←back to thread

FLOSS/fund for free and open source projects

(floss.fund)
415 points joice | 5 comments | 16 Oct 24 09:02 UTC | HN request time: 0.644s | source
1. jph ◴[16 Oct 24 12:56 UTC] No.41858556[source]
Great idea! I'm trying it now by adding the file `funding.json` to two of my FOSS projects. Feedback welcome. Donations welcome. :-)

1. Assertables is a Rust crate that provides assert macros for smarter testing: https://github.com/SixArm/assertables-rust-crate/blob/main/f...

2. BoldContacts is a mobile app that helps people who have disabilities: https://github.com/BoldContacts/boldcontacts-mobile-app-for-...

Results so far:

1. The JSON spec validation seems to be problematic. For example, I get an error message and there's no obvious way to handle it: "entity.webpageUrl.url and manifest URL host and paths do not match. Expected entity.webpageUrl.wellKnown for provenance check at https://linktr.ee/joelparkerhenderson/*/.well-known/funding-..."

2. An opportunity for improvement is for the JSON spec to favor each project having all it's own information in the JSON file i.e. orient the file toward the project, rather than toward a specific developer, and definitely not toward the naming convention of "/.well-known" subdirectory (which doesn't exist in many projects and has a history of glitches because it's a hidden dot directory).

IMHO success looks like making the file spec simpler, even it means skipping some of the manifest capabilities.

replies(1): >>41860733 #
2. mr-karan ◴[16 Oct 24 16:04 UTC] No.41860733[source]
Hey, I'm from Zerodha team.

1. Regarding the validation, this error seems to be related to the provenance check mechanism in the spec. This is to prove ownership of that project/domain. The wellKnown field is designed to handle cases where the webpageUrl doesn't match the manifest URL.

2. Will definitely be passing the feedback to our team and evaluate this further!

replies(3): >>41860933 #>>41860953 #>>41874597 #
3. breck ◴[16 Oct 24 16:21 UTC] No.41860933[source]
Aloha! I think there's something novel you could do here that would catch on like wildfire. Here is me coding up the basics:

https://youtu.be/4BH8DRXwVRw?t=317

Feel free to connect via email if you want to chat more breck7@gmail.com

4. jph ◴[16 Oct 24 16:22 UTC] No.41860953[source]
Thanks for the reply. It turns out the current JSON file approach can't prove ownership of the project nor the domain, so perhaps there's a gap in my understanding or your team's understanding...? Feel free to contact me about this a because I believe in your mission: joel@joelparkerhenderson.com

Some options that I use successfully with other donations services and funding services...

- A unique token per project published in a project file

- A unique token per domain published in a DNS TXT record

- A verification of the project's existing setup, such as using GitHub API access or OAuth

- A forwarding to the project's existing funding link, such as using a project's GitHub sponsors link

- A heuristic with the person's existing payment links, such as contact info being identical on GitHub and Venmo

- A challenge/response, such as verifying a small random payment

- A dedicated KYC process such as with a background checking service.

5. ipaddr ◴[17 Oct 24 22:48 UTC] No.41874597[source]
I'll confirm doesn't work.