2024-06-05 Nix team meeting minutes #150

Development Nix
2

Update on the application to the STF bug resilience program:

Neighborhoodie wasn’t able to support us after all. STF suggested to apply for the general investment program instead. @fricklerhandwerk and @RaitoBezarius had a call with Tara from STF to clarify boundary conditions. Meeting notes:

  • Selection criteria:
    • Is it important? Is it vulnerable?
      • Do people depend on it? Will people miss it if it’s gone tomorrow?
      • Is it used by a lot of people? Or if it’s a few, are they somehow critical?
      • Power production, hospitals, academia, gymnjjournalists…
    • Main criterion: Does it concern public interest?
  • Not funding new features or prototypes
  • Goal is to fund maintenance, or making maintenance of other tools easier
    • Improving CI/CD for the project is in scope, if it would make maintenance easier or the supply chain more secure
    • Improving resilience of the project may leave room for community work
      • For example, Reproducible Builds has some community work
  • The first proposal is considered as a whole, and details can be iterated on in the second proposal phase
  • It’s not a grant, but more like a government procurement process
    • Propose what you need to do, and we will look at the costs and if the plans are reasonable
    • Too much work for too little time is not realistic
    • It’s not comparable with the “contribute back challenges”, those were supposed to do heavy lifting
  • Working with the same budget as last year, but with a lot more applications
    • 1M EUR budget, as for GNOME, is an outlier
      • You have to consider that those bigger investments supports several software projects simultaneously
    • Median so far was 200-300k EUR over 1-1.5 years
    • But it’s contextual. If you make a strong argument and strongly believe in what you’re proposing, try it and it can be discussed
  • Things that are upstreamable or work across the ecosystem are particularly strong points
    • The overarching goal is to make open source infrastructure more resilient as a whole
  • The timeline can be up to 2 years, but a second year would be tentative
    • One can also have shorter commitments and then apply for something else afterwards
    • Depends on the project’s needs and the concrete proposal
2 Likes