One of the early MOSS recipients was Buildbot, a Python-based continuous integration server. We interviewed Bill Deegan, a lead developer, about his experience with the MOSS program:
Another project in the Python world is the Python Package Index. PyPI is at the core of the Python ecosystem, supporting the download of over 100 million packages every week. However, the software platform it runs on has been getting harder to modify and improve for a while. s a result, the Python community has begun developing a replacement – “Warehouse” – using modern frameworks and techniques. Mozilla was pleased to award that effort $170,000 to push it over the finish line to a place where it can replace the existing codebase.
We have also supported a number of projects in the past quarter that we believe will advance a free and healthy Internet. Mozilla is directly enhancing the products and services we offer our users based on many of the technologies these grantees are developing.
- $60,000 to Harfbuzz, a text rendering and shaping engine, to improve their documentation;
- $65,000 to Zappa, a “server-less” application deployment system, to improve its scalability and build an ecosystem around microservices;
- $25,000 to Tatoeba, a platform for submitting and storing voice data, to integrate it with Common Voice and deal with some licensing-related issues;
- $160,000 to the Tor Project’s Open Observatory of Network Interference, which tracks network-level taps, modifications and outages around the world, to make their gathered data more accessible, and improve their client software.
Global Mission Partners
Additionally, the assessment of applications for the first round of “Global Mission Partners: India” led to a single award of $19,000, to the Commento project. Commento is a lightweight embeddable discussion system for websites.
We will be conducting a review of our processes relating to this round of work in India, before before initiating further rounds.
Secure Open Source
In this quarter, under the Secure Open Source arm of MOSS, we expanded the scope of the program by funding development of secure code projects. Some principal developers on the libav media library project are building rust-av, a similar library written in Rust, which can take advantage of that language’s type, memory, and data safety properties. We are providing $71,356 (€51,000) to help that group towards making a Minimum Viable Product and demonstrating the plausibility of their approach. Media libraries are common pieces of software which are exposed to malicious input and which have a large attack surface (every codec enabled adds more); many bugs leading to system compromise have historically been found in them. Having an option with a Rust core can help mitigate that security risk.
Applications for “Foundational Technology” and “Mission Partners” remain open, with the next batch deadline being the end of January 2018 – only eight days away! Please consider whether a project you know of could benefit from a MOSS award. Encourage them to apply! You can also submit a suggestion for a project which might benefit from an SOS audit.