SponsorLink is now OSS too and no longer bundled

[kzu]

After the feedback yesterday, it was clear that even though the goal of SponsorLink is to make it easier for library developers to get sponsored, the fact that a part of an OSS project referenced a non-OSS dependency was concerning to many users.

As such, everyone can now go and inspect the whole thing (analyzer/package as well as backend azure functions) at the SponsorLink repository. Future versions of the package will come from there, will no longer be ofuscated, and will also have an OSS license.

NOTE: the original private repo is https://github.com/devlooped/SponsorLinkCore and has been archived. It contains the original commit history, which has now been integrated (via cherry-picking) into the single public repo moving forward.

Hopefully you will take this opportunity to help move it forward for the benefit of anyone that wants to be sponsored for their OSS work, and offering a better experience on that front for users too.

A couple comments from the feedback I gathered yesterday on #1374 as well as Twitter/X:

• Many brought up the email SHA256 hashing to map users>sponsorships as not sufficiently private. Point taken, that won't be coming back until it's properly fixed as part of Replace hashed email with manifest-based offline check SponsorLink#31
• Warnings for sponsorsing messages disrupt folks using warnings-as-errors. Agreed, I overlooked that scenario. Will fix it as part of Warnings for sponsoring messages break build in some cases SponsorLink#32
• Build pauses: not 100% sure about this one, but it seems users don't like it. I'd like to collect more thoughts from library authors in particular. It's quite obvious users that aren't sponsoring (and don't intend to either), will be bothered by this. But the focus should be on library authors that want to make their OSS work sustainable. So I'd like folks to keep that in mind as you chime in on Build pauses should be gone SponsorLink#33

[gnalvesteffer]

https://github.com/nsubstitute/NSubstitute

[CenturySparkle]

And I thought the npm funding messages were bad. This is worse.

[jkonecki]

Moq currently has 99 contributors (including a handful of bots) - how are you going to distribute the proceeds from SponsorLInk between them, if at all?

As a library author, I would never impact the library users' build process with any delays (this could consume free minutes offered by online services). I wouldn't even annoy them with auto-opening text files on NuGet package installation.

Consider a world in which every NuGet package you use, and every dependency, and dependency of dependency, utilized SponsorLink that added just a couple of seconds to each build. Do you want to live in such world?

“Don't do unto others what you don't want done unto you.”
― Confucius

[tacosontitan]

This is just strange to me.

1. Why include this at all?
2. If it must be included, why isn't it an opt-in feature instead of being mandatory?

[TeddMcAdams]

It is clear at this point that Moq needs to be forked and we need come together around a new repository.

[sdepouw]

It is clear at this point that Moq needs to be forked and we need come together around a new repository.

https://github.com/hassanhabib/CleanMoq
https://www.nuget.org/packages/CleanMoq

[DanielCordell]

Some people here need to take a step back. He's literally done what we asked here. If y'all aren't gonna be constructive here then genuinely why post anything. There's enough people posting the same stuff in his other issues. If you wanna fork the repo, fork it. If you wanna migrate to NSubstitute, then go do that too.

Thank you @kzu for open sourcing this. Probably a bit too late, and definitely should have been done from the start, but It's a step which will help some people regain some of the trust that was lost.

I hope this continues with a trend of you being able to work with the community on this, rather than dropping something like this as a surprise. Everyone saw how that went the last time!

[lee-11]

There is a degree of pointlessness here that adds spice to the myopia. Wanting to be paid (call it what you will) requires an elevated amount of knowledge, consideration, and work. There is no easy button. Sending invoices and stuff is a intentionally ignorant simplification of what providing work for compensation involves. OSS doesn't get a free pass here - ethics, fair value, compliance, taxes (OSS isn't possible without infrastructure), etc. are all part of the ecosystem.

So stay "free" and unencumbered or get serious and get paid. Don't try to be "smarter" than the legions before you by ignoring entire concerns you find distasteful but are, in the context of the entire ecosystem, required for everyone's benefit.

[Rahtgaz]

Some people here need to take a step back. He's literally done what we asked here. If y'all aren't gonna be constructive here then genuinely why post anything.

People asked many things. But I clearly got the idea that the vast majority asked for SponsorLink to be completely removed from Moq. And that hasn't been done and clearly isn't going to be done. So I don't know what do you mean by him doing what "we" asked.

It's funny you mention "being constructive". It is precisely what has so many people scratching their heads at the destructive suicide of this project as it unrolls before our very eyes. As someone said before, this is Github drama at its best. But no one was asking for it. Like Jake Paul on Netflix we have to wonder why?

[DanielCordell]

@CenturySparkle mentioned NPM, I'd invite people to read through this if they haven't already. Very similar situation, well worth a read. https://github.com/zloirock/core-js/blob/master/docs/2023-02-14-so-whats-next.md

[Rahtgaz]

• Build pauses: not 100% sure about this one, but it seems users don't like it.

And the Sherlock prize of the week goes to...

[OrbisWill]

• Build pauses: not 100% sure about this one, but it seems users don't like it.

And the Sherlock prize of the week goes to...

The wording makes it sound like 'not liking it' was an unexpected side-effect. I'm pretty sure it is behaving exactly as designed but maybe I'm missing something :)

[DanielCordell]

But I clearly got the idea that the vast majority asked for SponsorLink to be completely removed from Moq.

@Rahtgaz As far as I'm aware, it's been removed no?, Someone posted a screenshot showing it was no longer bundled, and the MOQ packages that did contain it were removed from nuget. That was my impression at least.

I'm just personally against kicking someone while they're down, especially when they're actually taking steps in the right direction. People seem to just want to vent more than anything, especially when, as of this issue, all he's done is open source the damn thing. What is there to complain about that?

We should be encouraging someone when they make decisions like this. IMO If you wouldn't say it to a colleague you don't know, you shouldn't say it on a GitHub issue. Ofc some people may act like this to colleagues, so who knows.

[TeddMcAdams]

If you look through the git history on this project, it seems that @kzu hasn't done much of anything at all in the last two years, aside from monetization efforts? What ongoing development are we supporting exactly?

https://github.com/moq/moq/commits?author=kzu