We all depend on open source. We will defend it together

Original Article ↗ Hacker News Discussion ↗

Corporate-led initiative & governance

  • Many see Akrites as centralizing control of “the commons” in a closed, NDA-bound corporate circle, contrary to free/open ideals.
  • Skepticism is heightened by the roster: large cloud, AI, and finance firms often criticized as major free‑riders on OSS.
  • Others argue this is a normal industry consortium pattern; these companies already fund and staff much core infrastructure and share security intelligence elsewhere.

Security model & “maintainer of last resort”

  • Questions: how is “critical” defined, who decides, and how will they take over when maintainers are absent or uncooperative? Forks vs upstream? Impact on old LTS systems?
  • Concern that fixes and vuln info will circulate privately among members before public disclosure, potentially creating an elite early‑access tier.
  • Some see this as a pragmatic response to regulations (e.g., EU CRA/RED) forcing vulnerabilities to be fixed somewhere, somehow.

AI, vulnerability discovery, and PR “slop”

  • Strong worry that this becomes an AI‑driven “slopdump”: mass low‑quality reports and patches that burn out maintainers.
  • Current pain point: PR spam and bug‑bounty noise already degrading trust and community norms; some suggest AI will amplify this.
  • Others note AI can also help closed‑source security via reverse engineering, but this project is explicitly OSS‑focused.

Open source funding, labor, and licensing

  • Repeated calls for “We will fund it together,” not just “defend” with tooling and PRs. Hardware and maintainer salaries are cited as concrete needs.
  • Discussion of corporations extracting value from permissively licensed code (MIT/Apache), versus stronger copyleft/AGPL that might have changed today’s landscape.
  • Some argue commercial entities provide most “useful” OSS; others counter that they primarily latch onto existing successful projects and resist stronger licenses.

Cultural and political perspectives

  • One long thread contrasts Western “commons” and hobbyist cultures with East Asian, vendor‑centric, corporate education paths and language barriers.
  • Debate over whether this is really “corporate vs OSS” or a more complex, interdependent ecosystem conflict.

Big vs small open source

  • Distinction between “big OSS” (Linux, Kubernetes, etc.) already heavily corporate‑funded and governed, and the vast long tail of tiny critical libraries run by unpaid individuals.
  • Many fear Akrites will focus on the former while leaving the latter’s structural underfunding and burnout largely untouched.