Exactly! The idea is to use available data for evaluating the value and risk of OSS and then allocate donations accordingly to the wide algo-based systemic index, not to a narrow set of manually picked projects (usually large or popular ones).
The current algorithm is far from being perfect (it's an MVP) and will never be, but with more measurable inputs and after multiple iterations with the help of the community, it can lead to an analogue of "S&P500" for OSS, that's worth using for donating to reduce the risk of the global OSS supply chain we all rely on.
As with publicly traded companies, having a decentralized set of private donors with skin in the game helps a lot to efficiently evolve the approach and make it harder to exploit in the future. And on the contrary, I would not trust an algorithm created and maintained by some state-owned or simply very large institution.
Even an index fund has some human-curated criteria for what to include, though, right? The S&P 500 isn't open to just anyone. So it seems totally legitimate to have it be not completely algorithmic.
If there were an "Open 500" that was trying to be like the open equivalent to the S&P 500, I would happily donate to it. Right now I do GitHub sponsors but it feels kind of random.
You just don't want to include projects like React or TypeScript that are operated by a for-profit company - they don't need our donations. You want it to be, this money is actually going to an organization that will invest it in software quality.
The current algorithm is far from being perfect (it's an MVP) and will never be, but with more measurable inputs and after multiple iterations with the help of the community, it can lead to an analogue of "S&P500" for OSS, that's worth using for donating to reduce the risk of the global OSS supply chain we all rely on.
As with publicly traded companies, having a decentralized set of private donors with skin in the game helps a lot to efficiently evolve the approach and make it harder to exploit in the future. And on the contrary, I would not trust an algorithm created and maintained by some state-owned or simply very large institution.