Lifters are full partners in Tidelift who are building a scalable income stream around their open source work, by co-creating and promoting a product that's valuable to our enterprise customers. When you partner with Tidelift, you'll be working with us to provide the same kinds of maintenance and assurance guarantees for your project that enterprise customers have traditionally expected from commercial software. Now, with the Tidelift Subscription (and your help), commercial users can purchase these guarantees for the open source projects they use.
We sell subscriptions that cover open source dependencies
To get a managed open source experience, including professional-grade assurances and long-term maintenance on their open source stack, companies and software teams can buy a Tidelift Subscription to manage all aspects of their open source dependencies.
Lifters agree to keep their package well maintained
For each package, we define (and continually evolve) a set of responsibilities and tasks to ensure the package meets subscriber expectations around security, maintenance, and licensing. Subscribers also get access to release management tools, so you can mark a preferred version or mark a version as deprecated. We'll also relay to you any suggestions or use-cases that subscribers want to share, but we're clear with them that they do not have control over your roadmap.
"Lifting" a package means agreeing to take ownership of these responsibilities.
Lifter tasks fall into four categories that provide value to you and our enterprise customers:
- Security - creating a coordinated disclosure plan, enabling 2-factor authentication
- Maintenance - adding release streams and resolving issues
- Licensing - resolving license conflicts, verifying licenses
- Marketing - telling potential subscribers about the Tidelift Subscription
Lifters get paid
Subscribers report their dependencies to Tidelift so we know which packages to keep an eye on for them. Using this same dependency information, we flood subscription payments down through the dependency graph—including dependencies of dependencies, transitively—so each subscriber's fees go to support the (lifted) packages they use.
Giving subscribers one source for open source
These days, "hello, world" applications can depend on a thousand packages. Developers need to know that all of those are under an acceptable license, are secure, have the same API they were expecting, and have someone maintaining them. They'd love to know about new features or capabilities they should be using, or mistakes they should be avoiding. They'd like their dependencies to feel like one piece of software, with a known level of maturity and one place to keep track of changes.
To get here, we want to keep each package not only maintained, but maintained in a way that's visible to automated tools. For example, subscribers would love to follow relevant release notes without subscribing to a thousand distinct notification mechanisms.
The responsibilities we define for lifters feed into this goal, helping us present many diverse projects in a way that's easier for subscribers to manage.