On 2025-10-30 19:04:20 -0700 (-0700), Scott Lewis via open-regulatory-compliance wrote:
[...]
>There is, however, research that shows that local governance and
>community-created rules along with community-specific enforcement
>of resource consumption restrictions or policies is often an
>effective way for a community to manage scarce natural resources
>(e.g. water, land, energy, fish, etc) at the local level (as
>opposed to centralized governance/government).
[...]
A related model is the utility cooperative where, for example,
customers pay a nonprofit organization for their electricity and are
members who elect the governing body that oversees operation of the
power plants, maintenance of distribution lines, setting rates and
fee schedules, approving budgets/salaries, et cetera.
In my personal view, a successful security attestation program would provide the primitives enabling various models of that nature to flourish, without dictating a specific solution or business model.
Open source communities are widely different:
- Some communities are mostly corporate-based, some are very much community-driven.
- Some ecosystems have deep and complex dependency structures, others are fairly flat.
- In some ecosystems most key projects sit under a steward, in other ecosystems, that's not the case at all.
- Some ecosystems are organized around one large project and a flurry of plugins, others offer a complex web of libraries that can be composed.
- Some ecosystems are driven by vendors, others very much by practitioners.
- Some ecosystems are developer facing, some are end-user facing.
- Some ecosystems are horizontals, others focused on a specific vertical.
- Some ecosystems serve highly-profitable verticals, others serve education, government administrations, healthcare, or nonprofits.
A model that works for a WordPress plugin built by a single maintainer is probably not going to be a good fit for Chromium.
But hopefully, there are primitives that would enable both projects to find a model that works for them.
--tobie
