For the past three months at Coil, we have started to develop Rafiki, an open-source All-In-One Solution for Interledger Wallets. Throughout the process, we have continued to think more deeply about how we support the open-source community and the packages that we use in Rafiki and at Coil. In this blog post, we are sharing some discoveries and decisions about what we want sustaining open-source to look like at Coil.
Thinking about how we want to support the projects that we depend on, we derived for principles to consider:
Currently, when you want to fund or donate to an open-source project, your contribution only touches the single package you choose. This approach benefits that package but leaves out the numerous packages that it depends on. If those dependency packages are smaller, don't have a very strong community to back them, or do not run promotions to sustain the project, the gap in support grows even more. This is unfortunately built into most systems. With funding options like GitHub Sponsors, Open Collective, Buy Me A Coffee, and others, donations only go to the single package and maintainers, and not packages that they depend on.
With many open-source projects, we can see the history of maintenance, yet we cannot see a history of where donated funds go. Funds sometimes go to events, travel, and compensation for the core team, but not to the packages that enable the parent package to receive funds.
When we use open-source projects, we want to be able to fund those projects and the projects they depend on. All of the packages used, all the way down the dependency tree
should receive some money from Coil’s monthly donation.
We want our contribution to open source to drive sustainability for all projects that we use, not only the extremely popular projects. After all, it’s not just the popular projects that are used in our production codebase: it’s every dependency we have, all the way down the dependency trees, that make Coil as amazing as it is.
|Title text: Someday ImageMagick will finally break for good and we'll have a long period of scrambling as we try to reassemble civilization from the rubble.|
As we continue to promote a free and open web, maintainers and communities continue to be a top priority. That’s why we’ve sponsored student Hackathons with Major league Hacking, and MozFest, and W3C’s TPAC, and that’s also why we’re announcing support for project maintainers through Flossbank.
We chose Flossbank as our donation mechanism because of its ability to traverse dependency trees and it's unique way of distributing our donation at each level. It’s by no means perfect, but we’re excited to see the effort being put toward a more equitable distribution of donations.
Some of the benefits of using Flossbank are:
- Flossbank is maintenance-free. It’s impossible for us to continuously determine what our top open-source dependencies are, so we’re thrilled that Flossbank can automatically check out our GitHub to determine what packages should receive our donation, and how much of the donation they should receive.
- Flossbank supports a wide range of dependencies. We believe our open-source dependences are just as valuable as the code our engineers write, down to each and every line. Why should we not compensate the engineers maintaining the open-source code the same way we compensate our own engineers?
- Flossbank only take a fee to keep the lights on. Compared to other donation mechanisms, Flossbank takes only 1% of a donation, which means 99% of our donation hits the maintainers’ bank accounts. Compared to others, which take 10%, this is a huge marginal impact increase.
With Flossbank, we can measure the impact of our donations and see all the packages our donations have been allocated to. Every month, our donation is spread to the current packages that Coil is using. Over the past few months, this is how it’s shaken out:
During the month of August 2021, we supported 804 top-level Dependencies. These are dependencies we use across all of our organization’s Github repositories that are defined within our package manifests, files like package.json and requirements.txt, and Gemfile
During the month of August 2021, we supported 2,509 Total Current Package Dependencies. These include our top-level packages, as well as every dependency of those packages, and dependencies of those packages, etc., etc. For example, we use and support node-fetch and, all of the dependencies that node-fetch uses.
As Coil develops more open-source technologies like Rafiki, we think it’s important to compensate developers who have open-sourced their code and actively maintain it. We think Flossbank is the first step to a more equitable and just method of doing so, and we’re excited to see where the open-source community heads from here, and how Coil will play a part in it.
To learn more about some projects Coil supports, see: