GitHub and Sovereign Tech Agency: Funding Open Source Ecosystems

Introduction of Participants and Context

• The stream is part of GitHub's programs to support the open source ecosystem, specifically open source software maintainers, and is hosted by Cara from the open source programs team at GitHub (4m59s).
• The community for software maintainers, maintainers.executive.com, is mentioned as a place where funding opportunities, such as those from the Sovereign Tech agency, are posted, and where maintainers can apply to join and ask questions (5m12s).
• Felix, the director of developer policy at GitHub, is introduced as the moderator, and his team works on advocating for open-source software towards policy makers and setting up public funds (5m56s).
• Adriana Gru, co-founder and CEO of the Sovereign Tech agency, is introduced, and her organization is described as an independent organization under the German government's ministry of economic affairs (6m31s).
• David, a free software developer, is introduced, and he shares his experience working on Arch Linux-related projects, including the alpm project, which is funded by the SDA (6m58s).
• Arch Linux is described as a community-based Linux distribution with no company backing, driven by enthusiasts who build and drive the community (8m31s).
• The discussion aims to explore the funding opportunities for open-source software projects, such as Arch Linux, and how they can benefit from the Sovereign Tech agency's fund (7m52s).

David's Experience with Arch Linux and Sovereign Tech Agency

• Arch Linux has its own package management system called Pacman, which comes with its own ecosystem of applications for managing the system (9m26s).
• The user started using Arch Linux for Pro Audio and music programming, but noticed that many packages were lacking or outdated due to a lack of available maintainers (10m12s).
• The user began packaging programs themselves, which led to learning about different programming languages, build systems, and becoming a packager in 2017 (10m30s).
• The user became involved with projects related to installation media, repository management, and package management, which require ongoing work and maintenance (11m3s).
• The work on Arch Linux is not commercially backed and relies on volunteer contributions, with most work happening on a day-to-day basis whenever people have time (11m29s).
• The user learned about the Sovereign Tech agency in 2022 while searching for funding for small-scale projects, including repository management software (12m0s).
• The user was interested in the Sovereign Tech agency because it offers funding opportunities for projects that may not fit the focus of other organizations, such as refactoring or fixing existing projects (12m55s).

The Sovereign Tech Fund's Mission and Approach

• The current funding landscape for open-source projects often focuses on innovation and new developments, but neglects maintenance and existing code, which is also crucial for the ecosystem (13m18s).
• The Sovereign Tech fund aims to address this gap by investing in the maintenance and development of open-source software and its communities (13m51s).
• The fund's approach is based on contracting, where milestones and timelines are set, and the fund pays for the work done, which can be carried out by individual developers, communities, foundations, or companies (16m27s).
• The Sovereign Tech fund is funded by the German Ministry of Economic Affairs and uses public money to invest in public code, with the understanding that this is essential digital infrastructure (17m5s).
• The fund's goal is to support the development of open-source software that is participatory, transparent, secure, and inclusive of many different communities (15m20s).
• The fund's approach is designed to recognize the importance of open-source software and its communities, which have been doing vital work for a long time with little recognition (15m34s).
• The fund's model is intended to be an example for other countries to follow, and it may be of interest to individuals involved in their own open-source projects (17m18s).

Funding Impact on Arch Linux Package Management

• The funding from the Sovereign Tech Agency will allow the recipient to focus more on improving the package management system, specifically Pacman, which has been in use for over 20 years and has limitations due to its ad-hoc design and lack of clear specification (17m37s).
• The current limitations of Pacman make it hard to rely on, particularly when it comes to metadata specification and passing, and the goal is to improve this to make the system more robust (18m11s).
• The project also aims to improve cryptographic signature verification, which is currently relying on the brittle and hard-to-use gpgme library, and move towards a stateless approach to avoid vendor lock-in (20m1s).
• The funding will enable people to work on specific topics in a funded capacity, which is a change from the mostly volunteer-driven nature of the Arch Linux project, and will allow for better planning and consecutive work (21m29s).
• The improved package management system and cryptographic signature verification will have a broader impact on the Arch Linux ecosystem, including service development and reliability (19m28s).

Volunteer Contributions and Funding Opportunities

• Working on complex projects in short intervals, such as an hour a day, can lead to loss of context and slow progress, but this issue has improved for certain projects (22m2s).
• Large projects can still have room for volunteer contributors, and people can get involved in various ways, such as through the "What can I do for Arch" page on archlinux.org, which outlines projects and issues that need to be addressed (23m17s).
• The page lists projects with maintainers, as well as issues to be fixed and packaging work, which is a never-ending task that requires a sufficient amount of attention to detail (23m30s).
• For other projects considering applying for funding, the collaboration process starts with a simple application on a platform, where applicants answer a few questions, and the goal is to internalize as much bureaucracy as possible while working with public money (25m30s).
• The application process is designed to be short and straightforward, as the focus is on supporting experts in technology, not experts in drafting proposals for public funding (26m11s).
• The platform aims to bridge the requirements of working with public money while minimizing the time and effort required from applicants (25m48s).

Sovereign Tech Agency's Support and Global Reach

• The goal is to support projects that are digital infrastructure, relied upon by businesses, the public sector, and civil society, and are maintained by small teams of volunteers (24m34s).
• The organization is one of the few that invests public money in digital public infrastructure, supporting critical open-source projects and their maintainers, with a high demand and a small team that is constantly growing and hiring (26m28s).
• They have a platform where project maintainers can provide information about their projects, and the organization also reaches out proactively to offer support, which can include funding or other mechanisms being developed (27m54s).
• The organization aims to work efficiently and in dialogue with project maintainers, assessing the necessary work, time, and people required, and they are in a learning stage to improve their processes (27m35s).
• The organization is open to supporting projects globally, and applicants do not need to be German or based in Germany, with all communication possible in English (28m49s).
• In addition to financial support, the Sovereign Tech Agency also offers dedicated personnel assigned to projects, providing a personal and supportive approach to the projects they fund (30m5s).
• The organization is developing new programs and mechanisms to support communities, which may be of interest to them in the future (28m38s).

Balancing Support and Autonomy in Open Source Funding

• Milestones in open source projects are often defined by the project itself, allowing for autonomy in deciding what needs to be worked on (30m33s).
• Finding a balance between being hands-off and supportive is crucial when providing funding for open source ecosystems, and this balance can vary depending on individual cases (31m9s).
• Simply providing funding may not solve the problem of a lack of support for open source ecosystems, which is partly due to a lack of awareness among stakeholders about their dependence on volunteer work (31m35s).
• The lack of support for open source ecosystems can lead to a breaking point, and investing in existing structures may not be enough; structural change is needed to increase awareness and create more sustainable structures (32m22s).
• To address this issue, efforts are being made to increase awareness and create more sustainable structures, such as a challenge to contribute back to open source projects and improve documentation and support structures (32m41s).

Sovereign Tech Agency's Programs and Initiatives

• A bug resilience program is being run, which focuses on training people to avoid bugs and includes a three-step approach of training, bounty, and fixing (33m5s).
• The bug resilience program is a more holistic approach to bug bounty programs, focusing on public interest and critical software (33m42s).
• A fellowship program has been launched, which aims to provide a more comfortable and secure context for people doing important work in the open source ecosystem (34m0s).
• The fellowship program is compared to care work, which is essential but often underappreciated, and aims to provide ongoing support for important jobs in the open source ecosystem (34m4s).
• The Sovereign Tech Fellowship applications are currently closed, but they will reopen after the first round of fellows has been selected and the program has been refined based on the learnings from the initial cohort (35m5s).
• The fellowship program is part of an iterative process to improve established funding mechanisms for open-source projects, such as bug bounty programs, which have limitations in terms of paying individual developers and ensuring that discovered bugs are fixed (35m52s).

Seeking Funding and Community Support

• When seeking funding, project maintainers should consider getting help from outside, as writing proposals can be challenging for programmers, and it's essential to explain the project in a way that's interesting and clear to outsiders (37m14s).
• One approach to writing a successful proposal is to share the application with someone outside the project and ask for feedback on how to explain the project in a way that makes sense to someone who is not familiar with it (37m36s).
• There are people who want to contribute to open-source projects but may not have programming skills, and they can offer other skills such as writing proposals, design, or project management (38m40s).
• The process of writing proposals and seeking funding is individual and depends on the specific project, but getting feedback from others can help clarify the proposal and make it more effective (37m5s).

