Open source maintainers underpaid, swamped by security, and going gray

Original Article ↗ Hacker News Discussion ↗

Sustainability & Economics of Open Source

  • Many see core OSS infrastructure as unsustainably dependent on unpaid or underpaid individuals, especially as security workload grows and users expect quick support.
  • Others argue OSS has always been voluntary: if it stops being fun or feasible, maintainers should stop; users aren’t “owed” anything beyond the license.
  • Economic framing: this is a resource-allocation problem (similar to teaching/nursing); society relies on OSS without aligning incentives for its maintenance.

Corporate Dependence & (Lack of) Funding

  • Strong sentiment that large companies extract enormous value while contributing little money or maintenance.
  • Skeptics respond that firms logically avoid paying when licenses and norms say they don’t have to; donations are unlikely to scale.
  • Some note many major projects (Linux, compilers, Kubernetes) are primarily maintained by paid corporate staff, but “long tail” dependencies remain unfunded.

Licensing & Business Models

  • Heated debate: permissive licenses seen as enabling “privatization” of volunteer work; copyleft (GPL, AGPL) and weak copyleft (MPL, EUPL) framed as tools to force contribution of changes.
  • Opponents counter that copyleft doesn’t stop corporate benefit and that most contributions happen when it’s in a company’s self‑interest, license aside.
  • Growing interest in source‑available and “fair use” licenses to block big-cloud monetization, though critics see these as non‑OSS and corrosive to the ecosystem.

Contributor Experience, Governance & Culture

  • Many report frustration: PRs rejected on taste or scope grounds, opaque steering committees, “open source but closed contributions.”
  • Maintainers emphasize their right to say no to avoid scope creep and maintenance burden; advise discussing changes before coding, and forking when visions diverge.
  • Some lament a shift from early “fun, hacker” culture toward bureaucracy, resume‑driven contributions, culture‑war politics, and hostile issue trackers.

Security, Dependencies & Tooling

  • Micro‑dependency cultures and automated vuln scanners generate constant, often low‑value “urgent” alerts; security now consumes much more maintainer time.
  • Some blame language/tool choices (C/C++ and low‑level stacks) for burnout; others dismiss this as irrelevant compared to structural and economic issues.

Proposed Remedies

  • Ideas include: government/sector funds or taxes for OSS, pledges and platforms to route money to dependencies, UBI to free people to contribute, unions (questioned as impractical), and clearer boundaries (e.g., source‑available, paid support, disabling public issue trackers).