Chief Marketing Officer, Tidelift. Author of The Ad-Free Brand.
Joined January 2009
- Tweets 5,147
- Following 2,963
- Followers 2,796
- Likes 670
39 Photos and videos
7 Jun 2023
Well, that was fun. Good day, everyone! 🤗
7 Jun 2023
The dream at @tidelift has always been to make open source work better—for everyone.
So the goal of @UpstreamOSS is to get to know each other, both those who create open source, and those who use it.
bit.ly/42sXlCn
#upstream2023
2
321
Chris Grams retweeted
7 Jun 2023
A few minutes ago, @juliaferraioli stated this very eloquently:
Software is not just bits. It’s a complex, socio-technical system, and you can’t simply abstract the people out of it.
bit.ly/3JmSKuP
#upstream2023
2
5
260
Chris Grams retweeted
7 Jun 2023
“Lauren shared some highlights of the multi-year effort we’ve made at Tidelift to pay maintainers to validate they are following common software security practices. Paid maintainers achieved a better than 2x OSSF Scorecard score!” 🎉
bit.ly/3qyuorq
#upstream2023
1
2
108
Chris Grams retweeted
7 Jun 2023
“There’s a reason why corporations employ people and pay them. Because that’s the best way to get work done. Getting paid should be considered normal, not out of the ordinary.”
@dff quoting maintainer @GaryGregory
bit.ly/3OWNDVH
#upstream2023
3
3
302
Chris Grams retweeted
7 Jun 2023
“If we want healthier, more secure open source software, we can’t think of it as a zero-sum equation anymore. We need to think about how everyone can win, both the creators and users of open source.”
bit.ly/43roYwD
#upstream2023
3
2
185
Chris Grams retweeted
7 Jun 2023
“Let’s stop winging it, and instead create a more intentional supply chain, with intentional, thriving open source maintainers” @dff paraphrasing @luis_in_brief
bit.ly/3oNTpOC
#upstream2023
3
4
241
Chris Grams retweeted
7 Jun 2023
“Open source won, now comes the hard part” hear 🎙️ from @mmilinkov of @EclipseFdn in his @UpstreamOSS talk, live now: bit.ly/3NfApSp
#upstream2023
2
1
127
Chris Grams retweeted
7 Jun 2023
When it comes to relieving the loneliness of being a solo maintainer, @sethmlarson asks “how can we as an industry get at least one more person on every project?”
bit.ly/43Pktfr
#upstream2023
1
1
32
Chris Grams retweeted
7 Jun 2023
“If we start defining what open source is, in ways that are not compatible from one jurisdiction to another, it's going to be an absolute nightmare.” - @tobie
Live on @UpstreamOSS now: bit.ly/45J8dih
#upstream2023
3
2
293
Chris Grams retweeted
7 Jun 2023
We asked open source maintainers which of the common industry standards frameworks they were *aware* of (NIST, OpenSSF Scorecards, SLSA). 52% of maintainers were aware of none of them, according to @cdgrams.
bit.ly/3qtlGKQ
#upstream2023
1
1
42
Chris Grams retweeted
7 Jun 2023
“I’m not surprised at all that most maintainers aren’t up to date with everything that is happening in the open source security supply chain explosion of complexity that we are all living through right now,” says @sethmlarson.
bit.ly/3Ndzx0G
#upstream2023
1
2
209
Chris Grams retweeted
7 Jun 2023
.@sethmlarson describes himself as a semi-professional maintainer, which puts him squarely in the minority. Only 36% of maintainers self-describe as professional or semi-professional. 60% describe themselves as unpaid hobbyists!
bit.ly/3WR3TcC
#upstream2023
3
4
192
Chris Grams retweeted
7 Jun 2023
Paid maintainers are 20-30% more likely to do important security and maintenance work than unpaid maintainers, says Tidelift VP of product @partridgehouse, quoting Tidelift’s new state of the open source maintainer report.
bit.ly/3OWZhQg
#upstream2023
2
1
107
Chris Grams retweeted
7 Jun 2023
“You can think of @Tidelift as a central compliance office for upstream open source. Our job is to let folks know where there may be a gap and ensure maintainers are paid and have the clarity to do their work.” @partridgehouse
bit.ly/3Ne5fKj
#upstream2023
1
1
42
Chris Grams retweeted
7 Jun 2023
In her talk @partridgehouse shares data that as of May 2023, the OpenSSF Scorecards scores of packages in our maintainer cohort were 7.2/10 as compared to 3.3/10 for all assessed packages. Over 2x higher with paid maintainers!
bit.ly/45SvyOD
#upstream2023
2
1
96
Chris Grams retweeted
7 Jun 2023
If you want to support #OSS maintainers:
- Celebrate non-code contributors
- Advocate for better OSS programs at your workplace
- And pay them!
@borderless_dev live on @UpstreamOSS now: bit.ly/3NdvUrI
#upstream2023
4
3
171
Chris Grams retweeted
7 Jun 2023
A final assessment from @partridgehouse from our OSSF Scorecards project: maintainers getting paid for their work are willing to improve both the measurements of things and the outcomes those things deliver.
bit.ly/3qoY6id
#upstream2023
3
2
136
Chris Grams retweeted
7 Jun 2023
Quote from maintainer @ljharb “I wouldn’t be able to put the care and attention into this critical work without being paid for it, so I’m glad to see the importance of paying maintainers has taken center stage.”
bit.ly/43ObxXF
#upstream2023
2
2
105
Chris Grams retweeted
7 Jun 2023
“Today is June 7…the five year anniversary of when the US government stepped into SBOM.” - @AllanFriedman
Happy #SBOMiversary! 🎉
bit.ly/3NhFlGL
#upstream2023
3
3
273