451 Research special report on managed open source now available. DOWNLOAD NOW

Intro to managed open source p. 3: working with maintainers on maintenance and code improvements

Jeff Stern
by Jeff Stern
on December 13, 2019

In this six-part series, I’m highlighting each of the key features of the Tidelift Subscription. Today in part three I cover how Tidelift works directly with the maintainers of the open source projects you use. Check out part one and part two of the series. And if you’d like to start with a more complete view of how the Tidelift Subscription works, take a tour here

Managed open source is only possible because of the relationships we have formed with the upstream maintainers of your dependencies. These maintainer relationships are a key benefit of the Tidelift Subscription. They allow us to go beyond identifying problems and instead serve up healthy and ready-to-use open source that just works.

Today I want to introduce you to our network of maintainers and share how they ensure the open source you use stays well-maintained.

lifter-event
Here I am with just a few at our maintainers at our headquarters in Boston earlier this year.

We’re thrilled to have close partnerships with the independent community maintainers behind more than 2,000 open source packages who use the Tidelift platform to earn predictable recurring income by solving real-world challenges faced by Tidelift subscribers. Here are just a few examples of how Tidelift has enabled maintainers to go above and beyond what they previously considered possible:

When your project pulls in unmaintained dependencies, we provide security fixes if we are managing or lifting the package. This eliminates the need to port away from unmaintained dependencies, which can be an expensive proposition. Tidelift will also detect and actively search for new maintainers to support packages used by our subscribers that we believe to be unmaintained.

Without a Tidelift Subscription, unmaintained packages are your team’s problem. But with a Tidelift Subscription, you have the guarantee that professional maintainers are partnering with us to make sure the software you depend on stays working today and in the future.

We provide two different levels of support for packages:

  • Managed support: this includes guaranteed security updates even when the original project does not provide an update, and guaranteed SPDX-compliant license tags even when the original project does not provide them. Our managed packages include the core, mission-critical packages in the most common development ecosystems.
  • Managed+lifted support: These are the managed packages where we directly partner with one or more of that project's core maintainers. These maintainers (we call them lifters) are providing an additional layer of assurances, such as setting up a confidential security process and being responsive to subscriber feedback.

managedSee for yourself how well-covered your open source dependencies will be with the Tidelift Subscription by analyzing your first repository during your free trial.

If you’re ready to begin using managed open source, you can start a free trial of the Tidelift Subscription. Once you complete your first analysis, you will see how covered your dependencies will be, and you can dig into which packages are managed and lifted. You can rest easy knowing that the maintainers of projects like Celery and urllib3 are keeping your dependencies well maintained and secure.

  • Already begun your free trial? Visit your Tidelift subscriber dashboard 
  • Just getting started? Sign up for your free trial and complete your first analysis in just a few minutes.

    VIDEO: Watch Tidelift co-founder and CEO Donald Fischer explain the key benefits of the Tidelift Subscription.

    Key benefits of the Tidelift Subscription (7)

 

Try the dependency analyzer