The article mentions that thanks.dev has a global blacklist of people who you can't donate to. This means they have the power to make certain dependencies get a bigger share of the money that is being donated.
Hope that clarifies things. Let me know if you have any other concerns. :)
Are you also only receiving funds for projects that sign in?
Otherwise it seems awful lot like impersonating someone else and withholding money until they finally sign into your platform.
From a sibling content it sounds like projects have to opt in to donations, so this isn't as big of a deal as I originally thought.
It looks like the entire point of thanks.dev is that you give them your dependency list and they attempt to distribute your donation budget between your dependencies. Their target audience specifically doesn't want to think about where exactly the cash goes, they just want to make sure it goes to maintainers of software they use.
No one is being defrauded when the exact distribution of the funds changes because the exact distribution of funds is explicitly delegated to thanks.dev.
This is a great initiative in supporting open source. I’m the founder of https://thanks.dev mentioned in the article and I’ve been speaking to a lot of community members over the last year.
There’s a lot of great work being done in the background that we don’t hear about and there’s an opportunity to do a lot more. I’ve learnt an immense amount since I’ve been working on this project and the diversity in thought & perspective I’ve encountered has been amazing!
Happy to chat if anyone is interested.
Big kudos to Chad & Sentry!
Ali,
Why isn't it a public page with all the OSS projects that already have register maintainers and the one that have donation pending but with no maintainer registered?
Otherwise how do you notify maintainers of projects that did not join your platform that money is pending for them if they would register?
Edit: I'm also not 100% sure which projects OP was referring to. I just looked through the Google sheet and can't find anything by him, but I could have missed something.
For example, Microsoft could allocate $100 annual budget per user in their GH Engineer team. The people on those teams could then donate those dollars to whatever open source projects they see fit on GitHub.
I know this would require a lot of paperwork, etc, etc, but they’ve already buried themselves in it with donations and seemed to have outsourced most of that to Stripe.
I know there would be some shady shit and scams that would happen if this was built, like people donating to their cousins OSS project that has 2 stars and is a fork of Scriptaculous, but there’s lots of different ways to minimize those risks so it’s a moot point.
Overall this approach would lower donation friction for both the company and the employee and inject a lot more cash into the donation ecosystem.
With all due respect, they don't need this money. Rust is a great project, and deserving, but they already have plenty of sponsors.
I would have rather seen 150 x $100 go to smaller projects. So much great software is being written, by people who are barely scraping by, and even $100 could be the motivation for someone to finish something widely useful.
There's nothing wrong with a company prioritizing donations to the projects that impact their work the most. Programming languages have by far the biggest impact on their programmers' day-to-day work, so it makes sense that Sentry would target them for outsized donations.
