Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
We need a new license that requires payment if the use is commercial. One of the people involved in the coining of the term “open source” is already working on a licence, but maybe another one will be released earlier.
Companies that freeload from open source now should be forced to pay up.
I made a little “reverse regex” library for fun ages ago. You give it a regex and it generates text from it. I thought of it as a toy, but people found use for it in unit testing. Eventually, someone forked it and added better test support because I am the world’s worst maintainer.
Anyway, I only say this because I learned that it is shockingly easy for some throw away idea you put up on GitHub to suddenly become the unpaid backbone of somebody else’s CI pipeline. Then, you’re getting angry PR’s and tickets about how a security issue or an unpatched dependency in your toy library NEEDS to be fixed and now you’ve got a new unpaid job!
Or you do what I did and abandon the project so one of the poor fools actually using it in production needs to maintain it. Us programmers though, we like when our code is being used, we like to help people, we want the work we put out there with our name on it to be a good representative of us, to show us as helpful, hard-working, and dependable. It can be so easy to fall into this feeling that because you wrote it, you “owe” your users some ongoing commitment.
And those users are often themselves beholden to their bosses, just trying to find the least-effort solution to get back to what they wanted to be working on. The shit all rolls down hill and ultimately I think our industry needs massive structural changes to thrive. I honestly sometimes muse about a return to the guild system. All feature requests and bug reports (and I mean like, globally, ALL tickets) come to the Guild and we shall assign them out under the principle of mutual aid (from each member according to ability, to each member according to their needs). In this way, the Guild will carefully train the next generation of holy adeptus mechanicus and make broad decisions on how technology can best serve the people.
I fully support you. But keep in mind that many PRs and issues have “spec wording”, where words such as NEED, REQUIRE, MUST and SHOULD are not commands upon somebody.
Fact: “The security of the world’s most critical software hangs on a small number of solo maintainers, the majority of whom are unpaid volunteers.”
Capitalism: PeOplE nEeD FiNANcial InCeNTivES, WiThOut NOoNe WoUld woRK.
We all need to demand that our governments start funds for open source software.
It’s fucking ridiculous that you volunteer your time to build software that benefits millions and billions of people and the government is just like “nah not a charitable contribution to us so you can get fucked in every way”.
And there are several individual EU countries that are moving to open source software, but so far they are not very keen on actually supporting their development. And sadly, EU is moving away from funding open source via Horizon program. https://www.theregister.com/2024/07/17/foss_funding_vanishes_from_eus/
Open Source tax for tech companies?
Guess that would be bad press.
When you draw a parallel to social charity both are largely volunteer based and underfunded. And both have direct and indirect gains for society.
Physical charity often serves basic needs. I’m not sure selecting qualifying quality open source projects is as easy. Need and gain assessments are a lot less clear.
If it’s about public funding distribution, I would like to see some FOSS funding too, but not at the cost of or equal or more than social projects.
How many FOSS projects actually benefit “millions and billions of people”? That kind of impact feels like it’s few and far between.
How many FOSS projects actually benefit “millions and billions of people”? That kind of impact feels like it’s few and far between.
Linux or any of the different projects and components that support it and it’s development, including all the dev tooling like git, languages, etc. etc. Basically any work on Firefox and web browsers, any work on Wikipedia or it’s supporting infrastructure, work on stuff like Lemmy and the fediverse likely will in the long run, torrents and the like, open source game engines, IDEs, Blender, Home Assistant etc. etc. etc.
There are a lot of open source projects that have a lot of rippling ramifications, and there is inherent benefit in having more open source software developed independently. If Firefox was a better funded and more competent alternative to Chrome we wouldn’t even have this whole Manifest v3 mess since Chrome would just lose all their users.
If Firefox was a better funded and more competent alternative to Chrome we wouldn’t even have this whole Manifest v3 mess since Chrome would just lose all their users.
I don’t think that’s an issue of competency - which I understand as functionality/feature parity in this wording.
Chrome gained and became this popular likely entirely due to Marketing and big-corp ecosystem network effect through pushing it - through Google, Google Docs, and related Alphabet services.
I don’t think Firefox was every really inferior. I’ve always preferred the dev tools and a few other things over Chrome. There was merely a time where performance was worse, but that likely only mattered in benchmarks - and marketing.
I think there is a much stronger argument for tech businesses being forced to finance and support FOSS. They are the ones directly benefiting from the free work.
Not a clue how to force that though, would probably need to be via some form of regulation. I can’t think of any good way to do it without leaving gaping loopholes for abuse. :(
Why just tech companies? Why not every industry that relies on open source software?
Quite frankly I do not see the point of crafting legislation this tailored, just fund it from general government resources and then generally tax the rich more.
The link is just a lot more direct, and easier to audit.
A car mechanic buys some software from a company, internally it uses FOSS. Now they have to support the project? They might not even know it uses FOSS internally, I never read those licence things.
Doing it via taxation is probably the easiest option, but then it runs into the problem of country X paying for support, and country Y gets to freeload.
The EU passed laws that require companies (under conditions) to ensure base requirements in their supply chain.
I think a digital equivalent could be possible and similar. Requiring reasonable security and sustainability assessment.
It’s not very obvious or simple to enforce, but would set requirements, and open up opportunities for fines and prosecution.
I agree, there is a lot of fluff. However I think FOSS is more of a web, not every piece of software has a billion users, but the collection of projects as a whole prop each other up. You have a language by itself, but also all of its libs that make the language useful.
I agree. The split and collective nature makes it hard to assess and fundamentally support though - which is what I was referring to in one point.
The bigger problem to me is that I have seen an untold number of open source developers that despise all manner of capitalism in the first place, so you can’t even pay them to work on things. It’s like they just want everyone to live under a rock in the woods and all be poor together or something. That’s not going to progress society very much IMO.
I’ve never heard of that in my life
You must not be active in any chat systems that are frequented by FOSS developers then? I see it constantly across Matrix, IRC, XMPP and other places.
Yes, there’s a few with some quirky opinions. All of them will take money in some way.
