I think this submission should be re-titled. From the post, it seems that the author voluntarily declined funding from FLOSS/Fund because they "don't trust them, nor the India government, with processing and storing personal sensitive data"
DiabloD3 1 days ago [-]
I think it shouldn't.
The funding source was dropped by Github, and the terms Pocketbase accepted for funding include being paid through Github by FLOSS Fund. FLOSS Fund refused to follow the regulatory requirements to continue funding projects through Github, and Github dropped them as a funding source.
What the Pocketbase maintainer decided was to drop FLOSS Fund after they tried to renegotiate the contract in dangerous and unethical ways. FLOSS Fund chose to not follow regulatory requirements that Github required.
fdefitte 1 days ago [-]
Calling standard KYC paperwork for international wire transfers "dangerous and unethical" is a huge stretch. Every cross-border payment requires this stuff. The fund is literally trying to give away free money and the maintainer threw a fit because they had to fill out a tax form. I get being cautious about sharing personal info but framing compliance requirements as some kind of attack is drama for drama's sake.
carefree-bob 21 hours ago [-]
Whoah, everyone here who has a bank account - which I assume is pretty much everyone -- has gone through "standard KYC paperwork", and I've never been asked to send personal financial documents to an email inbox.
I've opened several bank accounts online and do online banking as well as brokerage and other accounts. Financial documents like this should be uploaded via secure portals and directly stored in encrypted databases with controlled access and network segmentation from the rest of the IT infrastructure.
I am editing this comment to say that I don't think what was being requested is malicious or unethical, but I hope you can understand why people would not feel comfortable doing this, even if they are fine with KYC processes in general.
miki123211 10 hours ago [-]
> I've never been asked to send personal financial documents to an email inbox.
Try going to a self-service short-term rental in the UK / EU. You'll find out 48 hours before the trip that you won't get the access code until you send a copy of your ID to weed+lower.6969@gmail.com, and there won't be time to argue.
RileyJames 12 hours ago [-]
Consumer banking: agree.
Corporate banking, I’ve seen exactly this. Asked to send PII docs via email to open accounts and do background checks.
Big 4 Australian bank.
Or I could go into a branch… but all they were going to do was email the copies to the same email address.
adolph 20 hours ago [-]
It'd be interesting to get a patio11 perspective on what is or is not "standard KYC paperwork" in a trans-national transaction.
This is false. I just did an international wire transfer a few weeks ago with no KYC.
jacquesm 23 hours ago [-]
Right, so you think.
But: your bank knows who you are and the recipient's bank knows who they are. Your transfer may have been below the increased attention threshold ($10K to $50K depending on the jurisdictions of both recipients).
Both your accounts are most likely not recent and in good standing.
And so on. I routinely make international wiretransfers as well but I'm under no illusion whatsoever that if I tried to cross an anti-money-laundering or anti-terrorism-financing threshold somewhere that the transfer would be immediately stopped and an investigation would ensue.
reenorap 22 hours ago [-]
Right but presumably the OP had an existing bank account. You can't wire money into thin air. Assuming OP is a regular person with a regular bank account, then further KYC isn't necessary. KYC for every international wire transfer is in fact not true at all, only for the edge case where a person wants to receive money and he has no existing account to transfer it in.
jacquesm 21 hours ago [-]
You can't just transfer money to a person that has no account. That's not an 'edge case' that just isn't how it works unless you want to use WU or something similar and even they have strict KYC requirements for larger sums.
If you want to move large amounts of money outside of the regular financial networks and oversight it is possible but (1) it will cost you (2) you will be breaking the law and (3) you may cause others to be breaking the law. Bitcoin would be one way to do it but even that is not nearly as anonymous as most of its users believe.
Banking is a regulated industry for a reason. There was a period (roughly until 2001, guess why) when banks were willing and able to bend the rules depending on who the customer was and how much money was involved. Those banks that continued to do this post 2001 have - if they're located in the West at least - had their ears bent in ways that they did not like one bit and even the Swiss now play ball.
Cash is becoming harder to use and harder to get. Money will most likely go digital in the West soon, the various governments don't like the unauditable and untaxable money streams that cash provides.
walletdrainer 20 hours ago [-]
> You can't just transfer money to a person that has no account. That's not an 'edge case' that just isn't how it works unless you want to use WU or something similar
Preeetty sure this is something explicitly supported via standard SWIFT messaging.
jacquesm 14 hours ago [-]
That the protocol (which predates a lot of legislation) supports it does not mean that your bank supports it. Give it a try though, I'd love to hear about it.
walletdrainer 13 hours ago [-]
Surely that just depends on how important of a customer you are.
I have no need for this, but have witnessed some pretty exotic swift messaging in my life and I wouldn’t be surprised if e.g. some banks in Africa have to regularly deal with this exact kind of situation.
jacquesm 2 hours ago [-]
I think that's enough goalpost moving for one discussion, we've gone from 'this is easy' to 'VIPs can have the rules bent, sometimes'. I've worked for a bank and I have seen some 'exotic Swift messaging' as well but I also know how rare it is. Joe average does not have access to this kind of feature through their telebanking interface, or any other means.
swiftcoder 13 hours ago [-]
That means either you did KYC paperwork in the past that is still covering new transactions, or that you haven't crossed the line that triggers KYC (in my experience, usually somewhere > $10-20k in cumulative transfers).
overfeed 22 hours ago [-]
The War on Terror Financing(tm) made KYC-less transfers using formal banking systems well nigh impossible. Your transaction was covered by past KYC (by your financial institution).
sreekanth850 1 days ago [-]
Are you saying sending money via Wire transfer is unethical? Its a standard way to send money in cross boarder transactions. Please do note that India is highly regulated for financial transaction that go outside the country so, please don't spread something like they are doing it illegally. Zerodha is a well known firm they are open about this funding. 1 Million every year just because they used many oss project. That is not un ethical.
DiabloD3 1 days ago [-]
From what I can tell, no, they weren't just asking for wire details. They were were asking for multiple forms of identification.
If I was in his place, I don't think I'd send everything required to steal my identity to some company in a foreign country that I have no legal recourse in.
rvnx 1 days ago [-]
The irony is that a lot of the KYC checks are actually done in India: Jumio, Onfido, LexisNexis, Refinitiv, HyperVerge, IDfy, Signzy (a lot of major banks)
So his ID is probably there already
justinclift 1 days ago [-]
Sure, but this would have changed that from "probably" to "definitely". :(
Propelloni 23 hours ago [-]
The e-mail posted somewhere in the comments, assuming it is legit, makes it clear that FLOSS Fund requires certain paperwork for tax reasons to the benefit of the receiver. Apparently the Pocketbase developer is receiving the money personally, which means it is income and will be taxed. Apparently, again, it would also be taxed in India (the seat of FLOSS Fund) and the paperwork would allow to avoid double taxation.
This appears much more reasonable to me than the hoops I have to jump through to declare my taxes as an US expatriate and avoid double taxation with my country of residence.
sreekanth850 21 hours ago [-]
*border. Late night typos.
bawolff 1 days ago [-]
Its a contract where they give money in exchange for basically nothing.
It may be reasonable for pocketbase to refuse, but i have trouble seeing floss fund being unethical or in the wrong when we're talking about giving away money for nothing. Especially when the ask is just fill out the paperwork for a wire transfer, the world standard for sending money internationally.
Onavo 1 days ago [-]
Don't think escrow is possible because of KYC requirements, then again the regulations in India might be different.
jacquesm 23 hours ago [-]
Escrow is the wrong tool for the job anyway.
rvnx 1 days ago [-]
Unethical ? "they want to issue a wire transfer, but I don't feel comfortable giving my IBAN"
If the IBAM is the concern you can create a separate IBAN with Wise / Revolut for example quite easily (and for free, and for sure cheaper than refusing the money).
protimewaster 1 days ago [-]
> FLOSS Fund refused to follow the regulatory requirements to continue funding projects through Github, and Github dropped them as a funding source.
The email they sent to Pocketbase (posted elsewhere in the thread) makes it sound like the regulatory issue with GitHub funding is still being worked on. The email also doesn't sound like it ruled out the option to wait until the GitHub situation potentially gets sorted out in the future and simply recommended that they use a wire transfer to get things moving.
jacquesm 23 hours ago [-]
That's not 'dangerous and unethical' by the normal standards of funding application. Sure, it's not a huge amount of money. But almost every fund has some paperwork requirements and most of them are a lot more onerous than this one.
Funds don't operate outside the legal framework, they are well within it and are expected to show their paperwork at the drop of a hat to any auditor that comes knocking. If they just wired sums that are at or near the reporting requirement to any callers they'd be in pretty hot water.
I've had an AML check for the grand sum of 900 euros once.
seany 19 hours ago [-]
Isn't this what monero is for?
fossmaintainer 1 days ago [-]
Here's the actual e-mail the fund sent:
Hey ******, I hope you're doing well. I apologise for the long delay on this disbursal from our end, and for not reaching out to you sooner.
I am writing to you with an update on GitHub Sponsors, your preferred mode of payment. Unfortunately, we're currently unable to process payments through GitHub Sponsors, Liberapay, OpenCollective, or similar platforms due to regulatory constraints. We still have no clarity on when this will become possible. We shared some context on this earlier here: https://floss.fund/blog/second-tranche-2025-anniversary/
We recommend that we move ahead with a wire transfer (although it involves some paperwork!). This involves:
1) Tax Residency Certificate (TRC) from your country of residence/incorporation for the current year.
2) Signed copy of the "No Permanent Establishment in India Declaration" (Template attached)
3) Form 10F to avoid double taxation for non-Indian entities and individuals. This is an online form that has to be filled out on the Indian Tax Department website. Instructions on how to fill it out are attached to this email. Please refer to this FAQ for more details.
4) Service Agreement – Please fill in the sections marked in yellow and send it back to us (Attached)
5) Invoice for the grant amount (sample attached with required fields highlighted, feel free to use your own invoice template if needed. Please mention "project development support" in the invoice description).
Once you have these, please send them over so that we can begin processing the payment.
Please note that these documents are required in our jurisdiction (India) for processing foreign payments. A percentage of the payment will be withheld as per the DTAA (Double-Taxation Avoidance Agreement) between India and your country, which the recipient can claim back while filing tax returns in their country. The specific withholding rate depends on the DTAA regulations between your country and India.
If you have any questions, please feel free to write to us.
Thank you once again for your patience
ExpertAdvisor01 1 days ago [-]
These are perfectly normal requests .
These are needed to reduce withholding taxes and claim treaty benefits .
dakolli 21 hours ago [-]
I'm not giving this kind of information over email ever. You better have some secure and compliant platform for me to submit these forms over or you can f off.
walletdrainer 20 hours ago [-]
If you’re turning down meaningful amounts of money because you consider this information too sensitive to share, you are a crazy person.
protimewaster 20 hours ago [-]
I imagine they're willing to accept them a different way. That email doesn't even specifically ask for the forms to be emailed. It just says to "send them over".
Also, I'd argue there are ways to make it reasonably secure over email. An encrypted attachment with a securely pre-shared key doesn't seem too risky IMO.
8cvor6j844qw_d6 1 days ago [-]
Looking at the required paperwork, I agree with Pocketbase to refuse funding.
mbreese 1 days ago [-]
If you were already setup as a non-profit entity with 501c3 US taxes (or similar in other locales), this would be straightforward. Or, even if you were a for-profit company taking part with an LLC or other corporate structure. In those cases, you probably already have an accountant or tax advisor to help handle this stuff. For smaller individual level contributors, I can see how the extra paperwork and overhead could create enough of a hassle to make it not worthwhile. Which is sad.
It looks like the author here is from Bulgaria, so who knows what other hassles they would have on their side.
choilive 1 days ago [-]
Why? I don't see it as particularly onerous. They are simply complying with their country's KYC requirements. I've gone through worse to accept payments from US citizens with a US corporation. KYC/AML is annoying but its pretty unavoidable unless you want to do crypto.
ExpertAdvisor01 1 days ago [-]
It's not really kyc .
It's just standard procedure to claim Double tax treaty benefits.
You can look at the us W8-BEN
graemep 1 days ago [-]
That seems reasonable. It mostly looks necessary to comply with tax and banking laws.
yorwba 1 days ago [-]
Where did you get that email from?
iririririr 1 days ago [-]
invoice for fund disbursement? are they trying to donate as expenses?
swiftcoder 1 days ago [-]
Most US companies take a tax deduction for charitable donations, I don't see why that wouldn't be the same for an Indian firm.
ExpertAdvisor01 1 days ago [-]
No it's just that the Indian company is required to withhold taxes .
But they want to use the double taxation treaty to claim benefits to reduce it
nwellnhof 1 days ago [-]
Paying individual OSS contributors without a service agreement is not a charitable donation with regard to taxes. It's not a deductible business expense and typically leads to double taxation.
BoredPositron 1 days ago [-]
It's a wire transfer not your medical records. Use escrow if you are paranoid.
anpat 1 days ago [-]
The conversation in comments seem to devolving in weird ways.
The OP (and others) have right to opinions but I see bunch of projects having successfully received their grants https://floss.fund/projects/2025. OpenSSL and Krita being the prominent ones that I recognize.
Calling the fund dangerous and unethical when they personally have zero control over regulations seems over the top to me.
nirava 23 hours ago [-]
I agree. Coming from a neighboring country with similarly strict rules on outgoing dollars, I've had many situations where sending money outside of the country, even for business purposes required an insane amount of paperwork, bureaucracy and sometimes bribery.
dakolli 21 hours ago [-]
Cool, I think its perfectly alright to not accept funds from nations where this type of thing is happening.
swiftcoder 13 hours ago [-]
Bribes aside, the US is one of those nation. I had to provide decades of account records when I wanted to move a sum of money from US -> EU a few years back, due to triggering the "might be funding terrorism" KYC threshold
DANmode 7 hours ago [-]
> sometimes bribery.
