In an excellent example of one of the most overused XKCD images, the libxml2 library has for a little while lost its only maintainer, with [Nick Wellnhofer] making good on his plan to step down by the end of the year.
While this might not sound like a big deal, the real scope of this problem is rather profound. Not only is libxml2 part of GNOME, it’s also used as dependency by a huge number of projects, including web browsers and just about anything that processes XML or XSLT. Not having a maintainer in the event that a fresh, high-risk CVE pops up would obviously be less than desirable.
As for why [Nick] stepped down, it’s a long story. It starts in the early 2000s when the original author [Daniel Veillard] decided he no longer had time for the project and left [Nick] in charge. It should be said here that both of them worked as volunteers on the project, for no financial compensation. This when large companies began to use projects like libxml2 in their software, and were happy to send bug reports. Beyond a single Google donation it was effectively unpaid work that required a lot of time spent on researching and processing potential security flaws sent in.
Of note is that when such a security report comes in, the expectation is that you as a volunteer software developer drop everything you’re working on and figure out the cause, fix and patched-by-date alongside filing a CVE. This rather than you getting sent a merge request or similar with an accompanying test case. Obviously these kind of cases seems to have played a major role in making [Nick] burn out on maintaining both libxml2 and libxslt.
Fortunately for the project two new developers have stepped up to take over as maintainers, but it should be obvious that such churn is not a good sign. It also highlights the central problem with the conflicting expectations of open source software being both totally free in a monetary fashion and unburdened with critical bugs. This is unfortunately an issue that doesn’t seem to have an easy solution, with e.g. software bounties resulting in mostly a headache.
A million blind eyes make no bugs shallow, and an unpaid maintainer reluctant to work, makes no project go anywhere.
It has an easy solution: use commercial for-profit software, where the developers get paid for responding to user needs, and stop faffing about with idealistic notions about Freedom of software. People are free, having people work for you is not.
Pretty idealistic to think that developers behind commercial software get to respond to user needs, instead of the latest fancy of the boss and marketing.
And when they do, they do it by using open source software, as software is now so complex that starting from ground up is infeasible.
Yeah that’s a laughably naive view. Commercial software is not there for user needs. Also there are very good reasons why large open source projects often outlast commercial closed source ones. Works for some niches, not so much for others.
Then why would anyone buy it? What’s the point if it doesn’t serve any need?
Of course it exists for users – because without customers there’s no money. What you’re observing is the lack of true competition forcing everyone to pick the least bad option out of a bunch of monopolistic abusers. A bunch of people tinkering with their “Free” projects in their spare time and ignoring the users doesn’t cut it – you need the spit and polish, actual UI/UX design and paradigms, actual products that you can hand over and put a price sticker on.
But that’s apparently so hard that people are willing to live in the software equivalent of a tin-roof favela and whine about having to do free work, voluntarily.
Commercial software exists to make money for its owners.
Monopolistic abusers and a lack of competition are natural consequences of market forces.
There will always be a mix of free software (usually at the library end with little UI/UX involved) and commercial (usually at the opposite end – see any good CAD worth using, for example.)
There is no model where charging just for an xml library makes any sense. Any moderately complicated piece of modern software is often made up of thousands of little dependencies.
As I said, no customers, no money. Customers not pleased become ex customers.
Natural, but not necessary. It follows if nobody else is willing to step up to the plate, which follows naturally when the people who could do all sorts of stuff start to believe in the ideas of software hippies instead, and conclude that business and making money is evil – “software should be Free!” – so you should not even try.
There’s many ways to dig your own grave.
Yeah. It would be like selling just one kind of nut and bolt. I wonder if there’s a business model where you could sell many different kinds, so it would be more efficient like that.
Commercial software primarily exists in order to make money, /especially/ these days and when dealing with increasingly large corporate behemoths.
The primary problems here are: (a) user expectations, (b) communications and transparency issues, and (c) non-participation in the development process by businesses relying on the software while still expecting the benefits.
It is a /people/ problem and not so much of an issue with approaches to software development.
Same as how the shanty town outlasts the city skyscraper. One gets torn down once in a while to be replaced with a newer, better one – while the other continues to live it is own rubble, always shifting and changing but never improving.
Many large open source projects have been around for decades and still haven’t risen to the level of professionalism of their commercial counterparts all those years ago. For example, GIMP is still absolutely atrocious.
Meanwhile, KiCAD isn’t terrible, because the industry actually put some money into it, so people would have a free EDA software to design boards to be manufactured using their paid services out of the parts they’re selling. You see, being open or closed source isn’t the debate here, but being funded for commercial purposes, because there’s a user for the software who wants to pay for its development because it fills their needs.
so you in the end you get it, even with example! lovely :D problem is not opensource/use of it. Problem are companies which use OSS do not support them way they should be. Regarding hat of OSS, lets say libxml2 was closed source provided as binary with same usage. Well, everyone will be f&cked right now.
GIMP isn’t Adobe Photoshop/Illustrator, but that doesn’t make it atrocious. It is simply not perfect software and presents an unfamiliar interface and a steeper learning curve.
Humans are mostly a bunch of lazy monkeys, just like our wild primate cousins.
Anybody who expects open source software to ever “rise to the level of professionalism of their commercial counterparts” is a fool that expects to get something for nothing.
We do in my shop! I wouldn’t go holding it up as perfection though. It just means we often get dragged down tangents for niche requests by small numbers of squeaky wheels while things that would benefit all the users get neglected.
There is no way to achieve perfection.
That’s where the point of voting with your wallet comes in. The consumer has a responsibility as well – pick the companies that cater to you, not the shareholders or some deranged techno mogul.
The main problem is that there’s no competition. Everyone’s whining about it, but nobody’s doing anything. I’m sitting here with a wad of cash in my hand, and I don’t want Microsoft, I don’t want Apple, and I don’t want a candy-wrapped Ubuntu that works like crap. Who’s wants to pick it up? Anybody? Nobody?
“What’s in it for…” Oh, I know, piracy. Just look at the Amiga.
Well, to some degree you’re making Le Roux Bodenstein point. The OS you want does not exist because it does not make money for their owners. They’re neck deep in monetization and services offerings (I’m projecting my own gripe).
unfortunately in this case the “commercial for-profit software” is using this library. Most of the time there is simply no viable alternative for these type of libraries, there are many such cases.
Modern software is never ever written from scratch, it always has tons of dependencies. If not the software, then the compiler, if not it then the operating system.
In that case, the solution is obvious: stop working for free and the solution will present itself because someone’s profits depend on it. Suddenly money appears to pay actual developers a salary to keep it working.
As long as you keep giving your work away for free, people will take it and then whine that you aren’t doing more.
Then they should stop profiting off of free labor and pony up some cash. If it’s really that important to them, they’ll show it via financial support (be that directly or via a paid developer to maintain it).
If that’s too much to ask, then perhaps this software isn’t important enough to maintain.
The tragedy is that a business and an economy that structures itself around underpaid labor cannot survive when they would have to start paying actual money to their people. They don’t have the money because they’re ripping their profits off the backs of the people.
It’s like the import business: unsustainably cheap products from low-income countries are sold to people who can no longer buy anything else, because they’re out of jobs and wages for making those products. This is exploiting both the customer and the outsourced laborer at the same time, because it impoverishes them both. The same prices could not be sustained if the business had to source locally, so if the cheap imports dry up, the whole business goes belly up.
Now can you take the same principle, and put two and two together about working for free in the software industry?
Or, we could forget all the idealistic notions. Let people create the commercial AND the free software that they wish to create. Each choose for ourselves which to use. Use contribute-to or buy code at will within the owners’ licenses. And let the market sort it all out.
So, how’s that commercial alternative to libxml2 fairing these days anyway?
Badly, since nobody’s had to put any money into it so far. You see how this can do a lot of damage: when people do the work for free, nobody gets paid to do it.
It’s kinda like UN charity helicopter dropping free food and clothes, which puts local farmers and craftsmen out of jobs, which means next year the famine and the shortage of clothes will be worse. Using that as a justification that the UN should continue helicopter dropping food is missing the point. All that charity is doing is impoverishing both the one who gives and the one who gets.
I’m not sure you can argue both that free, volunteer-maintained software is terrible, and that commercial software can’t possibly compete with it.
If commercial products represent a real benefit over these labors-of-love, I think they often exist.
CAD is a good example mentioned above, but its hard to say that community-maintaned libraries should and can all be defeated by commercial products.
It’s not a simple matter of “commercial products representing a real benefit” versus “labors-of-love”.
People frequently settle for good enough instead of the best. That means that sometimes they go with free software instead of paid software if it is ‘good enough’ for them (as individuals, as a small group, etc).
If they discover an unexpected problem while using that software the whining and complaining will happen long before they decide to pay even a single cent.
You are assuming the one who gets even money to pay the dealer. Why do you think they must have?
LMAO. So… according to you open source developers possess coding man-hours compared to commercial corporations like the UN possesses money compared to local farmers and craftsmen. But they don’t do a good job.
Your argument makes no sense. If the open source product was so bad then it would be in a company’s interest to roll their own alternative just the same as it would be in their interest to write one in the first place if the open source one didn’t exist. Sure, there is a “just good enough” sweet spot where an inferior library could be good enough that it isn’t worth writing the replacement yet still bad enough to be a pain point. But if it’s not worth writing the replacement then that means the company can spend their resources on something else, perhaps a different library that OSS does not provide. Or perhaps they can spend it on the product itself.
I think you are taking your political stance and trying to apply it without actually questioning if the evidence actually bears it out to the current topic.
My own experience with software and tech in general is that the open source hobbyist product is often far better. The commercial software developer or hardware engineer either targets the non-technical “normie” or fortune 500 companies. Either it’s dumbed down and hobbled to the point of near uselessness and the author has zero interest in what an advanced hobbyist wants to do with it or you need a 6-figure subscription before they have any interest in your use case.
What happens when the company goes belly-up ? The software is not maintained anymore AND the source is lost in many cases, or swallowed by a predator company, which is the same result.
And nothing prevents a company to pay developers for open-source software.
Bit that always bugs me about this sort of detail is so many of the projects built with it do have donations, sponsors, are commercial for profit companies, and/or probably have the ability to do the “Cough Cough would you mind terribly” as Wikipedia and KDE recently did to raise more…
If you are making use of lower level library that are so hidden in the wrapper it seems like you should be obliged to at least enquire to each of those groups and shift on a bit of your ‘income’ on to the foundational blocks you are using. As there is simply no way any of your users are going to be looking at the health of these foundations, as most won’t even be aware they exist Also rather a bummer for you if you do suddenly have to rewrite large portions of your own code or pay for another full time developer or two at the company to work on these things as the current maintainers burn out.
Modern-day infrastructure, as visualized by XKCD illustrates the problems with this approach. If some kind of trump lives up there in the top tower, just WHY would he bother His Untouchable Highness with merely of thought of descending down to the basement to take a look at a leaking pipe? His solution is “hire others to do that job”.
What happens next is roughly this, the clueless lackeys descend to the ground floor, looking for the basement door, find none, or find one and wander aimlessly looking for the career advancement opportunities, almost always find none, go back and state “we need to trash this building and build a new one that will have the basement doors to start with”. Shortly after, right next to a building, a larger, more expensive, more luxury building will be erected, into which the said trump will be carefully transported via helicopter, lest he sees those pesky basement doors, because he doesn’t need to see or know such trivialities, the basement doors behind which a lone unpaid volunteer is fixing the leaking pipe for free. The old building just stands there, full of occupants that were left to their own devices, while a larger more expensive newer tower near accepts new occupants, most unaware of the reasons why the old one was abolished.
Meaning, some places end up running multiple systems concurrently, not knowing which one would survive better. Dice throwing is usually how things are decided at the Top Penthouses, oops, wrong throw, too bad, we’ve decided it was not to be used any longer, tough luck, serfs.
But the guy at the top of the tower does pay his minions lower down knowing he doesn’t want to bother with the details, as they do to their own slaves…
One of them should be aware of the blocks they built “their” product with, and know how much of a pain it would be for them all if that foundation went away enough to think it worth checking that next step down is healthy enough – doesn’t really matter how many trickled down steps it has to go through in the end some support for those foundations should get there in the end.
The real problem is that the man on top only pays them a fixed rate for there labors and demands that they find a solution without any further guidance or funding.
Consequently the workers have no interesting in determining the true problem and fixing it. They will do whatever costs them the least and solves the problem even if it means abandoning a large financial investment and starting over, regardless of whether a modestly expensive repair would ultimately cost less.
Mind you, there are costs to different people at every level and they aren’t always measured in dollars or hours of work.
The modern infrastructure relies on the lower levels doing their jobs and having their stuff together, because the whole point is that you can’t be micromanaging things from the top down – that’s not efficient or useful. The top level stuff would be impossible if everyone needed to know every detail all the way down.
So when someone voluntarily takes on the job of Atlas and starts carrying the entire world on their shoulders, it kinda becomes a problem to the whole ecosystem, yet it’s an invisible problem because you’re not supposed to do that and nobody is checking.
That is the point though it shouldn’t be and really isn’t if everyone is checking on the next step down from them – I build on top of x I probably should care that x will be able to keep existing just from my own self interest, as its the next level down I know I’m relying upon. And then whatever group/individual is doing the work for x that is built on y and z then really doesn’t want y or z to hit problems for their own benefit – so even though I might not have a clue they exist the folks behind x should care y and z are healthy project.
Especially if at the top of those lists you are building for profit software company and your whole company will cease making any money at all, maybe even die in short order if the open source you rely upon disappears…
Every author chooses the license of their own code. No one is twisting anyone’s arm to go out and write free software for free. I write some. Not a lot. I’d like to write more but you know… day job. I write things that don’t currently exist, that I want to exist. Things that make me happy. And I dream that some day some piece of it becomes popular enough to be maintained after I am gone and so be my legacy. That’s my payment and I know that going into it. So I like GPL.
If someone takes something I did and turns it into a billion dollar industry.. well, there we go. It’s probably going to out survive me. Goal accomplished.
If I wanted to make money off something I wrote to share.. I could release it under a different license. But here’s the thing… If I do that then it becomes a job. Now I don’t get to shape it into what I want. I have to shape it into what the market wants. And if that doesn’t line up with my ever-shifting interests. Tough! And all those people writing nasty messages that I just HAVE to do what they want… Those would be customers and I really would HAVE to do what they want.
Something that I think is forgotten here is that if the un-paid author of libxml2 or any other free software receives a nastygram from some user (not a customer) demanding X, Y and Z. They can tell them to go pound sand! You don’t HAVE to do what someone else demands.
Now you might be thinking, “ok, he’s just describing someone playing”. You might think serious software would not be developed that way. That’s not really true. Commercial software is forced to follow what the customer says they want. And that can be an advantage to developing a product that is actually useful to real world customers. But.. sometimes it’s a disadvantage too. Remember, the customer is usually someone who cannot create the product themselves. They don’t know everything. Sometimes customers and marketing create something inferior to what just letting the expert do their own thing would produce.
Commercial vs Free, Open vs Closed. It all has different advantages and disadvantages. It’s good that it all exists.