Sovereign Tech Agency's Project Selection Criteria and Support

• The Sovereign Tech Agency is currently working on several important software projects and has more ideas in development, and they are looking for ways to support and fund open-source ecosystems (34m55s).
• When deciding to support a project, community health, diversity, transparency, and processes in place are considered, but it's also acknowledged that sometimes a single person is taking care of a crucial software component, and support will be provided to that person (39m13s).
• The goal is to work with the realities of open-source communities, accepting that they might not be perfect, and to make gradual improvements and structural changes that lead to more sustainability, diversity, and better governance (39m58s).
• A more diverse community, better governance structures, a healthier environment, and collaboration are important for the security and success of a software project, but it's not always possible to have these in place from the start (40m19s).
• The Sovereign Tech fund and agency are working to provide support and instruments to help projects improve, such as fellowships, programs to attract new talent, and different formats to help new people develop confidence and become part of a community (40m56s).
• A project doesn't have to be perfect when it comes to governance and diversity, but if they want to improve, they can highlight that in their application, and the Sovereign Tech agency will provide support and make it a more important criteria in the future (41m32s).

Other Funding Opportunities and Collaboration

• The Sovereign Tech agency is evolving, and there is a diversity of funds available, such as the Prototype fund for starting projects and the GitHub secure open-source fund for growing projects that need funding and education around secure software development practices (42m16s).
• The GitHub secure open-source fund is open for applications until January 7, and it's recommended to check it out, especially for projects that are growing fast and need funding and education around secure software development practices (43m4s).
• The Sovereign Tech Agency combines funding and education, mentorship, and community to promote secure software development and improve cybersecurity posture, with different projects requiring different types of funding (43m14s).

Sovereign Tech Agency's Funding and Political Landscape

• The agency is funded through a contract with the Ministry of Economic Affairs, allowing it to operate on a longer time frame and not be dependent on quick, highly political decisions (45m0s).
• Despite the changing political landscape in Germany, the agency has a secure position due to its support across parties and its focus on open digital infrastructure as a foundation for economies, governments, and civil societies (45m26s).
• The agency is working to make funding for open digital infrastructure a public service, available for everyone, and is setting an example for institutions and governments worldwide (46m42s).

Sovereign Tech Agency's Recusal Policy and Focus

• The agency has a recusal policy in place, ensuring that administrators who invest in commercial projects are not involved in decisions about open source projects that might appear to compete with them (47m18s).
• The agency acknowledges the potential tensions between commercial interests and open source projects, but sees its role as promoting open digital infrastructure as a public service, regardless of where projects are based or who maintains them (47m49s).
• The focus is on software that is widely used across different sectors, communities, and companies, with little to no risk of benefiting one actor more than another, due to its deep integration into the ecosystem (48m0s).
• The software should be benefiting a diverse group of end-users and other users who build on top of it, and the investment should be in the public's interest (49m1s).

Sovereign Tech Fund's Investment Criteria and Examples

• The Sovereign Tech Fund has criteria for deciding which software projects to invest in, which can be found on their website, and these criteria include the software's impact on a diverse group of users (49m22s).
• End-user software is rare as a funding recipient, and direct commercial competitions are more likely to receive funding (49m50s).
• The Sovereign Tech Fund invested in ActivityPub, which allows many other projects to build upon and profit from a better software (50m3s).

Contract Types and Collaboration with Other Governments

• The fund uses different contracts, including milestone contracts and time-based contracts, depending on the conversation with the people they are commissioning work with (50m40s).
• There are conversations with other governments about setting up institutions similar to the Sovereign Tech Agency, including a promising development on the European level with the European Digital Infrastructure Consortium (51m24s).
• The European Digital Infrastructure Consortium aims to join forces between European member states to set up joint programs and scale up initiatives, with the involvement of the French, Dutch, and Estonian governments (51m51s).
• The goal is to provide an example and share learnings and a blueprint that can be picked up by others (52m23s).

International Recognition and Advocacy for Similar Agencies

• The German government's Sovereign Tech agency was showcased at the United Nations' Open Source Program Office Summit, receiving a positive reception and being pointed to as an example of good digital governance by governments worldwide (53m5s).
• The European Union is being encouraged to set up a similar agency, with GitHub advocating for the idea, as it would make sense given the EU's long-term budget planning (53m46s).
• The idea for the Sovereign Tech fund was developed in response to the Trump administration's attempt to defund the Open Technology Fund in the US, highlighting the need for Europeans to take responsibility for open source funding (54m12s).

Sovereign Tech Agency's Future Plans and Scope Expansion

• The Sovereign Tech agency is currently focused on critical open source digital infrastructure, but there are plans to expand its scope to include non-critical infrastructure in the future (55m2s).
• The agency is working on expanding its organization to serve the needs of open source communities, with a focus on investing in the foundations of the ecosystem, such as the software that software developers need to develop software (55m11s).
• The agency uses the xkcd comic "Dependency" to illustrate the problem of dependencies in open source software and the need for investment in critical infrastructure (56m2s).
• The agency is taking a step-by-step approach, focusing on critical infrastructure first and planning to expand its scope once it has sufficient resources and stakeholders on board (56m24s).

Research and Metrics for Open Source Investment Impact

• Research is also an important part of the agency's work, and it is recognized that relying solely on the xkcd comic is not enough (56m53s).
• Research has been conducted on how companies fund open source, with the goal of providing numbers to policymakers and showing that there is already significant activity, but it could be more focused with co-financing between the public and private sectors (56m59s).
• The Sovereign Tech agency is working on building instruments to support open source, including research, and is looking into metrics to measure the impact of investments, with a focus on both qualitative and quantitative assessments (57m43s).
• Various actors, such as the Harvard Business School and the Digital Infrastructure Insights Fund, are producing insights and knowledge on digital infrastructure and open source, which can help increase understanding and provide arguments for the importance of open source (58m10s).
• The European Commission released a survey in 2017 on investments in open source, and the Sovereign Tech agency is trying to add to this knowledge to make the importance of open source more visible (58m52s).
• The argument for the importance of open source is often clear within developer communities, but it needs to be made more clear to mid-management and senior management levels in companies, as well as to policymakers (59m13s).

Addressing the "Tragedy of the Commons" and Funding Coordination

• The Sovereign Tech agency is working on a solution to allow companies to funnel support to open source through the agency, which could help address the "tragedy of the commons" issue where companies are less incentivized to invest in open source because their competitors also use it (59m51s).
• The agency could potentially provide a pooling and distribution mechanism for open source funding, which would be beneficial for everyone involved, rather than having many different actors working separately (1h0m55s).
• Many companies are funding Open Source projects from their own perspective, which can be a risk for the ecosystem due to a lack of coordination and potential increased pressure on the community (1h1m5s).
• In 2023, when many companies cut budgets, Open Source funding decreased significantly, proving that relying on companies for funding is not a sustainable approach (1h1m38s).

The Secure Open Source Fund and Collaboration with GitHub

• The Secure Open Source Fund at GitHub pools funding from multiple companies and brings in ecosystem partners, such as the Sovereign Tech Agency (SDA), to help build programming around it (1h2m3s).
• This approach makes more sense than every company going at it alone, which can leave gaps in the ecosystem (1h2m20s).
• The SDA and GitHub are working together on a joint mission to support Open Source projects, and they welcome applications from potential projects (1h2m37s).

Application Process and Future Funding

• There are no deadlines for the Sere Tech Fund, but demand is high, and the SDA is working to respond to all applicants while also reaching out to potential projects that may not be aware of their work (1h3m26s).
• The SDA is increasing its funds and expects to see more work in this area from others in the future, including GitHub (1h3m54s).

Encouragement for Maintainers and Project Improvement

• David encourages maintainers to remember that they are experts in their field and that their work is valuable, and he would love to see many projects improved to make life better for everyone involved (1h4m16s).
• The SDA has an internal list of potential projects to fund and is open to sharing it with others (1h5m11s).
• Finding a good scope for the work to be done is crucial, and it also helps raise awareness of the project's importance and its need for improvement, as it is often required by many other projects and people (1h5m22s).
• The project's visibility and the need for its improvement are essential aspects to consider (1h5m30s).

Concluding Remarks and Community Invitation

• Viewers who watch the stream after it ends can check out the provided links for more information (1h5m57s).
• Open source software maintainers are invited to join the maintainer community at maintainers.github.com (1h6m9s).
• The maintainer community is open to new members, and interested individuals can find more information and get involved (1h6m11s).
• The discussion was led by Felix, and participants included Andreana and Dav (1h5m49s).