Go on.
ExpertAdvisor01 1 days ago [-]
These are very reasonable requirements .
These are just the requirements to claim treaty benefits .
A little bit of research wouldn't hurt.
You have to fill out the Form-10f to claim treaty benefits for the reduction of withholding tax on services and royalties .
These are the requirements:
Tax Residency Certificate (TRC) (= extract from cantonal commercial register)
• Non-Permanent Establishment Declaration (No PE Declaration)
• Form 10F: If you are registered accordingly, Form 10F can be submitted online.
This is very unprofessional in my opinion how pocket base handled that issue as this is a perfectly reasonable request .
It's a similar to the W8-BEN non us resident aliens have to file .
nirava 23 hours ago [-]
> These are very reasonable requirements
Sure, but they weren't the original requirements under which he accepted the funds. He accepted the funds assuming GitHub was going to be the mediator.
The new requirements require him to disclose significantly more information about himself. Maybe he isn't comfortable doing that? I wouldn't call it unprofessional.
throwaway150 22 hours ago [-]
Exactly. I don't understand why so many people think the maintainer has some obligation to accept the funds even when they aren't comfortable doing so. The terms of engagement changed. The decision changed. If they want to forgo the money, they have every right to forego the money.
ezekiel68 19 hours ago [-]
The maintainer has no obligation to accept funds. But the maintainer does have an obligation not to post that they "lost their funding" from FLOSS when it is they themselves who have refused it (on whatever grounds).
This isn't a simple grammar mistake by someone who may not use English as their first language. There is a blame game going on here which is the only unethical thing going on in the situation.
fn-mote 21 hours ago [-]
Possibly there should not be a front page article on the topic, though. With a title alleging worse than the facts substantiate.
ExpertAdvisor01 13 hours ago [-]
Agree
OsrsNeedsf2P 1 days ago [-]
[flagged]
embedding-shape 1 days ago [-]
Back in 2024, FLOSS/fund was described like this on HN:
> To apply, the project must place a funding.json in their public code repository or at a well-known uri location on their domain [...] That's already 10x more simpler than the 20 page document some of these other orgs have you fill. - https://news.ycombinator.com/item?id=41857032
But the author of the issue for Pocketbase writes:
> due to some unforeseen regulatory constraints their partnership with GitHub didn't seem to work out. Instead they want to issue a wire transfer from India requiring several cross-jurisdictional paperwork but I don't feel comfortable doing that
It's a shame that it didn't seem like they could work out how to keep it as simple, I wonder if basing it in a different country could have made a difference.
sreekanth850 1 days ago [-]
India have a strict process for sending and receiving money from outside as investment. Its mainly to avoid black money i guess.
nickff 1 days ago [-]
Many countries have similar controls; they're often represented as being anti-money-laundering, and anti-terrorism, but they are also used to control capital outflows, and improve tax compliance. I have never seen any evidence that this sort of control actually works to prevent money laundering or terrorist financing, but it does seem to help governments reduce monetary outflows and audit for tax compliance (when they bother to actually read what they receive).
Nexxxeh 1 days ago [-]
Given the impact of international terrorism and crime on India, minimising illicit money flow in and out of the country seems an inherently sensible precaution.
1 days ago [-]
dakolli 21 hours ago [-]
Sounds like its not the maintainers problem :/
a456463 1 days ago [-]
[flagged]
sentientslug 1 days ago [-]
I don’t think it’s fair to conflate the people of India with their government
philipwhiuk 1 days ago [-]
As a population they're responsible for picking their government.
swiftcoder 1 days ago [-]
We know democratic systems are barely working in little countries of 350 million people like the USA. Are we really surprised they are imperfect when scaled up to 1.5 billion people?
AmbroseBierce 1 days ago [-]
In the same way an adult is responsable for "picking" the religion they believe in, the one that it was imposed upon them by their parents during their childhood.
bogzz 1 days ago [-]
Such a shame. I so love Pocketbase, used it when I was trying out HTMX for a side project.
I get the sense that ganigeorgiev is feeling the thanklessness of open source work, and I so wish that he had an easier time of it.
That said, it's a shame that a FLOSS fund being based in India is reason enough for it to be avoided. Like, I understand that Indians might be overrepresented in the scam space right now, but avoiding funding because of it involving "sharing data with the Indian government" is very silly in my opinion. And insulting to India.
a456463 1 days ago [-]
The Indian Govt is dictatorial and segregational. It is a valid concern. Freedom of speech and privacy are not something the government cares about upholding.
leosanchez 1 days ago [-]
The Indian Govt is neither dictatorial not segregational. Maybe authoritarian which every Indian govt. after Independence.
4ndrewl 1 days ago [-]
Can you spell ICE, Flock and Ring?
notatoad 1 days ago [-]
Regardless of how authoritarian the government is in the project maintainer’s home country, exposing themselves to a second authoritarian jurisdiction is probably a bad idea.
k33n 1 days ago [-]
ICE doesn’t have a contract with Flock and Ring cancelled its partnership with Flock also.
devanampiya 22 hours ago [-]
NO, It is no INSULT to India at all. Present regime even has problem using the term "INDIA" for the country, if you observe they are representing it in political / non-political spaces as "Bharat" at least inside India.
They don't have guts doing the same in international platform. For Indians living outside a very Rosy picture of India is portrayed. People living in India know that, instead of REAL WORK that is supposed to happen for prosperity of country & it's people, they are just managing the show with propoganda machine & media. India will go into deep pits ( Paathaalam ) as long as this regime continues.
bogzz 10 hours ago [-]
...Guts? I genuinely don't know what field you're lobbing this from, but insinuating that referring to India as Bharat is for whatever reason a bad thing is asinine to me. This was a common name used in India even back in the pre-2009 days when I used to live there.
If you want to critique the anti-Muslim sentiment, democratic backsliding, or using nationalism as a veneer for corruption-- then I would have taken you seriously. AS it is though, even if it may not be rosy, on paper India is doing quite well.
leosanchez 17 hours ago [-]
> India will go into deep pits ( Paathaalam ) as long as this regime continues.
You can keep dreaming. I actually lived under the previous administration where there were power cuts every day for about 6-9 hours in summer.
Better keep your delusional politics to reddit.
Just to rub it in. Compared to the regime before 2014 where Prime Minister used to report to a foreign lady. I am pretty happy with the where the country is going.
arjie 24 hours ago [-]
Seems fine. The fund is Indian and is set up for open-source software. The money is going to come from India. If you're not in India you have to file paperwork. This is pretty normal stuff. If you don't want to file paperwork you can choose not to take money from the fund. Everything here is fine except this guy applied and only then realized the requirements. That's a mistake (because they'll now have to reallocate to someone they had to decline) but a very minor one.
The whole thing just seems in the realm of "I was going to pay for a car but then it cost too much" i.e. it's just stuff that you'd like to have but then you didn't want to do what it cost so you opted out. Quite a mundane thing.
Seems unnecessary to post about all this personal data this and stuff like that but in open-source software what you get in freedom you pay for in drama.
nirava 23 hours ago [-]
It looks like the paperwork requirements are understandable, but it's also quite reasonable to not want to bother with it.
I've also never had the impression that he really needed the money to continue maintaining Pocketbase.
He's entitled to his opinions, and if $30k is cheaper to him than his perceived breach of privacy and the hassle of paperwork, that's his prerogative.
ezekiel68 20 hours ago [-]
> because I don't trust them [FLOSS], nor the India government, with processing and storing personal sensitive data...
Whatever Pcketbase is (or does), we should all understand that the difficulty here has nothing to do with the merits of the project nor any decision made by FLOSS about it.
snthd 1 days ago [-]
Could floss.fund reach an agreement with foreign orgs with similar goals, and let them to the disbursement to individuals?
There are so many projects I could use pocketbase for, if only it supported Postgres.
I get the philosophical reasons behind why it doesn’t and why it’s SQLite only.
It’s just that in a corporate environment, I could trivially deliver full production ready applications because there is a team that handles all the Postgres replication/failover/ha/dr/backups/recovery for me. Pocketbase with pg would be super simple to deploy to a pod, getting 95% of production readiness done.
giancarlostoro 1 days ago [-]
> There are so many projects I could use pocketbase for, if only it supported Postgres.
So... you want Supabase? which is what Pocketbase is inspired by.
Onavo 1 days ago [-]
It's not single binary, you need to spin up a dozen or so containers and have a full DevOps team on standby if self hosting.
Dylan16807 1 days ago [-]
Yes, OP wants to hand the database to their team.
Onavo 1 days ago [-]
No. OP said they want to handle the database to their team. They didn't say anything about the auth, analytics, admin dashboards, real time change data management proxies, connection poolers to their team. Your modern backend as a service that's not pocketbase usually has a dozen moving parts.
Most enterprise teams have plug and play SQL databases ready to go, anything else would require more work with DevOps.
giancarlostoro 1 days ago [-]
Well yeah, that's the nature of using something like Supabase it is designed to scale and be flexible to develop on top of.
born-jre 1 days ago [-]
I am also building similar product but with different approach
And just using SQLite for now but plan on adding Postgres support ( orm I am using supports it ) … but nowhere near production ready. Due to buzz around products like litestream I feel like just SQLite is also viable nowadays. I also have own cdc based replication thing wip but yeah just having fun stage
i havent tried self hosting but it doesn't look too tricky
mc007 1 days ago [-]
setup is easy but you're stuck with one instance. they stripped all multi-tenant features and even the selfhosted version is missing essential features, scaling is off the table though.
slopinthebag 21 hours ago [-]
It's at least a starting point, since it's just a few different services and a docker-compose you can set up your own scaling. It's not like Pocketbase has multi-tenant or is able to scale OOTB either.
solarisos 1 days ago [-]
It's always a tough moment for the community when a project as polished as Pocketbase hits a funding wall. It highlights the 'single point of failure' risk in one-person maintainer projects, even when the tech is solid. I hope they find a sustainable path forward that doesn't require compromising on their 'no-build' or 'single file' philosophy.
1 days ago [-]
hifathom 22 hours ago [-]
The deeper issue isn't KYC paperwork — it's that we've built critical infrastructure on projects where a single maintainer's funding situation determines whether the software keeps evolving.
Pocketbase powers thousands of production apps. The fact that its development pace depends on whether one person can navigate international banking compliance is the actual story here, not the FLOSS fund drama.
Open source sustainability isn't a funding problem. It's a bus factor problem wearing a funding costume.
nemomarx 22 hours ago [-]
curious what your prompt and model was?
xannabxlle 1 days ago [-]
Is India really that backwards of a country that the author doesn't want to accept money from there?
agentifysh 1 days ago [-]
not sure what the controversy here is receiving funding isn't the funder owning or hosting pocketbase ?
logicziller 18 hours ago [-]
The people behind the fund are one of the driving forces behind opensource in India with a huge community. They've already disbursed funds to other major projects like ffmpeg ($100K), ntp ($60K), openssl ($100K), etc.
Author is just being silly.
giancarlostoro 1 days ago [-]
That's a shame, would love to know if "FLOSS fun" is legit or not. Seems like a mess.
samalander 1 days ago [-]
Pocketbase is such a smooth and easy-to-use database - great for people starting with web dev. I'm disappointed that it's not going to get the continued funding that it deserves.
embedding-shape 1 days ago [-]
> it's not going to get the continued funding that it deserves
I don't think they ever saw that funding in the first place, if I'm reading "not waiting for the disbursal before making big announcements" correctly. I guess you need to be disappointed about them never receiving it in the first place, although it doesn't seem like the project owner would necessarily agree with you.
yieldcrv 1 days ago [-]
USDC has been an option for nearly 10 years
You can circumvent international wire transfers for cheaper and faster
The same banks give less scrutiny to domestic transfers so just convert your international wires into domestic ones - from the domestic exchange to your domestic bank account
We’ve done that specifically with our Indian vendors and vice versa for 10 years
there are options that are stable and regulated, so there is absolutely no reason to appeal to the authority of an antiquated and onerous regulation
Rendered at 22:45:10 GMT+0000 (Coordinated Universal Time) with Vercel.
The funding source was dropped by Github, and the terms Pocketbase accepted for funding include being paid through Github by FLOSS Fund. FLOSS Fund refused to follow the regulatory requirements to continue funding projects through Github, and Github dropped them as a funding source.
What the Pocketbase maintainer decided was to drop FLOSS Fund after they tried to renegotiate the contract in dangerous and unethical ways. FLOSS Fund chose to not follow regulatory requirements that Github required.
I've opened several bank accounts online and do online banking as well as brokerage and other accounts. Financial documents like this should be uploaded via secure portals and directly stored in encrypted databases with controlled access and network segmentation from the rest of the IT infrastructure.
I am editing this comment to say that I don't think what was being requested is malicious or unethical, but I hope you can understand why people would not feel comfortable doing this, even if they are fine with KYC processes in general.
Try going to a self-service short-term rental in the UK / EU. You'll find out 48 hours before the trip that you won't get the access code until you send a copy of your ID to weed+lower.6969@gmail.com, and there won't be time to argue.
Corporate banking, I’ve seen exactly this. Asked to send PII docs via email to open accounts and do background checks.
Big 4 Australian bank.
Or I could go into a branch… but all they were going to do was email the copies to the same email address.
https://www.bitsaboutmoney.com/archive/kyc-and-aml-beyond-th...
But: your bank knows who you are and the recipient's bank knows who they are. Your transfer may have been below the increased attention threshold ($10K to $50K depending on the jurisdictions of both recipients).
Both your accounts are most likely not recent and in good standing.
And so on. I routinely make international wiretransfers as well but I'm under no illusion whatsoever that if I tried to cross an anti-money-laundering or anti-terrorism-financing threshold somewhere that the transfer would be immediately stopped and an investigation would ensue.
If you want to move large amounts of money outside of the regular financial networks and oversight it is possible but (1) it will cost you (2) you will be breaking the law and (3) you may cause others to be breaking the law. Bitcoin would be one way to do it but even that is not nearly as anonymous as most of its users believe.
Banking is a regulated industry for a reason. There was a period (roughly until 2001, guess why) when banks were willing and able to bend the rules depending on who the customer was and how much money was involved. Those banks that continued to do this post 2001 have - if they're located in the West at least - had their ears bent in ways that they did not like one bit and even the Swiss now play ball.
Cash is becoming harder to use and harder to get. Money will most likely go digital in the West soon, the various governments don't like the unauditable and untaxable money streams that cash provides.
Preeetty sure this is something explicitly supported via standard SWIFT messaging.
I have no need for this, but have witnessed some pretty exotic swift messaging in my life and I wouldn’t be surprised if e.g. some banks in Africa have to regularly deal with this exact kind of situation.
If I was in his place, I don't think I'd send everything required to steal my identity to some company in a foreign country that I have no legal recourse in.
So his ID is probably there already
This appears much more reasonable to me than the hoops I have to jump through to declare my taxes as an US expatriate and avoid double taxation with my country of residence.
It may be reasonable for pocketbase to refuse, but i have trouble seeing floss fund being unethical or in the wrong when we're talking about giving away money for nothing. Especially when the ask is just fill out the paperwork for a wire transfer, the world standard for sending money internationally.
If the IBAM is the concern you can create a separate IBAN with Wise / Revolut for example quite easily (and for free, and for sure cheaper than refusing the money).
The email they sent to Pocketbase (posted elsewhere in the thread) makes it sound like the regulatory issue with GitHub funding is still being worked on. The email also doesn't sound like it ruled out the option to wait until the GitHub situation potentially gets sorted out in the future and simply recommended that they use a wire transfer to get things moving.
Funds don't operate outside the legal framework, they are well within it and are expected to show their paperwork at the drop of a hat to any auditor that comes knocking. If they just wired sums that are at or near the reporting requirement to any callers they'd be in pretty hot water.
I've had an AML check for the grand sum of 900 euros once.
Hey ******, I hope you're doing well. I apologise for the long delay on this disbursal from our end, and for not reaching out to you sooner.
I am writing to you with an update on GitHub Sponsors, your preferred mode of payment. Unfortunately, we're currently unable to process payments through GitHub Sponsors, Liberapay, OpenCollective, or similar platforms due to regulatory constraints. We still have no clarity on when this will become possible. We shared some context on this earlier here: https://floss.fund/blog/second-tranche-2025-anniversary/
We recommend that we move ahead with a wire transfer (although it involves some paperwork!). This involves:
1) Tax Residency Certificate (TRC) from your country of residence/incorporation for the current year.
2) Signed copy of the "No Permanent Establishment in India Declaration" (Template attached)
3) Form 10F to avoid double taxation for non-Indian entities and individuals. This is an online form that has to be filled out on the Indian Tax Department website. Instructions on how to fill it out are attached to this email. Please refer to this FAQ for more details.
4) Service Agreement – Please fill in the sections marked in yellow and send it back to us (Attached)
5) Invoice for the grant amount (sample attached with required fields highlighted, feel free to use your own invoice template if needed. Please mention "project development support" in the invoice description).
Once you have these, please send them over so that we can begin processing the payment.
Please note that these documents are required in our jurisdiction (India) for processing foreign payments. A percentage of the payment will be withheld as per the DTAA (Double-Taxation Avoidance Agreement) between India and your country, which the recipient can claim back while filing tax returns in their country. The specific withholding rate depends on the DTAA regulations between your country and India.
If you have any questions, please feel free to write to us.
Thank you once again for your patience
These are needed to reduce withholding taxes and claim treaty benefits .
Also, I'd argue there are ways to make it reasonably secure over email. An encrypted attachment with a securely pre-shared key doesn't seem too risky IMO.
It looks like the author here is from Bulgaria, so who knows what other hassles they would have on their side.
You can look at the us W8-BEN
The OP (and others) have right to opinions but I see bunch of projects having successfully received their grants https://floss.fund/projects/2025. OpenSSL and Krita being the prominent ones that I recognize.
Calling the fund dangerous and unethical when they personally have zero control over regulations seems over the top to me.
Go on.