While I do agree the pressure some open source devs seem to end up under because nobody is willing to help, fix the bugs they find themselves etc, or to pay for their effort so the project can become their day job is a problem.
Sure they don’t HAVE to do it, and demanding features is a surefire way to make me completely disinterested in your idea, but fixing your own bugs as they get reported… That is something most will feel they should do, probably even want to – but can they keep up!?!?! The answer to which is probably not if the concept is remotely complex and has heaps of users, as those weird edge cases you didn’t consider are now going to be happening all the time… And to many folks ignoring it would be stressful in its own right.
So if you are going to be leveraging somebody else’s work IMO you absolutely should check on the health of those projects and help if you can.
If Plan 9’s Uriel M. Pereira was still around:
Harmful things: SGML, XML, YAML
Less harmful alternatives: JSON, CSV, ndb(6), plain(UTF-8) text.
Churn? “it should be obvious that such churn is not a good sign.”
Over a span of time turnover is required for a project to be healthy.
“It should be said here that both of them worked as volunteers on the project, for no financial compensation. – like most open source projects. The ones with money rolling in are rare.
The trick for some libraries like this is to get them under an umbrella organization, one that recognizes the usefulness of the project, and can throw some money around to keep things moving. However, money doesn’t solve security issues alone, and it really doesn’t solve the stress/demand cycle of some projects.
Or you have to go stump for money if your project is eating real work hours. Although I guess you can choose to be a free contractor to the world.
I’m not sure that (from the original article) I’d call ~25 years between maintainer swaps a high rate of churn. Seems healthy as you suggest.
Being under an “umbrella organization” often leads to people with more opinions than sense driving the boat or in the organization being bought out by a commercial entity seeking more control that then changes the software license to a proprietary one and maybe even wants to charge money for it.
It also reduces the maintainers who formerly carried the whole project to unpaid laborers that no longer have any say in where the boat is going or whether critical repairs to keep the boat from sinking are prioritized.
Open source should become less open. maintainers of open source should have the right to charge you for (maintenance-)work in terms of a percentage of your annual profit. keeps it free for me, not so much for the Tech Barons.
So, is that just a commercial subscription license?
Or is it just the “tech barons” that have to pay while it’s free to the rest?
If your income is greater than X you have to send a percentage otherwise it’s free to use…
Hey, develop something yourself and you have every right to release it under whatever license you want and can convince a court to enforce.
“but it should be obvious that such churn is not a good sign”
Why?
“As for why [Nick] stepped down, it’s a long story. It starts in the early 2000s”
Hey, look. I’d like that to be recent so I can be young again too. But that’s 20 years ago! The same volunteer stuck with it for somewhere around 20 years! And when he was done new people stepped up. I think that’s a pretty good success story! What exactly do you want?
or perhaps when for-profit systems use the open source created material in their deployments…pay! Not a huge amount, but some number that makes it good side money for somebody or a group of programmers to volunteer to be that support person, knowing that the work isn’t Unpaid entirely.
for non-profit or personal use, you get what you get. But if paid software companies are happy to use it because it’s open source and free, throw the project a bone. perhaps based on the sales of said product….but not less than 1% or 0.5%??
The software author can release it under whatever license(s) they choose.
So I’m making some assumptions but it sounds to me like that for your preference you would release under a free non-commercial share-alike license but also offer paid commercial license.
There are people out there already doing this. It’s not a new idea at all.
Personally, I’m not a fan. Take for example 3d printing. I love what the reprap project did. I still build/upgrade my own printer even. But I do also love that there are all these companies out there selling ready-made pieces. I don’t own a lathe and don’t want to try to carve my own hotend out of a block of metal! (ok, actually, given more time I WOULD like to do that but I have never done anything like it).
If the reprap people had use a non-comm license I’d be trying to figure out where to install a lathe.
