Lifters are open source creators who partner with Tidelift to build a scalable income stream around their open source projects, by co-creating and promoting a product that's valuable to our enterprise customers. When you partner with Tidelift, you'll be working with us to provide the same kinds of maintenance and assurance guarantees for your project that enterprise customers have traditionally expected from commercial software.
We sell subscriptions that help organizations effectively manage open source. The Tidelift Subscription delivers the tools, data, and strategies powering an inclusive and organization-wide approach to improving the health and security of the open source software supply chain.
For each package, we define (and continually evolve) a set of responsibilities and tasks to ensure the package meets subscriber expectations around security, maintenance, and licensing. Subscribers also get access to release management tools, and as a lifter you can mark a preferred version or mark a version as deprecated. We'll also relay to you any suggestions or use-cases that subscribers want to share, however, we're always clear with subscribers that they do not have control over your roadmap.
"Lifting" a package means agreeing to take ownership of these responsibilities. Lifter tasks fall into four categories that provide value to you and our enterprise customers:
- Security: Researching vulnerabilities, implementing a coordinated disclosure plan, enabling 2-factor authentication
- Maintenance: Verifying versioning scheme, adding release streams, and resolving issues
- Licensing: Resolving license conflicts, verifying licenses
- Marketing: Telling potential subscribers about the Tidelift Subscription
Lifters get paid
Subscribers report their dependencies to Tidelift so we know which packages to keep an eye on for them. Using this same dependency information, we flood subscription payments down through the dependency graph—including dependencies of dependencies, transitively—so each subscriber's fees go to support the (lifted) packages they use.
Giving subscribers one source for open source
These days, "hello, world" applications can depend on a thousand packages. Developers need to know that all of those packages are under an acceptable license, are secure, have the same API they were expecting, and have someone maintaining them. Developers would love to know about new features or capabilities they should be using, or mistakes they should be avoiding. They'd like their dependencies to feel like one piece of software, with a known level of maturity and one place to keep track of changes.
To get here, we want to keep each package not only maintained, but maintained in a way that's visible to automated tools. For example, subscribers would love to follow relevant release notes without subscribing to a thousand distinct notification mechanisms.
The responsibilities we define for lifters feed into this goal, helping us present many diverse projects in a way that's easier for subscribers to manage.