[HN Gopher] Get Paid to Contribute to Urllib3
___________________________________________________________________
Get Paid to Contribute to Urllib3
Author : todsacerdoti
Score : 86 points
Date : 2022-06-21 13:30 UTC (9 hours ago)
(HTM) web link (sethmlarson.dev)
(TXT) w3m dump (sethmlarson.dev)
| pipeline_peak wrote:
| ........$300........
| pid-1 wrote:
| As a student, I would kill for $300.
|
| Well actually I wouldn't, but my point is: that's a nice amount
| of money for students and wannabe devs all over the world.
| tclancy wrote:
| Can always donate it to your favorite charity if you are lucky
| to have no need for it.
| ecshafer wrote:
| $300 is great for a...
|
| undergrad or grad student looking for extra cash.
|
| dev in a third world country where that might be an average
| monthly salary.
|
| junior building up their resume and trying to pay off some
| student loans.
|
| someone that is going to be doing work anyways and at least
| gets something.
| john-tells-all wrote:
| $300 is nice as "fun money" for something you'd do anyway
|
| Example: I want to get better at Golang and have something to
| show for it. Why not find a OSS task with a Bounty, and get
| paid while I learn?
| Rexxar wrote:
| You also can just see the difference between your potential
| salary and what you get as your personal contribution to open
| source. And lots of people are happy to receive something,
| even if the value of the gift is not significant.
| jlg23 wrote:
| Some experienced, well trained, 1st world developer is not
| satisfied with $300 for 5 minutes of his oh-so-superior work
| on FOSS software? Please excuse me, while I try to parse your
| statement in some nice way...
| mcronce wrote:
| I think their point is that there are a lot of people for
| whom $300 is a great payment - essentially, defending the
| maintainers for offering what the parent seems to be
| implying is too little.
|
| Personally, I'm a senior dev making more than triple what I
| did when I started my career, and if it were five minutes
| of work (or even ten, or an hour) I'd be _extremely_ happy
| with $300.
| SethMLarson wrote:
| We wish we could pay FAANG salaries for working on open source!
| That would be a great world to live in. Currently our funding
| comes from corporate sponsors and individual donators so is
| limited in what we're able to offer for now.
|
| Our current calculations for issues is roughly ~$50 per hour of
| anticipated work from an individual with some relevant skills
| which we're hoping is enough money to entice people to
| contribute.
| woodruffw wrote:
| I don't believe this is meant to replace a full time job, just
| to incentivize open source maintainers who might otherwise
| place their effort elsewhere.
| tluyben2 wrote:
| Offtopic: is there a list of bounty programs which, like this
| one, award feature implementations instead of bug/vulns? Google
| just gives me bug bounty company lists.
| ffpip wrote:
| https://issuehunt.io/issues
|
| https://www.bountysource.com/
|
| https://huntr.dev/
|
| Taken from https://www.google.com/search?q=open+source+bounty
| lolpython wrote:
| There's also https://gitcoin.co/
| danuker wrote:
| I am boycotting Bountysource.
|
| https://news.ycombinator.com/item?id=23551098
| fweimer wrote:
| That seems to be fairly standard. When some government
| institution started a term-limited security-related program
| for a project to which I contribute, the consulting company
| that ran the program took out a fixed fee out of the pool
| each month, too. I suspect this is done so that the project
| is encouraged to promote the program while it lasts.
|
| Actually, I found the terminology much more problematic
| than the way the program administrator was compensated:
| while "bounty" can mean (among other things) "subsidy",
| that is not the meaning that is predominant in popular
| culture today. Maybe some use it as a convenient industry
| shorthand, but others are definitely aware of the fraught
| history (particularly when it comes to persecution of
| Native Americans), and allude to it in conversations. And
| that a 21st century government sees this as a model to be
| emulated for maintaining public safety is quite disturbing.
| [deleted]
| tyingq wrote:
| This space is in rough shape for python. Python ships with
| urllib, which is fairly neglected. People tend to use requests,
| which is better, but still doesn't support normal keep-alives, so
| it's a new connection per request.
|
| Also, urllib3 has a dependency on the shipped urllib, and
| requests depends on urllib3.
|
| Edit: I was correct about urllib not doing keep-alive, but
| incorrect about urllib3 and requests...those support it.
| unmole wrote:
| > People tend to use requests, which is better, but still
| doesn't support normal keep-alives, so it's a new connection
| per request.
