A vision for making open source more equitable and secure

Open source has a widely recognized problem that has yet to be adequately addressed. While open-source projects have become foundational pieces upon which the internet and all its innovations are built, they operate mainly as labors of love. And when open source is created and maintained with little or no compensation for its developers, that’s not only unfair to developers but potentially dangerous to users, who at times have been left vulnerable to cybersecurity issues.

We believe that modern technology has been stunted because a high concentration of developers has been focused on improving FAANG ad revenue rather than creating the software infrastructure that benefits all humanity. We can no longer ask the small and underfunded open source contingent of the world’s developers to choose between a salary and keeping the internet running.

Together, we are working to create tea, a “brew2 for web3,” in a quest to fix this problem.

Why equity in open source matters to us

We felt uniquely positioned to help change the economic incentives behind open source because of our backgrounds in open source and blockchain, specifically through the creation of Homebrew and where a package manager sits in the development stack.

Max created the open-source software package management system Homebrew, also known as “brew,” which grew into the most contributed to open-source software project of all time. The largest technology corporations use Homebrew as a backbone to build their products without directly funding its development or the developers that contribute to it.

Tim has been a longtime leader in blockchain development. He is also the founder of Ikigai Asset Management as well as a non-profit called DEVxDAO, which supports DAO (decentralized autonomous organization) software and legal adoption, and provides grants to build cohesion and longevity in decentralized systems at large.

Creating ‘brew2 for web3’

Although Web 2.0 accrued fortunes on the backs of free labor by unpaid open-source volunteers, Web3 has the power to change this. We founded tea with a vision to fix how open source is funded and create the tools that will accelerate the creation of open source software for the benefit of all humanity. A decentralized system through the blockchain offers an opportunity for fairly compensating open source developers based on their contributions to the ecosystem.

A vision for compensating open source developers

There have been multiple attempts at providing incentive structures, typically involving sponsorship and bounty systems. Sponsorship makes it possible for consumers of open source software to donate to the projects they favor. Only projects at the top of the tower are typically known and receive sponsorship. This biased selection leads to an imbalance: Foundational bricks that hold up the tower attract few donations, while favorites receive more than they need.

In contrast, tea will give package maintainers the opportunity to publish their releases to a decentralized registry powered by a Byzantine fault-tolerant blockchain to eliminate single sources of failure, provide immutable releases, and allow communities to govern their regions of the open-source ecosystem, independent of external agendas. Because of the package manager’s unique position in the developer tool stack—it knows all layers of the tower—it can enable automated and precise value distribution based on actual real-world usage.

The importance of community-led accountability and validation

On-chain governance would enable an ecosystem where all token holders can suggest and vote on changes to critical parameters weighted by token ownership and reputation. These parameters could include inflation, transaction fees, staking rewards, steeping rewards, or optimum steeping ratio. A reputation system and an immutable decentralized registry designed to distribute value to developers based on their contribution to the ecosystem’s utility and health must be coupled with community-led accountability and validation via third-party community reviewers.

Shoring up open-source software security

In addition to compensating developers, tea will also aim to mitigate the cybersecurity issues that open source has faced in the past, such as last year’s vulnerability in Log4j. When Log4j happened, many enterprises and governments realized for the first time that Log4j was maintained by a few unpaid volunteers, the same unsung heroes who sprang into action despite abuse from the industry and worked tirelessly to address the vulnerability.

Decentralization via the blockchain offers tangible benefits to ecosystem security, with every layer of apps and dapps signed and verified on-chain. Members of the open-source community could review packages for quality issues and respond to these reviews by enacting proportional slashing events.

A decentralized, immutable registry augmented by a reputation system and supported by economic incentives designed to expose bad actors and reward good actors is a reliable path forward that works for both Web2 and Web3. This decentralized, immutable registry can provide security and stability and prevent malevolent intent, providing the guarantees developer communities have sought..

Ultimately, open-source contributors should be empowered to run their communities while also being financially supported as they create the tools that build the internet. An open-source platform like tea, secured by reputation and fueled by financial incentives, will create an opportunity for developers to build, improve, and augment open-source software for the betterment of the world.

Max Howell and Timothy Lewis are co-founders of tea.

New Tech Forum provides a venue to explore and discuss emerging enterprise technology in unprecedented depth and breadth. The selection is subjective, based on our pick of the technologies we believe to be important and of greatest interest to InfoWorld readers. InfoWorld does not accept marketing collateral for publication and reserves the right to edit all contributed content. Send all inquiries to newtechforum@infoworld.com.

Copyright © 2022 IDG Communications, Inc.

Source

Originally posted on September 13, 2022 @ 11:35 am