Hi, The Replicant project has received 200 000$ from Handshake[1][2]. The kind of amount we received will enable the Replicant project to fund development.
The nlnet foundation also has some funding for privacy and trust enhancing technologies. The deadline for the submissions is the first February. ====================================================== = What tasks we should fund, and who could be funded = ====================================================== Before that, at the Open Source Firmware Conference[3], I've discussed about how to fund work on Replicant with Paul Kocialkowski. More specifically the focus of the discussions was on the kind of tasks that Replicant should or should not fund if the Replicant project managed to get enough money, and which criteria we would use to understand if the people applying would be fit to work on the tasks. The general consensus was that we could use the fund mainly to fix some pressing issues and to lower the amount of work required to maintain Replicant. Pressing issues: ---------------- Replicant has some urgent bugs to fix, for instance: - We have several freedom issues to fix (for instance the build depends on Debian which is not compliant with the Free Software Distribution Guidelines(FSDG)) - Some SIM cards are not recognized - Under some conditions, the call audio is garbled. - Adding support for devices that can still easily be found new or second hand. The devices currently supported by Replicant already cannot be found in local second hand shop (in Paris, France) anymore, but can still be found online. Longer term tasks: ------------------ The most important tasks we could want to fund would be the ones that lower the amount of work required to maintain Replicant. For instance: - Finishing libsamsung-ipc and samsung-ril, and upstreaming them in LineageOS. - Making Replicant work with upstream kernels. - Find a way to lower the amount of maintenance required to keep Replicant up to date with security fixes. We could for instance make it easier to update the Android version in Replicant, and lower the attack surface by bundling applications coming straight from f-droid instead of shipping applications that comes from Replicant source code. As for the criteria used to choose which person could be paid to work on some of the tasks, we agreed on requiring at least the following to make sure that the money is spent wisely: - The people applying will need to already have some code in Replicant. If it's not the case, they can simply send patches. Outreachy[4][5] use a similar criteria. - The people applying for a given task will need to have done work in a similar area in a free or open source software project (this way it's possible to look at the contribution). Note that the above only represent our views at the time. I summarized our discussion here, not to force this point of view, but rather to use it as a good basis for starting a wider discussion about it. I've also started working on a list of tasks[6] which is based on the main task page[7] and on the former page for the Google Summer of code[8]. Tasks dependencies: ------------------ If we go this route, I think that we should also try to understand the dependencies between tasks. For instance working to complete libsamsung-ipc and samsung-ril should not have a very strong dependency on the Android version. However for some of the tasks it would make sense to work on porting Replicant to a newer Android version first. Fixing some of the freedom issues could also be done automatically when switching to a newer Android version. Infrastructure: --------------- I also personally wonder if it makes sense to spend some money in the project infrastructure or not, for instance we could build a test infrastructure that could help finding and fixing bugs. For instance we could use something like that to reproduce the bug where the voice call audio is garbled and to test our GSM stack (libsamsung-ril and libsamsung-ipc). I've started doing some research on that here: https://redmine.replicant.us/projects/replicant/wiki/TestingInfrastructure I think that the main issue here is that we need to keep the running costs very low in order to be able to continue operating such infrastructure when the Replicant project won't have the same amount of money than now, and currently a larger scale test setup that uses the OsmoGSMTester seem to cost a lot to operate. Volunteers: ----------- So far, most of Replicant contributions were done by volunteers. So the Replicant project could also not want to fund work that people want to as Volunteers but but instead fund important work that no one want to do. ================= = nlnet funding = ================= We could use that to fund some of the tasks that match the nlnet funding requirements. As the deadline is really soon, I think we should concentrate on defining the tasks and finding the people that could work on them. Also, if I remember well, the individuals being paid to work on such tasks are paid directly by the nlnet funds, so the Replicant funds won't be involved here. ============================================ = Replicant funds usage and accountability = ============================================ I think that we will need to improve the funds usage accountability before being able to draw substantial amounts of money from the Replicant money. Note that this is independent from the nlnet funding. Currently we are only two people on Replicant side that decide how to use the funds. If I remember well we need the agreement of every person from Replicant side, unless the other person doesn't respond in a reasonable timeframe. - Me (Denis Carikli) - Paul Kocialkowski On the FSF side our contact is John Sullivan. The issue is that nowadays Paul Kocialkowski is very busy. Because of that he doesn't have time to handle funding requests anymore. This makes me the only person to decide how funds are used. This is very problematic. We would need at least 2 more people. I also am not comfortable at all with having to handle that much money alone. Several people (me included) are already interested in being funded to work on Replicant. It is very uncomfortable for me to be at the same time the only person that would decide on what to use the funds for, and a candidate to work on some of the tasks. I think that it would be best if some present or past Replicant developers could apply for that. The idea behind requiring Replicant developers is to make sure that that the people applying have the required technical background to take the decisions. The people applying would also need to have some good understanding of software freedom. References: ----------- [1]https://www.fsf.org/news/free-software-foundation-receives-1-million-from-handshake [2]https://handshake.org [3]https://osfc.io [4]https://www.outreachy.org/ [5]https://en.wikipedia.org/wiki/Outreachy [6]https://redmine.replicant.us/projects/replicant/wiki/Tasks_v2 [7]https://redmine.replicant.us/projects/replicant/wiki/Tasks_v2 [8]https://redmine.replicant.us/projects/replicant/wiki/Google_Summer_of_Code_2018 Denis.
pgpbGHIoWyVVl.pgp
Description: OpenPGP digital signature
_______________________________________________ Replicant mailing list [email protected] https://lists.osuosl.org/mailman/listinfo/replicant
