This line of discussion ("Make it so we can pay you $xxK/mo, don't ask for donations.") comes up a lot on HN.
Here's what I did:
First, I spent four years developing security libraries for PHP developers that can be considered core infrastructure. Random_compat was an API-compatible polyfill of PHP 7's random_bytes() and random_int() functions for PHP 5 projects (and has over 100 million downloads). sodium_compat reimplemented most of libsodium in pure-PHP, and currently powers WordPress's signature verification functions. That's just two examples, I have over a dozen of distinct and useful libraries-- many of which have been adopted into popular frameworks-- that make your software materially more secure. If you're a serious player in the industry and your code base is PHP, you're running my code.
Okay, value delivered through open source? Check.
All of the above was also published through an LLC rather than just under an individual's name.
Then, I began offering the usual HN recommendations (support contracts, especially for EOL versions of PHP for Enterprise Linux customers).
I even created a streamlined workflow section on the company website and linked all of our open source projects to it: https://paragonie.com/enterprise
To date, the SQL tables that power that section of our website only has test records I created to make sure it was turned on correctly.
So I believe this to mean one of two things:
1. There's a missing step that I'm not doing that, once executed, will rake in the dollars.
2. The prescribed advice on message boards about how to run an open source business doesn't work.
(Until I figure out which it is, I'll have to continue doing code audits and penetration tests. Not exactly hurting for money, but it's not coming from the channels that people expect for open source. Enjoy the anecdata.)
Here's what I did:
First, I spent four years developing security libraries for PHP developers that can be considered core infrastructure. Random_compat was an API-compatible polyfill of PHP 7's random_bytes() and random_int() functions for PHP 5 projects (and has over 100 million downloads). sodium_compat reimplemented most of libsodium in pure-PHP, and currently powers WordPress's signature verification functions. That's just two examples, I have over a dozen of distinct and useful libraries-- many of which have been adopted into popular frameworks-- that make your software materially more secure. If you're a serious player in the industry and your code base is PHP, you're running my code.
Okay, value delivered through open source? Check.
All of the above was also published through an LLC rather than just under an individual's name.
Then, I began offering the usual HN recommendations (support contracts, especially for EOL versions of PHP for Enterprise Linux customers).
I even created a streamlined workflow section on the company website and linked all of our open source projects to it: https://paragonie.com/enterprise
To date, the SQL tables that power that section of our website only has test records I created to make sure it was turned on correctly.
So I believe this to mean one of two things:
1. There's a missing step that I'm not doing that, once executed, will rake in the dollars.
2. The prescribed advice on message boards about how to run an open source business doesn't work.
(Until I figure out which it is, I'll have to continue doing code audits and penetration tests. Not exactly hurting for money, but it's not coming from the channels that people expect for open source. Enjoy the anecdata.)
https://packagist.org/packages/paragonie/random_compat
https://packagist.org/packages/paragonie/sodium_compat
https://make.wordpress.org/core/2019/05/17/security-in-5-2