Now my next big project will probably be a desktop CNC router. Nothing too big or fancy, but good enough to etch PCBs and random NickNacks. There’s this really great and very popular open source CNC router project out there that was tempting to build. But it’s released under a Non-Comm license. So there will never be a factory out there commercially producing parts for this thing. Maybe I want to do a slightly-less-scratch build. Or maybe some 3d printed part would benefit from being produced in stainless steel or some other material that most of us cannot do at home. Well.. that’s never going to happen.
I think that when I get around to it I will probably design my own instead. I’ll release it under the GPL.
So.. yah. What you describe is absolutely an option But I personally prefer to either go full closed source if I want to sell something for money or full open if I just want to build a thing, and MAYBE get some community support going around it. And yes… there is also the business model where you give away the code for free but charge for support. That’s fine too if you want to do that. I worked in tech support for 5 years before I found my first developer job. That was enough of doing that!
People forget the second part of the Free Software Manefesto. Software should be free, but support should cost. If you can support it yourself, great. If you can’t, you should be hiring someone when support is needed, or joining in a coalition to pay for that support.
“If people build houses the way programmers build software, the first termite to come along would destroy civilization.” It’s worth paying someone to inspect periodically and spray the foundation. Unless your goal is just to sell the thing and run away before they notice.
Thinking of how I shall do with my code going forward…
Top of my mind is to make it available using GPL/AGPL so that software using it must continue be open source (where we help each other or at least consume each others result – I don’t pay directly for the efforts Gentoo and KDE does providing me with a Linux system).
Meanwhile perhaps a a commercial license option as well, just like god old OpenOffice.
Income from the commercial license must then be regulated so that contributors can se value and agree to contribute, so there has to be a steering document that is difficult to change. This implies that there has to be some kind of organization around the project (not that difficult, at least not in Sweden).
The Commercial license may be a great alternative to adds on the web page – I never liked those.
In FOSS, the correct answer to the question “why doesn’t somebody do X?” is “why don’t you?”
FOSS exists to remove artificial barriers that would stop you from locating and fixing problems, adding features, or making other changes. As a result,”Do It Yourself” isn’t a marketing term. It’s an order.
The economics of demanding support for FOSS is laughable when you stop to think about it: you gave nothing to obtain the code; you gave nothing to use the code; you gave nothing to maintain the code; and you want to give nothing to have the code changed. The appropriate counter-proposal is, “feel free to take your nothing and walk away from this negotiation.” Or as I like to say it: “please return the unused portion of the code, and we’ll return the unused portion of the money you paid for it.”
FOSS has an enormous capacity to carry free riders, but the bus doesn’t exist for the free riders. People keep forgetting that. If you aren’t a developer or a contributor, your opinion doesn’t matter in any objective way. The barriers to making your opinion matter are as low as they can get, which means there’s no viable niche for ‘entitled Karen’ in the FOSS ecosystem.
For anyone who wants to play the ‘exposure and recognition’ card, let me trot out the standard rebuttal: without looking, name the artist who engraved the portait of George Washington on the $1 bill. Do you think you can give a project more exposure and recognition than the $1 bill?
It all depends on the developer’s motivation. If they really want recognition or something then sure, maybe they want to listen to non-contributing users so they can provide what those users want to use. I wonder how sustainable such a motivation is though… I doubt it’s great.
“I’m sorry, that doesn’t align with my interests and available time enough for me to do it but I might consider accepting a well written pull request” would be a perfectly reasonable answer to a POLITE request.
But as long as no one is paying you… “Go pound sand!” ought to be just fine as a response to any rude request!
Really choked on this sentence, “the conflicting expectations of open source software being both totally free in a monetary fashion and unburdened with critical bugs.” Like, excuse me? You expect open source software to be unburdened with critical bugs?!
The best open source gives you is that if it’s a popular project then someone else has already run into the bug and if they’ve fixed it then hopefully they’ve contributed that fix to you in some form. It’s great to have maintainers who do any subset of the work, but i’m with the people pointing out that seeing churn in maintainers is good, proves that the project is still valued.
