35 comments

[ 3.4 ms ] story [ 77.3 ms ] thread
Given the title, I'm assuming that the amount of money received is on the short side..

So, what should be a good amount for this project? Or in a more general tone, what should be a good amount of donations for any open-source project? Enough to support the lead maintainer's life style, server costs, etc?

For the most part, it's one maintainer keeping this project alive and consuming a fair amount of his time. <$10k seems pretty low for such a substantial product and workload.
The GnuPG's 2015 financial summary (balance sheet and P&L statement)[1] indicates that the author is paying himself an annual regular salary of 47,400 EUR which includes mandatory social insurance, plus some subsidized rent for (only) 2681 EUR. Note that in 2015 GnuPG also had 3 fulltime programmers on payroll for around 160K EUR.

The key quote is at the bottom: "Along with the paid projects we are currently working on, the two large donations that we are expecting (from Facebook and Stripe), the Linux Foundation grant, and a small stream of individual donations, g10code will be able to operate with its current staff until the end of 2017. Obviously, we need a longer term plan." (emphasis added)

[1] https://gnupg.org/blog/20160421-financial-results-2015.html

As a rule of thumb, one full-time developer focusing on a project is far, far better than five people putting in one day a week. I'd say the goal depends on the project, but for most projects, I'd expect the goal to (at minimum) pay for the lead developer's salary and the project server costs. Allowing one person to focus their entire work week on a project is a good start.
Tangentially related, but does anyone know who is behind GPGTools for Mac (https://gpgtools.org/)? Seems like they're a distinct entity from GnuPG despite the naming similarities (infringement?). I don't see any information on their website regarding who or what org is backing the development and maintaining the project.
You can find who is committing code etc on their Github projects: https://github.com/GPGTools

And the GPGTools website is registered to Lukas Pitschl: https://twitter.com/lukele

They are not really hiding anything I think. Also GPGTools uses GnuPG etcpp.. Don't really see an infringement (if GPG is protected in the first place)

Facebook and Stripe pledged to support the project but apparently(?) forgot that after 31/Dec/2015 a new year comes in...

>> Facebook and Stripe are each going to sponsor GNU Privacy Guard (GnuPG) development with commitments of $50,000 per year to help sustain the important work of this open source security project.<< https://www.facebook.com/notes/protect-the-graph/supporting-...

Edit: The official blog confirms that Facebook promised to continue supporting the project

>> Lastly, let us confirm that we were meanwhile able to clarify our perceived problem with the Facebook donation promise. This was all due to an unfortunate misunderstanding between us. Facebook will keep on supporting GnuPG in 2016 with a donation of 50000 USD.<< https://gnupg.org/blog/20160519-gnupg-in-2016.html

It's possible this form only shows the amount of money donated using the form itself. Facebook's donation may well have been handled via a different channel.
Someone should make a startup that puts cash collection boxes, targeting open source projects like this, in areas trafficked by technologists. I don't like handing out payment information (if it can be avoided), but would happily slip $20 cash into an anonymous box. Maybe have a number of fixed locations and rotate the projects that a days "cut" goes to.

If the Salvation Army can have a guy in a Santa suit outside Walmart, why can't we have someone on a corner in SoMa? (A Santa length beard might give more "street cred" too!)

> Someone should

but not you, right?

> but not you, right?

I'm more of an "ideas guy". Would definitely drop $20 in there on the way to lunch though.

Should be feasible to do this in open way with bitcoin or ethereum, problem is as always who has (free) time.

I've been working on a system like this for my corp in eve online(an mmo game; not actual money!), I'd be happy to cooperate as a side project

My reply was a response to this, which I see frequently in tech/open source. >90% of the time the person suggesting "someone" should do something doesn't actually want to do anything. Examples, "in this day and age there should be a tool for X", "It'd be cool if we could do Y". What they really mean is that "Someone else should do this, I wish it existed but am not interested in doing anything about it".
Yeah I understand. I was showing goodwill about solving this problem, leaving a mark for interested people to chime in. Many people can contribute time and effort but there needs to be teamwork for any solution to be "real world" ready
Isn't that was bountysource does (it worked for neovim AFAIK) ?
Not giving out payment information seems like a problem that putting a bitcoin address on your project website could maybe solve.
I assume someone uncomfortable with giving out payment information would be at least as suspicious with bitcoins persistent and public ledger.

Bitcoin is far from anonymous. In fact, all is out in the open but you can "invent" new names for yourself all the time. It's therefore pseudonymous by nature but the openly accessible and analyzable flow of bitcoins makes even only reasonable anonymity very hard to achieve.

There are reasonably easy ways around this though - for example, keep your coins in monero, and send to the bitcoin payment address via a service such as xmr.to . (I'm sure that there are other ways, but that's just the one I'm most familiar with - in fact one may even be able to find some software which does this conversion automatically for you via the xmr.to api).
Simplified, you pay someone (in another, probably more anonymous currency) to pay the recipient in the less anonymous currency.

A less technical way would be paying someone in cash to do it.

> Simplified, you pay someone (in another, probably more anonymous currency) to pay the recipient in the less anonymous currency.

I'm pretty sure this is the definition of money laundering.

I think so, too. That's why I wrote it down simplified.
Monero in fact has 'view' keys so you can report, and prove, the transaction / donation to relevant authorities, without revealing your private key, and without making your transaction history visible to the general public.
Monero in fact has 'view' keys so you can report, and prove, the transaction / donation to relevant authorities, without revealing your private key, and without making your transaction history visible to the general public.
Anecdotally, donation based "support" systems seem to be quite broken from what I've experienced. I created a free API about 5 years ago (https://macvendors.com) and have a "Donate to Support" blurb on the site. It's been up for 5 years, gets 200K-250K unique visits to the site per month, and the API is currently handling around 300 million requests a month. Donations? I think I've received 6 over the last 5 years totalling ~$65.
I'm thinking its like SEO - where is the donate button? How is it presented? Lots of a/b testing could be done to improve the odds.
Also, an explanation of expenses, how the money will help, etcetera.

I don't have much money to donate but I've seen some very compelling donation requests which wanted me to really start donating.

Patreon has also sounded very compelling to me.

Yep. Donation based systems are quite broken.

A number of years back, I wrote a small utility app for typing Hanyu Pinyin with tone marks (https://www.pinyinput.net) that I made available for free, with a 'Donate' button and exhortations that people could donate if they found it useful.

Despite 10s of thousands of downloads over a period of about 5-6 years, I could count on two hands the number of donations I got.

Then I changed it to pay what you want (including $0) with a default price of $5. And you click a purchase button rather than a download button.

Plenty of people still download it for free, but now it also gets a payment every day or so - sometimes $1, sometimes $5, sometimes more, but it's a consistent trickle.

> the API is currently handling around 300 million requests a month.

Are those number not enough to start charging for more than #k requests? Even a few bucks a year to use the service would be better than nothing.

I've thought about it every now and then, but the additional work required to implement that outweighs any money it would bring in.
Yeah, I am maintening a gem and after a couple of people ask me to be able to donate a bit to support the project, added gratipay. However, nobody in the end did donatate. Maybe $3 in total. Was a lost of time.

I think people just think other people will donate so don't really matter. I think that too for other projects, so it makes sense.

Agreed. I setup a simple site, which was soon abused. I had the choice of shutting it down, or charging money. Many people said they would pay, but when I went to the effort to clean it up, and setup stripe integration not a single one did.

I nuked the spammers and shut down new subscriptions.

Highlighting this because it still confounds me that projects like this receive no support. I'd be unsurprised if this wasn't the only project in a parlous state. What is all the more baffling is the lack of support from the FSF, EFF, etc.

It also baffles me that the Core Infrastructure Initiative isn't involved in GPG (to my knowledge) considering we have more or less no other way of signing software releases that is commonly used.

Projects like this need more love than they get. How can the community - rather than wealthy beneficiaries - ensure this sort of thing gets enough funding? Open question, because I don't know.