add project for STF general investment #10
Conversation
Co-authored-by: Alex Groleau <[email protected]>
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/application-for-the-sovereign-tech-fund-general-investment/49731/1 |
it doesn't make sense to go into much more detail at this point
Co-authored-by: Robert Hensing <[email protected]>
|
Thanks y'all for your work on this--this has a good chance of creating meaningful impact and helping the ecosystem! Some broad questions instead of creating a bunch of changes: Are we asking for too much money? The linked notes with STF employee information suggest that the median is 200K-300K Euros over 1-1.5 years. It might make sense to give a more modest request. Are we targeting the right things? Documentation 100% is important, both in helping the existing community and users and in making marketing/adoption simpler. I think that improving our story there is super important work, and it's work that is relatively straightforward (I think) to spend money on: hire technical writers, hire designers, etc. But, in a very close second, there are the hosting concerns: our usage is quite large, and even though we have help from Amazon/Fastly/Equinix that only serves to give three American companies an uncomfortable amount of power over the ecosystem. It would make sense--and be an easy sell, given the STF's position of "Digital sovereignty is the self-determined use of digital technologies and systems by individuals, industry, and governments"--to work on helping ensure a future where the Nix ecosystem is not reliant on handouts of this variety. This could be accomplished both by targeted projects to make it easier to federate and host Nix ecosystem components (and secure them!) and also by moves to have core Nix infrastructure on actual bare metal somewhere that is owned and operated by the foundation. Both of these things are, again, fairly straightforward to scope out and make solvable via trackable dispersal of funds. Are we not giving enough of a security focus? A good part of the STF mission seems directly related to security and supply-chain concerns. In the proposal, it would probably be easy to add a line item (not very much, in all honesty, is needed to serve this purpose) for something like a bug bounty or similar widely-accepted practice to show commitment to security. It might also be a good idea to specifically identify a couple of key things that would be of interest even to folks not intimately familiar--using the current list as an example, the vulnerability tracking, build reproducibility, and secure boot initiatives are all things that I think can be explained concisely to a government person evaluating merit. Other things are important too, of course, but it's good to have funding objectives that don't require as much inside baseball. Is our estimate of time correct? I don't know this for sure, but you've got an hourly rate just shy of 120 EU/hr that goes from the 950K ask divided by the 8000 hours. Now, in the US, if you have 50 work weeks times 40 hours (and I know standards are different in Europe, this is just spitballing) you get 2000 man-hours. So, the 8K hours estimate suggests that the Nix ecosystem needs 4 man-years of development on this--4 full time devs. I'm not sure that that's quite right. Whether that's high or low I can't say right now, but if my hunch about how that number is going to be used during STF evaluation is correct than we might want to think about that. ~ These are some broad questions--I leave out some of the more specific things I'm also a bit concerned about, but I think that the above is enough to start a conversation hopefully about getting a tighter, more-fundable scope. I really appreciate the work that y'all have put into this so far, and I hope we're able to land the grant however things end up. :) |
|
|
||
| - Deploy their products or services with confidence | ||
|
|
||
| The Nix ecosystem promotes [the purely functional software deployment model](https://edolstra.github.io/pubs/phd-thesis.pdf). |
There was a problem hiding this comment.
@edolstra It would be super nice to have a link to this document using a DOI. (In reference to the chat we had on PM on Matrix)
Co-authored-by: Robert Hensing <[email protected]>
Co-authored-by: Ryan Lahfa <[email protected]>
|
@crertel these are exactly the right questions to ask, thanks for writing them down! The proposal is still in flux, and I'm definitely taking that into consideration. Luckily this is only phase 1 of what I expect to be a negotiation if the general direction finds agreement, so what matters is the big picture such as the total budget and the high-level goals and systemic benefits. There's pages worth of material behind each deliverable, therefore the focus at this point should be on conveying the spirit of the proposal with very little words. I'll keep pushing updates as I incorporate feedback from various channels. |
An application for the Sovereign Tech Fund's general investment program: https://www.sovereigntechfund.de/programs/applications
Rendered
In our application we’re proposing to:
It builds on previous project proposals and discussions, accounting for work that had been completed in the meantime:
Collaboratively developed with
with contributions by
Get in touch on Matrix: https://matrix.to/#/#nix-stf-general-funding:matrix.org