The unstated part about the xkcd comic is that the thankless person in Nebraska can be effectively replaced by anyone at any time. Like, i don’t know who uses libxml2 internally, but if a CVE in libxml2 goes uncorrected then it becomes a CVE in some downstream software, and the maintainers of that software take some time out of maintaining their program that relies on upstream libraries and instead maintain the upstream libraries, as a matter of necessity.
The only thing really concerning would be if libxml2 was only being maintained behind closed doors. Possibly a license violation. Otherwise, as long as it’s open, anyone who runs into the consequences is able to take on that maintainer role.
Open Source is often touted as being less buggy than commercial software because anyone can look at the code. Many eyes are supposed to catch all the bugs.
For sufficiently popular open source projects it really does work. For the rest… it’s probably just one guy working on it in their spare time while others make demands like they are somehow owed something.
But hey, commercial software varies in quality too.
If you used both a Windows and a Linux desktop back in the late 90s… you should know exactly what I am talking about.
I think there needs a be a framework, ideally through sites like github, where request can be scrutinized either publicly or by “stakeholders”, trusted parties, before they reach a maintainer.
Dumb platform is no longer sufficient where anyone in the world can file a smart, time heavy, bug report.
I sure wish for better vetting but i don’t understand the distinction between a stakeholder trusted party and a maintainer. It seems like a hierarchy of maintainers…which luckily happens sometimes for some projects…and doesn’t happen other times.
One cool thing that happens is where people who are stakeholders but not trusted parties will simply appear from nowhere sometimes on mailing lists and bug trackers. Like if there’s a device driver that has troubles and someone posts a patch, there’s good odds some google user is gonna stumble onto it and cross their fingers and try it just because they have that piece of hardware with that problem. And then they’ll report their impressions, hopefully.
Kind of the worst example of that pattern is something like custom phone roms on xda-developers or whatever, where it becomes a blind leading the blind sort of thing. Where people who don’t code are cobbling together things anyways, and generally reaching towards a working thing even if all they have is config files cut and pasted from stackoverflow and chatgpt.
sometimes I think it strange how few people recognize many open-source developers are simply not motivated by money. if you paid them, they may burn out faster because now they feel more obligated to work on what was intended as a side-project, usually as a means to an end for themselves personally (particularly for libraries). I have retreated from Github and the like and just post binaries with source on website like in the old days; no comments section. if a company wants to use it, they can maintain it.
to be honest, I wonder if it’s because there’s a stereotypical view of programmers as being on the spectrum. I am not interested in working on some very niche library for my entire life, even paid $200k/year — I would not want to live like that, and I certainly wouldn’t want to turn it into a “business”; I want to do what I set out to do to get a working solution and move on to other projects; if I run into a bug that affects me, I may fix it.
yeh, Once start to you get paid it can quickly start to feel like work with expectations and deadlines
Nothing kills the joy of a hobby quite like making it a day job.
No easy solution?
No. You mean no FREE solution.
Every for profit enity that uses open source code or libraries should be contributing back.
And they should be publicly named and shamed when they don’t.
They should be paying sponsorships, paying employees to contribute to open source projects, and be putting money into “CVE insurance” pools that sit there until they pay out a fat bonus to those maintainers that DO end up dropping everything to go patch a critical bug.
Just because they aren’t legally required to pay a license fee to use the code/library does NOT mean they can use it for free.
There is no free lunch.
The cost of using open source code for profit is that THEY need to pay to make sure it keeps existing for everyone.
Or maybe we need a G8(7?) joint agency that keeps track of who is maintaining what and manages getting them funding and some BREATHING ROOM so they don’t burn out.
Expecting the richest countries in the world to pay out some money for the maintenance software that helps keep them rich isn’t unreasonable. Fund it with a corporate tax.