Bounties on bug fixes comes to mind.
+1. Bug bounties, pay for regular third party security audits, pay to have a white hat on staff doing security work on behalf of projects full time, etc.
Pay the maintainers and high contributors who don't have other means to make money.
Yes. For certain types of projects such as critical libraries where it's very difficult/impossible to make money maintaining, CNCF should consider adopting those projects and helping pay maintainers to work on them, even if part time.
Even for projects in which there are other means to make money, some of us don't necessarily *want* to make money that way. We do it because, well, that is how we make money. There are real benefits for an organization like the CNCF providing fellowships to allow maintainers to remain neutral. I've written more about this here for those of you that haven't seen it: https://medium.com/@mattklein123/the-broken-economics-of-oss-5a1b31fc0182
. The recent Linus salary discussion complicates discussion of this topic which is unfortunate because I think it's one that we increasingly need to have, but hopefully as some time passes we can come back to it.
All of the things Alexis points out. I would like to see more work on improving the GH experience around things like DCO, bots, issue management, CI, etc. I suspect there is easily a full time tooling job across all of CNCF. CI and negotiating with the vendors for the right amount of concurrency and machine types takes a lot of time. More dedicated help with docs perhaps by sourcing, hiring, and nurturing multiple full time tech writers. Basically, all of this.