Planning security / contributor's motivation

gm6k · December 14, 2023, 2:10pm

Maybe not at first sight (deviating from FHS still seems to scare away people), but Nix/NixOS/NixPkgs can truly be considered as one of today’s most significant open source software ecosystems when it comes to independent software deployment. It does not only provide an OS, but can also be an alternative to containers like Podman or Docker or IaC tools like Ansible. For professionals, even if there is no funding for contributing, this can create a sustainable incentive to stay involved since making sure that the ecosystem is usable and up-to-date pays off when it can be used for everyday’s work.

That’s at least the case if you can trust in getting something back. Traditionally, the way to ensure this were copyleft licenses. Even in case of severely changed incentives like important contributors being bought out by competing corporations, the software license would ensure that the development time invested is not lost, and everyone involved would be able to earn the fruits of their work. No one involved would be able to just take away previous work of others based on new decisions that could not be anticipated when the previous work was done. In such a scenario, openness is enforced through the license.

Within the Nix* ecosystem, we don’t use a copyleft license. But that doesn’t seem to be the problem. Today’s challenges are different, and are rooted in platform competition. The work on NixOS takes place on different platforms like Discourse, Github or Matrix, maybe also on Stackexchange or social media. What happens if one platform (or those community members focusing on it) would decide not to fully cooperate with the others anymore? Would we have mechanisms to protect those who invested their time, who were trusting in platform interoperability being preserved? Or would a subset of the community be able to lock the others out from benefitting from their previous investment in our ecosystem?

As the reach of the project grows, these may be questions for which we want to find answers, so we can preserve a vibrant and productive community that can outlast when the incentives among its participants change.

Solene · December 15, 2023, 6:18pm

What is the real world problem you are trying to solve? I don’t understand, sorry.

gm6k · December 20, 2023, 10:37am

The same problem independent programmers try to solve since the early days of GNU: Investing developer time into a project, assuming that they will also be able to earn the fruits of their work, but then being cut off from doing so due to changed conditions of some sort.

rhendric · December 21, 2023, 3:49am

What, specifically, do you mean by this?

As open source projects, your ability to use Nix, Nixpkgs, and NixOS can’t be cut off the way that, say, a proprietary software product that contacts a license server can be, or a proprietary SaaS product can be. The ‘fruit of your work’ remains in whatever Git repositories you choose to keep in whatever locations you want.

If GitHub collapsed, say, we’d lose a lot of historical and transient data—conversations in issues and PRs, mostly—but is keeping those conversations around the ‘something back’ you have in mind?

Or are you expecting some sort of quid pro quo for contributing above and beyond the benefit of having improved something you use? Are you, say, contributing as a way to build a resume and you wouldn’t feel like it’s worth it if you couldn’t prove to potential employers that you’ve accomplished things in these projects?

Or is it something else?