We’ve recognized that one of the biggest challenges to shipping v2.0 is not having enough time to devote to contributions. Our bounty program is hoping to spur interest from the community in the urllib3 project and fairly pay contributors for their time and experience.
The bounty program works by marking issues with bounty amounts we’re willing to pay for anyone to complete an issue. Don't worry if you're not an existing contributor — new contributors are welcome and encouraged!
Bounty amounts start at $100 for small issues and most issues are $300 or more. Each issue includes a series of tasks that must be completed in order to receive the bounty. Bounties are paid out through our public Open Collective balance.
We’ve already seen early success from the “soft launch” of our bounty program. urllib3 maintainer Quentin Pradet tweeted about a single issue with a bounty and ended up generating enough interest for 3 new contributors to open 5 new pull requests! We’ve also already paid out for two bounties.
CPython has experimental support for OpenSSL 3.0 with "known performance regressions, missing features and potential bugs". Major distributions ship Python with OpenSSL 3.0 though, which breaks urllib3 tests. 😿— Quentin Pradet 🇪🇺 (@quentinpradet) June 6, 2022
Help us understand why and get paid $300! https://t.co/xoJ3c89Po3
If you're interested we've documented the process which includes finding an issue with a bounty, completing the issue, and submitting an expense to Open Collective to be paid. If you have any questions about the process you can ask in our community Discord or by emailing a maintainer.
This bounty program is an experiment so we’re looking to learn how this model can work for our project and share our findings with the rest of the open source community.
Spotify announced the recipients of the 2022 Spotify FOSS Fund and urllib3 was among the 8 projects receiving funding. urllib3 was awarded €13,000 from the total fund of €100,000. In the announcement post it was noted that Spotify had over 2400 dependencies and 59 nominations from staff which were narrowed down to 18 which met eligibility criteria and finally 8 projects which received funding.
The v2.0 milestone on GitHub tracks our progress towards the v2.0 release of urllib3. Since the last newsletter 7 issues have been closed, leaving only 8 open issues remaining for a v2.0 release. We’re hoping through our bounty program we’ll see an increase in velocity towards a v2.0 release!
Of the issues closed, here are the highlights:
SSLContext.hostname_checks_common_namesetting if explicitly enabled by user (#2518)
FAILEDTELLto use valid type hints instead of
Back in September of 2021 OpenSSL 3.0.0 was released. Some time after the release of OpenSSL 3.0 various operating systems like Ubuntu 22.04 and Fedora 36 have started using OpenSSL 3.0 instead of OpenSSL 1.1.1 as their default version of OpenSSL.
This is exciting news for OpenSSL but requires more testing for urllib3 to make sure code won't break when using this new OpenSSL release. Currently support for OpenSSL 3.0 in CPython at the time of writing is preliminary and experimental. To ensure urllib3 users don't experience failures when using OpenSSL 3.0 we've started testing against both OpenSSL 1.1.1 and 3.0 in our continuous integration. This includes testing against the cryptography package which is currently compiled with OpenSSL 3.0.3 starting in v37.0.0. This change was completed by Illia Volochii and rewarded as a part of our bounty program.