Recent searches
Search options
Cool to see a company whose annual revenue is $250B announce a $1.25M open source security fund (that’s about three *minutes* of revenue), in a press release that without blinking or apparent irony (1) says maintainers need more time and (2) requires maintainers to take a multi-week, many-hour training program.
https://github.blog/news-insights/company-news/announcing-github-secure-open-source-fund/
@luis_in_brief my sarcasm meter blew out reading this. 
@luis_in_brief Is that a support program for <s>ants</s> retired GSoC students? Very funny (sad funny) comparing 5k$ from Google for students to 10k$ from MS for open source developers. And where the f would they find 5-10 hours a week for the mandatory training?!
That's a program written by a team that hasn't written any OS or talked to any OS developer (outside a corporation).
@luis_in_brief Yep...like, it oculd pay decent, full time wages for 12, maybe 18 developers -- quite a lot given for the multi-hundred-thousand meaningful projects they hold.
@gwidion @luis_in_brief and only developers from regions where GitHub Sponsors is available can apply
@luis_in_brief nah, they announced a program funded by (to-date) 13 companies (c.f. Funding Launch Partners here https://resources.github.com/github-secure-open-source-fund/)... So it's even on another level. They couldn't even get 1.25M$ from this 250B$ company ;)
@0leil yeah, I didn’t want to do the work to combine the revenue of all 13 companies 
@luis_in_brief @0leil $1.25M/13 is roughly 100K per company lol
@s4i @luis_in_brief @0leil The math is further down the page. It is 125 projects at $10k each.
@luis_in_brief also let's not forget that the selected maintainers will have the chance to have access and be taught how to use GitHub Copilot and Copilot Autofix. If I put my most cynical hat on, they are basically paying people 10K$ to learn about their AI tools and do vendor lock-in.
@luis_in_brief damned if you do and damned if you don't 
And so the corporate take over continues...
If your on the now controlled MicroShit GitHub, time to self host!!!
@aral @skinnylatte hahahaha dying, never been a more perfect use of this gif
@luis_in_brief @skinnylatte Working in startups I heavily depend on all the open source / free software that exists, have not very much time to help, feel guilty even asking questions some times and meanwhile big tech just create effectively unfunded semi-mandates on projects (if they penalize projects whose maintainers don't participate.)
@luis_in_brief ... all without any kind of long-term stability of income, as far as I can tell
@luis_in_brief I opened Mastodon specifically to find takes on the Secure Open Source Fund thinking “am I wrong for being grouchy about this” ... glad to find I am not the only one frustrated here. 
@donmccurdy this is my restrained take
@luis_in_brief LOL silly me—I read this and thought you meant they were *donating* the whole $1.25 mil. That's what they've *fundraised* between themselves and a dozen other orgs. 
I am reminded of the time they set up a whole weekslong partnership with Dev.to for charity and then donated exactly one kilodollar. https://dev.to/devteam/shecoded-raised-2000-for-girls-who-code-338o
@luis_in_brief Right up there with "Politicians claiming they want to end time changes, but then only back measures for permanent DST" in terms of "things that aren't actually serious about accomplishing the goal".
@luis_in_brief meanwhile, outreachy is severely underfunded...
@luis_in_brief@social.coop And the focus of that "training program" seems to be shoehorning their "AI" in.
@airtower there’s a genuine case to be made for the role of competent AI for identifying and remediating certain boring but recurrent safety bugs. “training on these particular tools” is not the same as real security training, though.
@luis_in_brief "we need more code for our theft ml llm ai bs and continued marketing to make people believe our closed source platform stands for open source"
@luis_in_brief am I understanding correctly that they're not funding the whole $1.25M themselves? It looks like it's from the 'partners' mentioned in para 2. Also the "powered by GitHub Sponsors" in the preview image.
If so... even cheaper!