|
| What on earth is _normal keep-alives_ in this context? And you
| can most certainly reuse connections with Session objects:
| https://requests.readthedocs.io/en/latest/user/advanced/
| tyingq wrote:
| I had remembered incorrectly. Urllib (the only one of the
| three that ships with python) is hobbled this way, it sends
| Connection: Close with every request. Urllib3 and requests
| don't have that issue.
| SethMLarson wrote:
| Where are you seeing this information? urllib, urllib3, and
| requests all support connection pooling, keep-alives, and re-
| use and have for a very long time.
|
| Maybe I'm not understanding part of your message?
| tyingq wrote:
| For urllib:
|
| _" urllib.request module uses HTTP/1.1 and includes a
| "Connection:close" header in its HTTP requests"_[1]
|
| [1] https://github.com/python/cpython/blob/3.10/Lib/urllib/re
| que...
|
| You seem to be correct about urllib3 and requests, I was
| wrong there...though they do have the dependency on urllib.
| amelius wrote:
| It would be great if GitHub integrated the concept of bounties
| into its system, so other projects could have them too without
| much administrative trouble.
| jakear wrote:
| > Don't "claim" issues or ask whether someone is already working
| on an issue. Instead, focus on creating a pull request which
| solves the issue. Once you create a pull request we can assign
| your account to the issue to ensure others don't start working on
| it in parallel.
|
| Having maintained popular OSS software in the past, this sounds
| problematic. I know "claiming" doesn't work, people will
| regularly "claim" and issue then not be heard from ever again.
| But PR-to-claim sounds iffy, especially when money is involved.
| Failure modes I envision include people putting up low effort
| PR's to lock the issue, then either wasting a bunch of maintainer
| time on reviews or getting into IP debates with people who later
| on create a proper PR that maybe includes a bit of the same
| routines.
|
| Perhaps if the PR author would stake cash that the
| maintainer/reviewer would receive upon review?
|
| The third party pr authors are asking for the other party to do
| work just as much as the maintainers are.
| SethMLarson wrote:
| Thanks for raising this issue, you're right! There's no
| mechanism for making concurrent work impossible. We haven't had
| this problem of concurrent issues being worked on from start to
| finish in the past, maybe that will change with the bounty
| program?
|
| We haven't seen adversarial behavior yet but if it starts to be
| a problem we can address it, I agree that the language of
| "opening a PR" isn't super great. Maybe that section needs to
| be more general i.e. "we'll assign you the issue once you've
| made substantial progress towards the tasks" leaving that to be
| defined by maintainers.
|
| The possibility of "staking" money by the contributor is a non-
| starter. We aren't in the business of taking money from people
| who have good intentions and operationally I don't see a way
| forward there.
|
| This whole program is an experiment so we're open to being
| wrong about things at first. We'll be iterating based on
| feedback and providing a retrospective in a future newsletter.
| SethMLarson wrote:
| Thanks for posting this! If anyone has questions you can ask here
| and I'll answer or our community Discord listed in the article is
| a good place to start.
| maximilianroos wrote:
| As a maintainer of a few open-source projects, some funded &
| some unfunded -- this is a v interesting development. I'm
| excited to see how this goes and I really hope it's successful.
|
| Some concerns that I've considered before around this model (no
| need to address them all):
|
| - How has adding this incentive changed the community?
|
| - Do you get worse quality contributions because people are
| doing it for the money?
|
| - Are non-funded items neglected?
|
| - Do people argue over whether an issue is fully closed?
|
| - Is it more of a challenge to craft issues with a tight spec?
| SethMLarson wrote:
| These are all great questions! Our team is collecting
| feedback and our own experience and hoping to publish a
| retrospective some time down the line about how things are
| going. Stay tuned!
| tgflynn wrote:
| I'm not really clear on how to find out what issues have
| currently active bounties attached to them. I followed some
| links to this github query:
| https://github.com/urllib3/urllib3/issues?q=is%3Aopen+is%3Ai...
|
| but all I see there are issues that appear to have already been
| paid for.
| SethMLarson wrote:
| If the issue is open it hasn't been paid for, we close issues
| when their completed. Let me know if you have other
| questions.
| lolpython wrote:
| I find the language "Paid: $___" confusing because it is
| past tense and reads like the task has been completed. I
| suggest changing it to "Will Pay" or "Bounty"
| SethMLarson wrote:
| You're right, this language is confusing. We'll change
| the names of the labels to be more clear.
___________________________________________________________________
(page generated 2022-06-21 23:01 UTC)