CHAOSScast Episode 119: Guest Episode - Sustain asks how Ecosyste.ms maps open source dependencies

About this Episode

Thank you to the folks at Sustain for providing the hosting account for CHAOSSCast!

CHAOSScast – Episode 119

In this episode of CHAOSScast, we have a special episode from our friends at Sustain. Host Richard Littauer from Sustain is joined by guests Ben Nickolls and Andrew Nesbitt to discuss the ecosyste.ms project. They explore how ecosyste.ms collects and analyzes metadata from various open-source projects to create a comprehensive database that can help improve funding allocation. The discussion covers the importance of funding the most critical open-source projects, the existing gaps in funding, and the partnership between ecosyste.ms and Open Source Collective to create funding algorithms that support entire ecosystems. They also talk about the challenges of maintaining data, reaching out to project maintainers, and the broader implications for the open-source community. Hit the download button now!

[00:03:16] Andrew and Ben explain ecosyste.ms, what it does, and how it compares to Libraries.io.

[00:06:17] Ecosyste.ms tracks metadata, not the packages themselves, and enriches data via dependency graphs, committers, issues, SBOMs, and more.

[00:08:12] Andrew talks about finding 1,890 Git hosts and how many critical projects live outside GitHub.

[00:09:55] There’s a conversation on metadata uses and SBOM parsing.

[00:14:07] Richard inquires about the ecosystem.ms funds on their website which Andrew explains it’s a collaboration between Open Collective and ecosyste.ms. that algorithmically distributes funds to the most used, not most popular packages.

[00:17:03] Ben shares how this is different from previous projects and brings up a past project, “Back Your Stack” and explains how ecosyste.ms is doing two things differently.

[00:20:17] Ben explains how it supports payouts to other platforms and encourages maintainers to adopt funding YAML files for automation. Andrew touches on efficient outreach, payout management, and API usage (GraphQL).

[00:26:54] Ben elaborates on how companies can fund ecosyste.ms (like Django) instead of curating their own lists and being inspired by Sentry’s work with the Open Source Pledge.

[00:30:50] Andrew speaks about scaling and developer engagement and emphasizes their focus is on high-impact sustainability.

[00:34:06] Richard asks, “Why does it matter?” Ben explains that most current funding goes to popular, not most used projects and ecosyste.ms aims to fix the gap with data backed funding, and he suggests use of open standards like 360Giving and Open Contracting Data.

[00:37:04] Andrew shares his thoughts on funding the right projects by improving 1% of OSS, you uplift the quality of millions of dependent projects with healthier infrastructure, faster security updates, and more resilient software.

[00:39:53] Find out where you can follow ecosyste.ms and the blog on the web.

Quotes:

[00:12:36] “I call them interesting forks. If a fork is referenced by a package, it’ll get indexed.”

[00:23:25] We’ve built a service that now moves like $25 million a year between OSS maintainers on OSC.”

[00:34:41] “We don’t have enough information to make collective decisions about which projects, communities, maintainers, should receive more funding.”

[00:35:41] “The NSF POSE Program has distributed hundreds of millions of dollars of funding to open source communities alone.”

[00:37:05] “If you have ten, twenty thousand really critical open source projects, that actually isn’t unachievable to make those projects sustainable.”

Spotlight: