the Trump administration's attempt to defund the Open Technology Fund in the US, highlighting the need for Europeans to take responsibility for open source funding 54m12s.

Sovereign Tech Agency's Future Plans and Scope Expansion

• The Sovereign Tech agency is currently focused on critical open source digital infrastructure, but there are plans to expand its scope to include non-critical infrastructure in the future 55m2s.
• The agency is working on expanding its organization to serve the needs of open source communities, with a focus on investing in the foundations of the ecosystem, such as the software that software developers need to develop software 55m11s.
• The agency uses the xkcd comic "Dependency" to illustrate the problem of dependencies in open source software and the need for investment in critical infrastructure 56m2s.
• The agency is taking a step-by-step approach, focusing on critical infrastructure first and planning to expand its scope once it has sufficient resources and stakeholders on board 56m24s.

Research and Metrics for Open Source Investment Impact

• Research is also an important part of the agency's work, and it is recognized that relying solely on the xkcd comic is not enough 56m53s.
• Research has been conducted on how companies fund open source, with the goal of providing numbers to policymakers and showing that there is already significant activity, but it could be more focused with co-financing between the public and private sectors 56m59s.
• The Sovereign Tech agency is working on building instruments to support open source, including research, and is looking into metrics to measure the impact of investments, with a focus on both qualitative and quantitative assessments 57m43s.
• Various actors, such as the Harvard Business School and the Digital Infrastructure Insights Fund, are producing insights and knowledge on digital infrastructure and open source, which can help increase understanding and provide arguments for the importance of open source 58m10s.
• The European Commission released a survey in 2017 on investments in open source, and the Sovereign Tech agency is trying to add to this knowledge to make the importance of open source more visible 58m52s.
• The argument for the importance of open source is often clear within developer communities, but it needs to be made more clear to mid-management and senior management levels in companies, as well as to policymakers 59m13s.

Addressing the "Tragedy of the Commons" and Funding Coordination

• The Sovereign Tech agency is working on a solution to allow companies to funnel support to open source through the agency, which could help address the "tragedy of the commons" issue where companies are less incentivized to invest in open source because their competitors also use it 59m51s.
• The agency could potentially provide a pooling and distribution mechanism for open source funding, which would be beneficial for everyone involved, rather than having many different actors working separately 1h0m55s.
• Many companies are funding Open Source projects from their own perspective, which can be a risk for the ecosystem due to a lack of coordination and potential increased pressure on the community 1h1m5s.
• In 2023, when many companies cut budgets, Open Source funding decreased significantly, proving that relying on companies for funding is not a sustainable approach 1h1m38s.

The Secure Open Source Fund and Collaboration with GitHub

• The Secure Open Source Fund at GitHub pools funding from multiple companies and brings in ecosystem partners, such as the Sovereign Tech Agency (SDA), to help build programming around it 1h2m3s.
• This approach makes more sense than every company going at it alone, which can leave gaps in the ecosystem 1h2m20s.
• The SDA and GitHub are working together on a joint mission to support Open Source projects, and they welcome applications from potential projects 1h2m37s.

Application Process and Future Funding

• There are no deadlines for the Sere Tech Fund, but demand is high, and the SDA is working to respond to all applicants while also reaching out to potential projects that may not be aware of their work 1h3m26s.
• The SDA is increasing its funds and expects to see more work in this area from others in the future, including GitHub 1h3m54s.

Encouragement for Maintainers and Project Improvement

• David encourages maintainers to remember that they are experts in their field and that their work is valuable, and he would love to see many projects improved to make life better for everyone involved 1h4m16s.
• The SDA has an internal list of potential projects to fund and is open to sharing it with others 1h5m11s.
• Finding a good scope for the work to be done is crucial, and it also helps raise awareness of the project's importance and its need for improvement, as it is often required by many other projects and people 1h5m22s.
• The project's visibility and the need for its improvement are essential aspects to consider 1h5m30s.

Concluding Remarks and Community Invitation

• Viewers who watch the stream after it ends can check out the provided links for more information 1h5m57s.
• Open source software maintainers are invited to join the maintainer community at maintainers.github.com 1h6m9s.
• The maintainer community is open to new members, and interested individuals can find more information and get involved 1h6m11s.
• The discussion was led by Felix, and participants included Andreana and Dav 1h5m49s.