Require every project homepage to link back to Gratipay project #4293
Comments
|
As far as I know, we rely on the social profile of the project owner and the public reviewing of the project. |
|
I don't think it's enough. As a casual giver, I use Gratipay's own list of projects to get inspired and figure out to whom to give. (Gratipay isn't so popular that I can serendipitously discover Gratipay links from projects.) So I see a project on Gratipay that I recognize, but owned by a person I don't. How do I know it's legit? Increasing my level of confidence and trust would lead to more donations, which is in everyone's interest. I don't want to have to vet the owner myself. |
|
Thanks for supporting open source through Gratipay, @philipmw! 😄 💃 In terms of verifying projects via links back to Gratipay, I can see how that would build trust. I don't know if we want to require it since that would add friction to the sign-up process., and we just worked pretty hard to remove friction from our sign-up process. If we do decide to require it then we'd need to account for existing projects somehow. In terms of implementation, I think we'd verify by fetching the homepage listed for the project and looking for a link back to the Gratipay project page. Does that sound right? We'd probably want to do this regularly (monthly?) in order for it to be meaningful. This would have a marketing upside as well, of course, because we'd get more links out in the world! :-) P.S. As @nobodxbodon mentions, we do vet all projects before accepting their application to join Gratipay. So you can safely assume that, to the best of Gratipay's own knowledge at the time of application, the owner of a project is who they say they are. As I recall, we've rejected or at least requested modifications in a handful of cases by now (right, @mattbk?). |
|
Yes. It's also recommended that if you think someone is an impostor, you get in touch with us. The review ticket (linked on project page) is a good way. I suppose we could document what was checked in order to approve projects, but that might make it easier for someone to hack the system. |
|
IMO this needs to be addressed both with short-term and longer-term adjustments in maybe both our review procedure and terms to create new projects, because we need as much trusting as possible, especially at this stage where our brand is still growing. Apparently our review process is not satisfying enough, especially without disclosing our standards in reviewing, and I consider it a very real concern which I can feel myself. Even if users could trust our brand 100%, it's always nice to have additional evidence that they can check themselves. Plus, as user already are contributing their money, I would try to save as much of their time as possible in chores like verifying if the owner is real and true, even if some users might be happy to do that. Short-term actions maybe: Longer-term action maybe: Another thought. The projects that are hosted on package managers like npm may need different treatment, but we can discuss somewhere else. |
|
Similar suggestion from Organisations should have twitter-like verification:
|
This is no longer true with Gratipay 2.0. Our project review process means that every project is verified. |
|
It would definitely make that part of the review process easier if people applied and then added a link to their project profile. What's the incentive for a project to do that? |
Getting on Gratipay at all, if we take @philipmw's suggestion. 😆 |
I have no problem documenting review steps if @gratipay/security says that's okay. If it helps, we can link to http://inside.gratipay.com/howto/review-accounts. |
|
We could add "link back to your project page on Gratipay" as a call to action when the form is successfully completed at https://github.com/gratipay/gratipay.com/blob/7fcd9df46f6894ea80886478619cf443817d6631/www/apply.spt |
That works for me, but before we invest too much energy here, I'm interested to hear again from @philipmw: Does knowing that we review and verify all projects on Gratipay increase your trust at all? |
|
Hello. Thanks for re-asking me for my feedback -- I am impressed with Gratipay's openness. I learned from this discussion that Gratipay vets every project. That does add trust, if you advertise it. But -- why wouldn't a project want to link from themselves to Gratipay? You suggest that it adds friction, but it adds so much value to both parties! To the customer, it simply increases donations. To you, it increases customers' awareness of you and your mission. Yet, I see that not all projects appreciate that. (For example, the Debian Handbook project doesn't link back to Gratipay, even in the section where they provide an alternative way to donate.) Maybe you can survey existing customers to see why they're reticent to link back to Gratipay on their sites. Does that signify a deeper problem? |
|
I definitely think we should encourage new projects to link back to their Gratipay page as part of the project onboarding flow, but I don't think we should require it.
All projects have an approved/review/rejected indicator, with a link to the review ticket for that project. If that's not clear enough then we should feed that into our next redesign of the project profile page.
We've got two or three issues with clear and strong customer demand (as measured by number of comments over the years). The one we're focusing on right now is #236. In other words I don't think we're at a loss for information about what to work on. |
I think the link back (to complete the loop) falls through the cracks. In some cases, I think this is because the review period stops the general flow. Even though most projects are accepted, the uncertainty means that users don't want to add a link to the project page on Gratipay until after they approve, and after a week goes by there are other things they are busy with. |
|
@philipmw, if we add a request to add a link back to Gratipay when we approve a project, would that suffice to close this issue for now? I would add this as an instruction at http://inside.gratipay.com/howto/review-projects, e.g., "When you approve a project, notify the owner via GitHub review issue or email, and request that they add a link to their Gratipay profile on their website." Rather than #4293 (comment), I'm thinking we could add a CTA to the notification email instead. |
Hello. I am new to Gratipay. I was browsing its list of projects, and had a thought: anyone could create a Gratipay account and claim to be the owner of {some useful existing project}. For example, four days ago someone created a Gratipay project "The Debian Handbook." Seems like a worthy project. But how do I know rhertzog, its owner, is really the owner of this handbook?
I propose that Gratipay enforces a new rule: the project's homepage must link back to to the Gratipay project.
The text was updated successfully, but these errors were encountered: