Replies: 2 comments 2 replies
-
|
My employment prevents me from taking money from sponsorships. I think it would be good for us to come up with clear guidelines for adding new maintainers to help others understand what we look for. |
Beta Was this translation helpful? Give feedback.
-
|
Absolutely, we definitely need to have a clearer path to maintainer-ship documented. And with regard to sponsorship, I was thinking we'd look at getting sponsors for the project, not for individuals necessarily. In that way, we could potentially fund other things if needed such as cloud resources, graphic artist to define a logo, etc, etc. |
Beta Was this translation helpful? Give feedback.
-
|
I can make an effort to contribute more and review PR's, i have had a background guilt for a while about not doing enough, so this seems like a really good juncture. If anything I could help out more until some new maintainers are grown. |
Beta Was this translation helpful? Give feedback.
-
|
Sponsorship is live at the following link: https://opencollective.com/bandit-sast |
Beta Was this translation helpful? Give feedback.
-
To all of our wonderful contributors and users of Bandit,
As you might know, Bandit currently has two or so active(ish) maintainers. There is myself and @sigmavirus24 who typically spend the most time trying to review, approve, and keep the project moving. Both of us have full time day jobs, so our participation in this project is at a sacrifice of our free time outside work. That's led to slow review of PRs, infrequent releases, and a growing backlog of issues.
What I'd like to pitch today is opening up Bandit to sponsorship via GitHub's sponsor plans. While I don't expect the project will necessarily receive enough money for either of us to quit our jobs and work Bandit full time. I do see how it can help establish incentive for us to use our free time more on it.
Alternatively, we could look for more maintainers that can spend more time on the project. The path to maintainership is mostly about code reviews. So if we observe someone who is consistently helping review PRs and can continue doing so for an extended period of time, they might make a great candidate for a new maintainer.
Ultimately, I don't wish the project to slowly die off. I'm still passionate how the value of Bandit and so happy to see the active growth it has made. But I'd like to hear feedback from our community on their view to the next step forward.
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions