87 points Brysonbw | 1 comments | 02 Apr 25 18:24 UTC | HN request time: 0.2s | source

How would one go about being a 'rogue' OSS contributor so to speak? Live off of donations, bounties, hackathons, ect?

Show context

kjok ◴[02 Apr 25 19:44 UTC] No.43560718[source]▶

I believe that FOSS maintainers can gain financial independence and sustain their projects by "selling" hardened FOSS projects (think supply-chain security assurance) to consumers. I'm working on enabling this. DM me if interested.

replies(1): >>43561824 #

ATechGuy ◴[02 Apr 25 21:26 UTC] No.43561824[source]▶

>>43560718 #

Sounds promising. How do you propose we create "hardened" projects?

replies(1): >>43567368 #

1. pabs3 ◴[03 Apr 25 10:06 UTC] No.43567368[source]▶

>>43561824 #

For supply-chain security, you need basically two things; 1) audit all the source code 2) build the source code (almost) without using any binaries.

The CREV folks are working on distributed code review, and the Bootstrappable Builds folks are working on building an entire Linux distro without any existing binaries, starting from an MBR worth of commented machine code.

https://github.com/crev-dev/ https://bootstrappable.org/ https://lwn.net/Articles/983340/

↑

Ask HN: How do you make a living contributing to and/or creating OSS projects?