Hi, On Mon, Feb 03, 2025 at 11:33:50PM +0000, grey wrote: > https://resources.github.com/github-secure-open-source-fund/
>From the reuqirements: - You can also apply as a team for a given open source project (max of 3 people). - Clear governance structure prior to kick-off - Interest and willingness to to engage and improve security This seems to be for up to three people to improve security. I guess we could write a proposal to switch to more modern signatures (e.g., PQC), CVE tracking, and work on reproducible builds, but we'd need to have a group that actually wants to do this and has the time (the latter probably excludes me). I'm also not so sure whether MacPorts fulfills "clear governance structure". > Or this: https://floss.fund/blog/announcing-floss-fund/ This actually looks like something we could do pretty easily by adding a funding.json to the repo. Requirements are "applicant or the legal entity must have a bank account and the necessary tax documents", though. I don't think we have a bank account, we just have an opencollective account. We'd either need a legal entity, or somebody who'd be willing to accept the funds (with potential tax implications) on behalf of MacPorts. > https://nlnet.nl/propose/ I'm not sure whether we'd qualify for their Zero Commons Fund. The other ones read like we definitely don't qualify. > Or in the past: https://www.sovereign.tech/programs/fellowship (I > think this one may have only been made available to German residents? > But I am also pretty certain that MacPorts has at least one maintainer > from Germany [e.g. neverpanic I think?] who maybe would have > benefitted from such things where I personally wouldn't have.) Depends: | For the freelance contractor option, these are additional requirements: | You are not otherwise being paid for the same work during the | duration of the fellowship. You are not applying on behalf of | organization seeking funding for maintainers you employ. | | For the employment option: | You are located within Germany. You have work authorization for | employment in Germany and can legally sign a work contract. It doesn't seem like the freelance option would require being based within Germany. The employment option does. None of the options would have been a possibility for me, though: "Availabiltiy: You are available for a 12-month engagement from (approximately) the end of 2024 to the end of 2025." I am already employed full time. A grant from the Sovereign Tech Fund [1] may also be an option. > Or less widely known/niche programs which seem to be in alignment with > MacPorts and libre/free open source software e.g. > https://www.futo.org/grants/ or email gra...@futo.org which is steered > I think by "Right to Repair" advocate Louis Rossmann and former Silly > Con Valley billionaire Eron Wolf. Given that Louis Rossmann made a name for himself by repairing Apple computers, that may be an option, too. Although I'm not sure whether he has personally ever run a Mac. I'm guessing the answer on that may be no. > Which is a long winded way of saying that I am guessing others are > probably better suited within MacPorts to prepare successful grant and > funding application efforts than I? I think a successful grant application first and foremost requires a great idea that somebody wants to implement in MacPorts and that we can get funding for. Reproducible builds, better signatures, or an actual CVE tracking program may all be good ideas to propose. All of these require a bit of effort to actually implement afterwards, though, which requires time, which is probably the reason why most of us didn't already do those things. If there is a group of people on here that has the time and is interested in working on some of these things, I'd be happy to offer some guidance, mentorship, and grant application review, though! > I think it's been several years since there was any kind of in person > MacPorts developer gathering and from what I could discern, they were > very far away (I am in California and I think the last in person meet > up was in Europe?). Those meetings were in Europe because Mojca, who did most of the organizing work, is based in Slovenia. > I realize this is kind of from out of left field and it's entirely > possible there are others within MacPorts who are much more tuned into > existing funding and resources than I, but as it isn't something I had > seen discussion about and it is something I have been actively > involved with in my own efforts to find funding personally, I thought > it might be worth discussing more openly about how the project at > large might benefit more holistically than me as an individual > contributor and maintainer. I don't believe there is a secret cabal of MacPorts devs that are getting funding behind our backs and are keeping quiet about it. Chances are nobody is getting funding, because these things take time. As a consequence, I'd encourage anybody who wants to try to give it a shot. [1] https://www.sovereign.tech/programs/fund HTH, Clemens