These are just the requirements to claim treaty benefits . A little bit of research wouldn't hurt.
You have to fill out the Form-10f to claim treaty benefits for the reduction of withholding tax on services and royalties .
These are the requirements:
Tax Residency Certificate (TRC) (= extract from cantonal commercial register) • Non-Permanent Establishment Declaration (No PE Declaration) • Form 10F: If you are registered accordingly, Form 10F can be submitted online.
Source: https://www.s-ge.com/en/article/export-knowhow/2023-e-india-...
This is very unprofessional in my opinion how pocket base handled that issue as this is a perfectly reasonable request .
It's a similar to the W8-BEN non us resident aliens have to file .
Sure, but they weren't the original requirements under which he accepted the funds. He accepted the funds assuming GitHub was going to be the mediator.
The new requirements require him to disclose significantly more information about himself. Maybe he isn't comfortable doing that? I wouldn't call it unprofessional.
This isn't a simple grammar mistake by someone who may not use English as their first language. There is a blame game going on here which is the only unethical thing going on in the situation.
> To apply, the project must place a funding.json in their public code repository or at a well-known uri location on their domain [...] That's already 10x more simpler than the 20 page document some of these other orgs have you fill. - https://news.ycombinator.com/item?id=41857032
But the author of the issue for Pocketbase writes:
> due to some unforeseen regulatory constraints their partnership with GitHub didn't seem to work out. Instead they want to issue a wire transfer from India requiring several cross-jurisdictional paperwork but I don't feel comfortable doing that
It's a shame that it didn't seem like they could work out how to keep it as simple, I wonder if basing it in a different country could have made a difference.
I get the sense that ganigeorgiev is feeling the thanklessness of open source work, and I so wish that he had an easier time of it.
That said, it's a shame that a FLOSS fund being based in India is reason enough for it to be avoided. Like, I understand that Indians might be overrepresented in the scam space right now, but avoiding funding because of it involving "sharing data with the Indian government" is very silly in my opinion. And insulting to India.
If you want to critique the anti-Muslim sentiment, democratic backsliding, or using nationalism as a veneer for corruption-- then I would have taken you seriously. AS it is though, even if it may not be rosy, on paper India is doing quite well.
You can keep dreaming. I actually lived under the previous administration where there were power cuts every day for about 6-9 hours in summer.
Better keep your delusional politics to reddit.
Just to rub it in. Compared to the regime before 2014 where Prime Minister used to report to a foreign lady. I am pretty happy with the where the country is going.
The whole thing just seems in the realm of "I was going to pay for a car but then it cost too much" i.e. it's just stuff that you'd like to have but then you didn't want to do what it cost so you opted out. Quite a mundane thing.
Seems unnecessary to post about all this personal data this and stuff like that but in open-source software what you get in freedom you pay for in drama.
I've also never had the impression that he really needed the money to continue maintaining Pocketbase.
He's entitled to his opinions, and if $30k is cheaper to him than his perceived breach of privacy and the hassle of paperwork, that's his prerogative.
Whatever Pcketbase is (or does), we should all understand that the difficulty here has nothing to do with the merits of the project nor any decision made by FLOSS about it.
eg https://www.spi-inc.org/ https://nlnet.nl/
I get the philosophical reasons behind why it doesn’t and why it’s SQLite only.
It’s just that in a corporate environment, I could trivially deliver full production ready applications because there is a team that handles all the Postgres replication/failover/ha/dr/backups/recovery for me. Pocketbase with pg would be super simple to deploy to a pod, getting 95% of production readiness done.
So... you want Supabase? which is what Pocketbase is inspired by.
Most enterprise teams have plug and play SQL databases ready to go, anything else would require more work with DevOps.
https://github.com/blue-monads/potatoverse
https://supabase.com/docs/guides/self-hosting/docker
i havent tried self hosting but it doesn't look too tricky
Pocketbase powers thousands of production apps. The fact that its development pace depends on whether one person can navigate international banking compliance is the actual story here, not the FLOSS fund drama.
Open source sustainability isn't a funding problem. It's a bus factor problem wearing a funding costume.
Author is just being silly.
I don't think they ever saw that funding in the first place, if I'm reading "not waiting for the disbursal before making big announcements" correctly. I guess you need to be disappointed about them never receiving it in the first place, although it doesn't seem like the project owner would necessarily agree with you.
You can circumvent international wire transfers for cheaper and faster
The same banks give less scrutiny to domestic transfers so just convert your international wires into domestic ones - from the domestic exchange to your domestic bank account
We’ve done that specifically with our Indian vendors and vice versa for 10 years
there are options that are stable and regulated, so there is absolutely no reason to appeal to the authority of an antiquated and onerous regulation