Bounties on bug fixes comes to mind. 

+1. Bug bounties, pay for regular third party security audits, pay to have a white hat on staff doing security work on behalf of projects full time, etc.

 Pay the maintainers and high contributors who don't have other means to make money.

Yes. For certain types of projects such as critical libraries where it's very difficult/impossible to make money maintaining, CNCF should consider adopting those projects and helping pay maintainers to work on them, even if part time.

Even for projects in which there are other means to make money, some of us don't necessarily *want* to make money that way. We do it because, well, that is how we make money. There are real benefits for an organization like the CNCF providing fellowships to allow maintainers to remain neutral. I've written more about this here for those of you that haven't seen it:  https://medium.com/@mattklein123/the-broken-economics-of-oss-5a1b31fc0182. The recent Linus salary discussion  complicates discussion of this topic which is unfortunate because I think it's one that we increasingly need to have, but hopefully as some time passes we can come back to it.

Such as

All of the things Alexis points out. I would like to see more work on improving the GH experience around things like DCO, bots, issue management, CI, etc. I suspect there is easily a full time tooling job across all of CNCF. CI and negotiating with the vendors for the right amount of concurrency and machine types takes a lot of time. More dedicated help with docs perhaps by sourcing, hiring, and nurturing multiple full time tech writers. Basically, all of this. 

On Thu, Sep 20, 2018 at 7:03 AM Jessica Frazelle via Lists.Cncf.Io <me=jessfraz.com@...> wrote:

Bounties on bug fixes comes to mind. 

On Thu, Sep 20, 2018 at 10:01 Jessica Frazelle via Lists.Cncf.Io <me=jessfraz.com@...> wrote:

Pay the maintainers and high contributors who don't have other means to make money.

On Thu, Sep 20, 2018 at 05:13 Chris Aniszczyk <caniszczyk@...> wrote:

If you have ideas on how we can help projects more, please give us ideas here or take a look at the servicedesk where we document the services CNCF offers for projects: https://github.com/cncf/servicedesk

This was recently updated and we appreciate any feedback.

On Thu, Sep 20, 2018 at 2:08 AM, alexis richardson <alexis@...> wrote:

Jessie & Matt

Thank-you for raising and elaborating on the topic of how CNCF helps projects.  

The topic was aired (again) at the last GB offsite, whose slides were shared a couple of months ago.  Here they are again as ref: https://docs.google.com/presentation/d/1BFEUAnbsboyRx9qh3jyRjN-V7ukZtA9-OTjIbknUBn4/edit#slide=id.g3e55b0b2a9_0_0

Personally I do not want "CNCF could do more to help projects" to be chiselled on my gravestone.  I think the TOC, Contributors and project leads can ALL show some direction here, and I think we have to do so.

And so - Jessie & Matt & anyone else!

Please could you help me & Chris do something more about this.

Let's (again) make a list of what we think Incubated & Graduated projects really need, by talking with the project leads & others.  This list needs to be in a shared public doc.  Not everyone wants the same things, but there are themes.  

Such as:

* docs & project management 

* community management

* project services (hosting, CI, etc)

* github wrangling

* community / contributor summits

* AR/PR help (esp: for projects that don't have 1-2 companies driving them)

* maintainer psychotherapy & creche ;-)

WDYT?

a

On Thu, Sep 20, 2018 at 5:20 AM Matt Klein via Lists.Cncf.Io <mklein=lyft.com@...> wrote:

Then when
those projects need help with things the foundation can offer, money
for infrastructure, a place for shared IP it seems like it would be
obvious that they should be projects in the foundation, of course they
need to qualify etc.

Beyond neutral IP, I agree this is the most important thing the foundation provides, and IMHO CNCF does not do enough of it (there are so many things that high velocity projects need I could go on and on and on). Unfortunately, this is the area in which decisions will need to be made. There are limited funds and they will need to be allocated across the increasing portfolio of projects in the foundation, so clearly some decision criteria will need to be developed (whether based on graduation level or something else) to decide how funds are allocated and for what purpose (and unfortunately this in and of itself will involve politics).

I'm happy to see this conversation happening, as I ultimately I do believe that some level of choosing "favorites" is going to be required for the foundation to realize its full benefit to its most popular member projects.

 

On Wed, Sep 19, 2018 at 10:23 AM, Jessica Frazelle via Lists.Cncf.Io <me=jessfraz.com@...> wrote:

Yeah that was what I meant with shared IP.

I think there are ways to limit the effect of gamification of the
system and I think you all have done a great job of this so far
especially with the format for sandbox projects....

I think this is more a culture problem in that, if people see the
leaders of projects and in the community pushing for more projects to
be added to the foundation at a very past pace then we have lost a
culture of "making the best tool of high quality for the job" and we
lost a culture of innovation.... we merely have the culture of
"winning". Which I am still unsure as to what people seek to win but I
digress.

Regardless, I think the right measures are in place with the sandbox
to limit kingmaking. I think the focus should now be put on promoting
(and I don't mean marketing) but leading the ecosystem to focus on
building tools that innovate technology in the cloud native space with
a high importance on quality and fostering collaboration. Then when
those projects need help with things the foundation can offer, money
for infrastructure, a place for shared IP it seems like it would be
obvious that they should be projects in the foundation, of course they
need to qualify etc.

Just my 2 cents.
On Wed, Sep 19, 2018 at 1:12 PM Matt Farina <matt@...> wrote:
>
> In addition to what Jess said, a foundation provides a vendor neutral (or as close as we can get) location for a project. Competitors on products and services have a place to work together on projects that are not controlled by a single vendor in its governance.
>
> I think this is one of the biggest reasons for a foundation. Not everything needs this. But, some foundational things benefit from it.
>
> Then there is being frank on the politics. People are trying to game the system for career advancement, getting money for startups, more tag lines in marketing campaigns, for bragging rights, and more. In this highly competitive marketplace with money being thrown to the degree it is, I don’t know if we can avoid this all together.
>
> But, we can put a target on being useful and building useful things. For this I mean Jakob Nielsen’s definition whose gist is useful = usability + utility. Projects and people can be promoted for the useful.
>
> --
> Matt Farina
> mattfarina.com
>
>
>
>



--


Jessie Frazelle
4096R / D4C4 DD60 0D66 F65A 8EFC  511E 18F3 685C 0022 BFF3
pgp.mit.edu

--

Matt Klein

Software Engineer

mklein@...

https://calendly.com/mattklein123

--

Chris Aniszczyk (@cra) | +1-512-961-6719

--

Jessie Frazelle
4096R / D4C4 DD60 0D66 F65A 8EFC  511E 18F3 685C 0022 BFF3
pgp.mit.edu

--

Jessie Frazelle
4096R / D4C4 DD60 0D66 F65A 8EFC  511E 18F3 685C 0022 BFF3
pgp.mit.edu

--

Matt Klein

Software Engineer

mklein@...

https://calendly.com/mattklein123