Everyone involved has their own incentives, and gets to make their own decisions about when and where to invest their time and money.
Some devs are in it for the passion, some for the experience, some for the challenge, some for the learning, some so their work will live on when they change employers.
Startups get to use well-tested community supported libraries and don't have to build everything from scratch. Big companies get tech branding cred and can attract better talent, etc, etc.
And yes, maintainers sometimes get burnt out, consumers sometimes act inappropriately entitled, massively profitable enterprises often give back relatively little in return.
But that's all part of the deal going in, and everyone is fully aware of all the trade-offs straight from the onset.
What's so beautiful is that there are so many options whenever conditions change for any party. A maintainer goes to jail for vehicular manslaughter and a bugs needs fixing, no problem. Stand up a fork and the project continues on. A company's new leadership takes its own source project in a questionable direction and consumers are upset, no problem. Community forks and the project lives on.
And the result is we have this thriving, organic, creative, productive ecosystem which benefits us all in the end.
I mostly agree with your argument. But, if we just de facto accept everything for how it has been in the past. Then we stop making things better, for everybody involved.
Is Open-Source thriving? yes. Can we make fix the places where it's broken? Also, Yes.
> Can we make fix the places where it's broken? Also, Yes.
Two problems:
1. How is it broken? As I and others in this thread attest to, the thing that makes open source so powerful is, in fact, the lack of legal and moral obligation to do anything in exchange for the right to use the software. Not having obligations is a two-way street. Same for donations; donations do not give you any additional assurances.
2. If it is truly broken, then what is the solution? Nobody has really offered any solution, that I can see. If the solution is that everyone rushes to support a project the moment it hits the news, that's not sustainable. It's good that log4j and its maintainer(s) will get more attention and hopefully funding as a result of this snafu, but it's not a sustainable solution to a problem.
(As a clarification, I am not implying that the answer is "it's not broken." I certainly do agree that open source is underfunded, though I think this is more of a procedural issue than anything.)
I feel like a lot of this isn't that individuals are the ones who should be forking over money, but rather corporations who are making tens of millions or billions who rely on this stuff as a core to their stack, but do nothing to support the ecosystem monetarily.
Any large tech company probably uses thousands or tens of thousands of open source components (because the licenses are well understood). Sone even support the projects officially, or unofficially by paying salaries to developers who contribute in their free time.
I like licenses that bind all users equally: whether you're a lone developer, a charity, or developing nukes. If you do not like a certain class of use using your software, then choose a license that matches your philosophy. One shouldn't piggyback on common licenses for popularity and then complain about users keeping to the terms if the license.
"everyone rushes to support a project the moment it hits the news, that's not sustainable."
This is exactly how a lot of things function, especially in government and disasters. So apparently it is sustainable. It's just not ideal, but this element is always going to be a part of human nature as our collective consciousness can only focus on fixing a few things at a time.
If you give your work away for $0 then the world will expect to pay $0 for it. That’s it. It isn’t rocket science. If you value your work make companies pay for it.
Absolutely. However in reality if you give away your work for $0 then people value your work at $0 which means that they expect you to fix problems for $0. The problem is the maintainers giving away their work for $0. OSS is not about free (as in $0) it is about Open Source.
> OSS is not about free (as in $0) it is about Open Source.
FOSS has an 'F', which stands for "Free" in the sense that anyone can fork, modify, build and distribute the software. Without the 'F', you have code that is only open-source in the sense that you are allowed to read it. If you include the 'F', you have software that anyone can distribute, either for money or for $0. The market price is going to converge on $0.
Plainly some devs are willing to work for nothing, whether out of passion, for the props, or because the software is important to them. So the market price of any software that isn't ringed with patent and copyright fences is going to tend towards $0.
I favour a Universal Basic Income. Many people will leech; but many users of free software are leeching now. I believe people do productive work because they want to, not because they're paid mega-salaries. In fact, that's the only plausible explanation for free software. So make taxpayers finance a UBI. Admin costs are tiny (no eligibility checks, you just pay everyone). You can also get rid of most Social Security infrastructure.
I think UBI is unpopular mainly because people hate the idea that the taxes on their income from work will be paid-out to people who don't care to work. That's understandable, but is it reasonable? Do they also complain about the number of people who are paid out of tax revenue just to check claimants' eligibility for SS support? I haven't heard that complaint.
if this were true then FOSS would never have reached the popularity that it does now. FOSS users give a lot of valuable feedback that makes software better, and they don't generally expect their problems fixed for free.
that mainly comes from greedy corporations that exploit free resources for their own gain.
i give away my software for free to give back to the community that gives me tons of other free software and to get feedback and patches. if i were to sell it, that would just not happen because we would all compete on price.
and because i can't tell the difference between individual FOSS users and large corporations when the software gets downloaded i can't force corporations to pay. nor can i make a license that forces payment from a select group because that would not longer be FOSS.
Honest question: How do you know that FOSS is popular because it is great and not because it cost $0? If FOSS cost the same as the equivalent commercial software would people pick it? I personally don't think so. There is a lot of really buggy crappy FOSS (and commercial) code out there. I don't think one is inherently better than another. It depends on the quality of the team building it.
the key advantage of FOSS is not code quality or price but access to the source and the right to resell it.
code quality on average should be on par with closed source software, if not a little bit better because developers know that their code will be public.
if FOSS would cost the same, source access would still be a factor, whereas code quality would not really matter because it can't be inspected for closed source anyways.
the downside would be a smaller pool of FOSS developers since less people would be able to afford to pay. but actually not that much. if a linux distribution cost the equivalent of a windows license, most people would still be able to afford it. the challenge is rather all the additional applications.
for a more realistic comparison look at freeware. it costs the same as FOSS but the only really popular freeware out there was the netscape browser and what, winrar? (there are probably others, but i am not a windows user so i am not familiar with the ecosystem). but if cost was the factor, then freeware should be just as popular.
FOSS is popular because it endures. i personally use several FOSS applications where the principal developers had left the project and others took over. any equivalent commercial of freeware application would be dead by now and i'd have to switch to something else.
I think of open source as a force of nature, sure you can create incentives in your own proximity, and if you are FAANG the radius can be huge, but finite. The fundamental failure here is not related to open source but in how software is integrated and isolated. We need more robust typing in the integration and capabilities to define the isolation.
Capabilities alone might have eliminated this whole class of failure to escalate, but not eliminate the initial injection failure. Pretty sure that could have been demonstrated on wasmcloud.dev
> No one is entitled to money. There's nothing broken about that. If you want to make money it would be a good idea to make a business plan.
This attitude totally ignores how hard it is to actually run a software tooling business and collect when you have a free/community offering.
Take the Obsidian note app, for example. It's technically free until you start using it for revenue-generating, work-related activity per their license, but how do they go about enforcing that? If they were to dig through customer data to see who is violating the agreement, they'd get roasted on Twitter in an instant and risk losing their user base. Should they hire attorneys to investigate and shake down violators for the $25/mo fee plus damages? Again, major risk of losing the customer base.
Software devs have to represent a significant, if not majority share of the user base of Obsidian, and I'd bet a year of my salary that most of them aren't paying for it when they're using it for work. Committing to a business plan is an important step, but software's value is directly correlated with it's use, and more widely used software is inherently more valuable, but achieving that kind of growth without giving it away free is a major challenge.
It kinda feels like tipping in the restaurant industry, where folks argue that it's to ensure proper service, when in reality it's often just a way for the restaurant owner to not have to pay minimum wage by offloading that portion of a workers wages onto the customer, who often just doesn't give a tip.
Selling software is hard. No one is guaranteed to be successful at it. Obsidian decided to go the free-for-personal-use route presumably because they thought it was the best route for them. They didn't get nothing for that: they got early growth of the user base, beta testers, community built plugins and themes, voluntary user-to-user support, and free advertising.
I'm not sure what the alternative is here. Is it forbidding free software?
People pay $ all the time for things they value. If people choose not to pay $ for work you do then accept that they don’t find it valuable enough to spend $ on.
Or just use the honor system in combination with a liability standpoint.
They might loose out on smaller companies that abuse it, but teams and people in larger companies that use it will pay.
If I want to use something, I can pay for it and submit it to get reimbursed or if it's a bigger purchase, I use a company card. I don't have to worry about putting the company in liability and that's something that's understood by many.
Another example, how does Jetbrain make sure that the people paying for their software via personal licenses aren't getting money for it from their companies?
> Another example, how does Jetbrain make sure that the people paying for their software via personal licenses aren't getting money for it from their companies?
This is a great example, perhaps companies like Jetbrains just assume that a certain percentage of their user base uses their product out of license and they just deal with it, which undermines the original argument. Software inherently wants to be free, but we as a community agree upon the proper way to compensate those make OSS because we're taught that the exchange of money for goods should always happen upfront and there is no other way to conceptualize alternatives, which I disagree with.
> This is a great example, perhaps companies like Jetbrains just assume that a certain percentage of their user base uses their product out of license and they just deal with it
Of course. The same thing that happens with piracy.
How much of Adobe, MS and software from other big companies is pirated every year? I've also heard the argument that if they went strict and went against all of them, no one will be familiar with their products and would levitate to something else.
When I was in uni, the majority of people with Adobe programs on their laptops just had it pirated. Now, when they go into industry, if they need to manipulate an image and all they know is Photoshop, guess what they'll ask for?
Same thing here IMO. Jetbrains makes some of their products free with some functionality removed. When the people go into their jobs and if they need that, they'll spend the money.
Same with Obsidian. If you use it and find it useful, when you go to work, you'll make the business case that it could be useful to do the work in an efficient matter. That will also sell others into using it.
I'm not sure that many people are using Obsidian for work, specifically because Obsidian does not have collaboration or any kind of "team" concept. It truly is a knowledge-for-one app.
Obsidian is largely associated with the "Zettlekasten" philosophy, which is inherently individualistic and doesn't ever encourage collaborative use since the entire idea is based around a personal knowledge base, not a community knowledge base.
I also wonder about the futility of the statement that someone could cause millions of dollars of damages when those companies elected to depend and build upon truly free software.
Right, if this is a huge problem for these big companies they only have themselves to blame, they decided to use software from a guy who writes it in his spare time.
But what is broken is the disconnect between providing value and being able to earn a living from that value. More often than not, any "business plan" involves providing a worse product, because the product must be compromised to enable the business plan.
SaaS for things that could be run locally is a perfect example. Or algorithmic feeds optimized for engagement in social media. Or the advertising panopticon. Or coffee filter DRM. Or smart TV spying. Or ads in the Windows start menu. Or..
> But that's all part of the deal going in, and everyone is fully aware of all the trade-offs straight from the onset.
I think part of the problem here, in all honesty, is that some people just _are not_ aware of the trade-offs upfront. They learn these after getting started, and it bites them in the butt one way or another.
I was going to say this. Most are just looking for some experience outside school/work and next thing you know they are the only one maintaining something big companies rely on.
I think most people, at least certainly myself, do not disagree that open source infrastructure projects are often underappreciated and underfunded. However, there's a dramatic difference between the way that ESR's LBIP initiative frames the problem vs this article (not to single anyone out - this article expresses a commonly held belief among plenty of influential and intelligent people, and no doubt the person who wrote the article is one.)
To me, the money quote is here:
> If log4j2 is responsible for your company's success, you have a moral obligation to donate to the person who creates this library thanklessly.
I don't agree. I think that it is tragic if nobody does, but I draw the line at "moral obligation." Furthermore, the article doesn't really provide any sustainable solution, it just expresses that it's broken and says people should pay for it. Initiatives like ESR's LBIP proves that there are some attempts to get more funding in, but the problem is manyfold, and simply put: I don't think trying to create a new norm that there is a moral obligation to pay your dependencies is really a good idea, nor do I think it solves the problems that lead to this situation. I think that discovery and awareness of load-bearing dependencies is an even greater problem, and that plenty of entities that relied heavily on log4j had honestly not even realized it until now.
I'll repeat myself: It's good that log4j will now see additional attention and funding, if only temporarily, but it's still not fixing the sustainability problem if we only ever fund things when they become newsworthy snafus.
Maybe moral obligation is the wrong phrasing. But if you are major company with investors, perhaps a fiduciary responsibility to your shareholders and customers to fund the software?
The correct model likely looks something like a foundation to support core infrastructure projects in the open-source ecosystem. This foundation is then funded by companies most dependent on that infrastructure.
Yeah, except by creating such an obligation, you are essentially throwing out the core concept of something being open source or free software. That's not solving the problem, that's more like giving up on it.
Not at all. I don't think you understand OSS. OSS is about Open Software. Not about free (as in $0) software. The only way to make OSS sustainable is to make companies payforit.
With all due respect, I don’t think you do. Open source is about rights, and creating a secondary unwritten set of rules about obligations that are extralegal is just a more advanced way of circumventing them. Please read the DFSG, or OSI definition of open source, or the FSF definition of free software for what I mean. All of them are explicit that you can not discriminate on endeavor (explicitly including commercial) or the licensee. That’s not accidental.
OK. So let’s say I want to participate in open source. I release an open source project on the internet. The way I see it, here are my options:
1. I can release it freely, on a project forge like GitHub, and thus nobody has any obligation to pay for it. I can use dual licensing schemes and/or offer commercial support, or solicit donations, but by and large everyone from your average Joe to the fortune 100 are treated the same, because that’s part of the definition of open source and free software, and indeed, part of the draw.
2. I can release it at a cost, but still provide it under an open source license, but because it’s open source, someone can simply release the source code when they pay for it. In practice this actually has worked out this way; take a look at how this has been attempted with the Patron model for emulation software, for example.
3. Do #1 but ask politely (or impolitely) for big companies (how big?) to pay back when they take advantage of open source software. Create a culture wherein using open source projects implies obligations that may not be written out explicitly. This is a commonly expressed viewpoint when people talk about the problem of compensating open source maintainers, and it’s where the “extralegal” part comes in, wherein there are social expectations that contradict the license.
Selling software under a license that doesn’t allow redistribution would obviously fail almost any open source or free software definition, so I’m struggling to think of another potential interpretation here.
Great comment! My message is to the group of OSS maintainers that pick option 3 and then throws a tantrum when it doesn't work. My message is: Option 3 does not work and will never work. Accept it and pick another option.
Apparently, we’re on the same page. However, I think we can still do better than this. While some more organized projects will successfully find a model that helps them meet their goals, initiatives that try to help individuals externally could also (and obviously do) contribute to the solution.
It’s basically the same level of expectations on both sides: nobody is expected or obligated to do anything; they do so because they want to, or because they believe it is a mutually beneficial decision. It’s kind of like the comparison of engineer salary vs open source donations. Yeah, on one hand, open source donations are not likely to pay you enough to live in most cases. On the other hand, it’s money given to you under essentially no obligations. The same reason you can’t really complain much about the support you get from open source maintainers; there was never really any obligations.
But, I believe that open source has proven itself enough to have earned more donations and funding, and that there’s plenty more funding that could be making its way to open source if we could resolve issues with routing it there.
I dont disagree with you but I think that is a very old school of thoughts on OSS. And may be no longer accepted as such.
In the past ~5 years, most ( at least those who have been most vocal ) voices have suggested Open Source is not just about your source code being open / available, but it also means the community around it. And how everyone helps and contribute.
And these kind of thoughts has some sort of correlation with certain political ideology.
The problem runs deeper. To get companies to pay you, in particular enterprises, you have to participate in their high-touch/low value purchasing behavior. And that means you need large pockets which in turn means high prices. High prices means high expectations. Much of those $$$ go into marketing and sales, not product. Which is one reason most enterprise software sucks.
That's the opposite of what OSS devs want to do: solve problems and provide efficient solutions. Its also the opposite of what users of OSS want: easy to acquire solutions to their problems (nobody except purchase officers and lawyers actually want high-touch/low-value procurement. Everybody knows its a waste of time & money.)
Unfortunately most companies are not interested in buying solutions, but risk reduction (which they never actually get because all software comes with limited-to-the-max liability & warranty, just like OSS).
Therefore we have to change not the OSS model, but its reputation.
Licenses should say something like "free to use unless it generates commercial value. When it does you need to pay $ or risk your reputation". Sort of what the GPL does but without the virality.
I'm working on a solution quite similar to the one you've outlined. OpenFare implements payment plans in code. That means simple setups and programmatic management of payment obligations across software dependencies.
> Some devs are in it for the passion, some for the experience, some for the challenge, some for the learning, some so their work will live on when they change employers.
Sure, but what about people who could write code, help with docs, testing etc., but can't because of the current financial disincentives to do that?
With these current circumstances, i cannot be in my right mind and decide to meaningfully commit to open source, apart from small bug fixes or something, unless i want to miss out on spending time with family or anything else over the evenings and weekends, because my day job takes up the rest of my time.
Sure, you can talk about that particular salary number (though it's similar for many people in Eastern Europe, India and many other places), or talk about how i should try to convince my management to allow me to contribute to open source (which is a non starter in many circumstances), but at the end of the day it'd be like quitting my job because i want to develop a video game or something without having a clear plan on how to make money and just vague hopes and dreams instead (which i've seen often as well). For example, i'd have to give up freelancing to do that, which would just further hurt my finances.
Open source isn't a financially responsible choice for many non-privileged folks out there (e.g. company doesn't invest in it, don't have savings to avoid having to live paycheck to paycheck). Just look at this comment in the other thread: https://news.ycombinator.com/item?id=29525272
> The default is that no one will use your thing, no one will contribute, no one will fund you, etc.
In my eyes, doing meaningful work is logically supposed to be followed by not being punished for it, such as not having to starve or be homeless (maybe the "just world" fallacy on my part). No one should be able to praise the open source devs for their work and then just turn around in that same sentence and shun them for wanting to be supported financially for doing that, or claim that these incentives are not valid in some way.
I think this argument massively ignores the underlying message of this blogpost: addressing that the human beings that make and use software aren't always treated as, well, human beings.
> A maintainer goes to jail for vehicular manslaughter and a bugs needs fixing, no problem
The author didn't seem to hint that open bugs in core-js or its usefulness to its community of users are / is problematic. They hinted that maintainers are people with real life problems, whether that's struggling to make a livelihood, or facing imprisonment and ignoring that social/economic context is problematic.
Stating "well, let's just fork their code and off we go" basically ignores the person behind the code entirely. It reduces the value of a person to their ability to spend time and effort on maintaining code. And that's just a morally very questionable way of approaching other people. That kind of behavior just doesn't foster any mutual trust or respect which are the basic requirements for open source to thrive to begin with.
> But that's all part of the deal going in, and everyone is fully aware of all the trade-offs straight from the onset.
No, absolutely not. That's not how the original instigators of the Open Source movement envisioned this.
Yes, open source licensing allows forking, but that's not something you'd do, for instance, because a maintainer fails to respond to your issues on GitHub.
Eric S. Raymond can be quoted from his seminal essay "Homesteading the noosphere":
> The three taboos we observed above make perfect sense under this analysis. One's reputation can suffer unfairly if someone else misappropriates or mangles one's work; these taboos (and related customs) attempt to prevent this from happening. (Or, to put it more pragmatically, hackers generally refrain from forking or rogue-patching others' projects in order to be able to deny legitimacy to the same behavior practiced against themselves.)
> Forking projects is bad because it exposes pre-fork contributors to a reputation risk they can only control by being active in both child projects simultaneously after the fork. (This would generally be too confusing or difficult to be practical.)
> Distributing rogue patches (or, much worse, rogue binaries) exposes the owners to an unfair reputation risk. Even if the official code is perfect, the owners will catch flak from bugs in the patches (but see [RP]).
> Surreptitiously filing someone's name off a project is, in cultural context, one of the ultimate crimes. Doing this steals the victim's gift to be presented as the thief's own.
In the past, I kept a handful of tiny open source libraries in PHP on Packagist. Someone forked one of those without notifying me and started directly competing with mine. I can't express how off putting that experience was at the time. It has made me quite apprehensive of pro-actively sharing code I write in my spare time under an open source license.
Because someone falls on hard times or isn't available for a while, that doesn't justify taking their work and presenting it as your own under the guise of "having a thriving, organic, creative, productive ecosystem."
ESR doesn't get to decide how it works; the revealed preferences of the participants do. And those revealed preferences are that everyone pretty much does what they want, and nobody owes anybody anything. And it seems to have clearly created a vibrant ecosystem.
If you're in it for money or the fame, you're going to end up very unhappy. If you prioritize OSS work above addressing your real life problems, you're going to end up unhappy. If you invest your ego into the success of the project, you'll probably end up unhappy Those aren't broken properties of the system; they're the consequences of transparently poor decisions by participants. Those people would be better served by simply not doing OSS instead of trying to convince everyone else to fund their coding adventures.
I am the sole maintainer of a project with almost 12k stars on GH and 2M weekly downloads from NPM. It would be a massive amount of work if I let it be. The entitlement and indifference of users would eat me alive if it were a real workplace. And the pay would be hilariously bad if I expected income from it. But none of those predicates are true.
No one asked me to make it, no one pays me for it, and no one controls what I spend my time on. Those mutual obligations are properties of jobs, exactly what I don't want out my hobby work. When I don't want to work on it, I just don't. When a bunch of people want a feature I have no wish to add, I don't add it and they're free to fork. When I write or merge a bug, I lose no sleep over it. When people "threaten" to use a "competing" library, I laugh: who cares? Building it is fun for me and it's apparently useful to others. What's the problem?
Since all that seems to work pretty well, the right answer is to keep doing it. Sure, you'll end up with occasional log4j RCEs, but it's not like anyone is going to look at that and say, "I guess I won't use OSS". It was always caveat emptor.
You're addressing maintainers who somehow arrive at open source with expectations which set them up for failure and disappointment. I can agree with you there.
In the past, I've made comments that open source isn't a business model. It's a licensing model which governs intellectual property.
My comment, however, isn't addressing maintainers. It's addressing their audience and their behavior: anyone who uses and leverages open source code without consideration of the labor that goes into it, which is a big difference.
ESR is absolutely right when he points out that anyone who shares creative work also shows themselves vulnerable when it comes to reputation, good name and public perception. Sure, you could use the argument that "open source doesn't make any promises regarding support". But that still doesn't excuse the entitlement and indifference.
If you can happily ignore it, that's great for you. Calling it out for what it is, however, isn't any less valid a way of responding. Even when it's just a hobby project and you don't get paid.
Every so often, there's a case where a small open source project with limited maintenance ends up being leveraged by entire industries with interests worth billions. When things fall apart, media outlets and pundits will report about the failings of that small project and how it affects big interests, but they won't point out the elephant in the room: how these projects are maintained by a skeleton crew working in their spare time.
Sure, none of this is going to awaken people's minds to be more apprehensive or more empathic to the challenges of maintaining a popular OSS project. The value proposition of being able to leverage free labor is simply too attractive.
Meanwhile though, the log4j maintainers are now stuck being perceived as not having done enough to avoid these kinds of bugs. Whether that's trough investing "enough" time, making the "right" calls (whatever those are) or finding "appropriate sources of funding" for themselves. Thousands of engineers are scrambling to roll out fixes upstream. And millions of end users merely learn how "a software bug almost breaks the Internet and Minecraft."
Ultimately, nobody gains from these disasters as a result of a lack of assuming shared responsibility for a common good.
> Yes, open source licensing allows forking, but that's not something you'd do, for instance, because a maintainer fails to respond to your issues on GitHub.
Huh? Not getting satisfaction, however you want to define that, from upstream is the main reason forking occurs.
Yes, forking occurs. But before you, you would reach out, ask permission, offer a solution and try to come to a compromise with the original authors.
Downright forking while ignoring the original authors and then putting it out there as an independent alternative to theirs? Well, that's just entitled behavior.
The "fork" button on GitHub exist primarily to make it easier for contributors to create pull requests and contribute back to the original project. It's not meant to wholesale copy projects and run them as if they were your own.
The specific case was "maintainer fails to respond", which implies that one was reaching out. It doesn't really matter why they don't respond, perhaps the maintainer died, or they are burned out, or maybe they just don't like you.
> Downright forking while ignoring the original authors and then putting it out there as an independent alternative to theirs? Well, that's just entitled behavior.
Entitled by the very license the maintainer attached to the software. But if you meant "entitled behavior" as some kind of indicator of privilege, well, everyone has that entitlement per the license, so I'm not sure if that really counts as being entitled.
If you give away your work for $0 then people/companies will value your work accordingly and pay no more than what is asked. What is so surprising about that? Do you pay more than what is asked for when spending $ yourself?
How many companies paid $0 for log4j2, and then got upset and bashed the authors of it when this bug happened for the cost it caused to their business?
People pay nothing for the software, but will expect paid quality support.
They get upset and expect things to be fixed for $0 because thatisthevaluethattheOSSmaintainerputonhisownwork. So why is that surprising? It's how a market place works.
The maintainer never put a $0 _value_ on their work, but a $0 _public price_ of it "as is, without warranty of any kind, ...".
It's some (corporate) users and markets that understand this (wrongly) as a $0 value. It's their own evaluation that's failing in the long term.
Mentioned that in an other comment, but this is akin to mining companies that extract value from natural resources at $0 price (because the resource is just there to pick up).
When the resource is depleted (even excluding other externalities like pollution deriving from the extraction itself), no one can reasonably expect that it would cost $0 to regenerate/reproduce the resource or repair the scarcity.
... which is why countries are putting fishing quotas and carbon markets in place to make sure that doesn't happen. In other words, countries put a market value on things that otherwise wouldn't have it. OSS maintainers needs to do the same. That's my point.
> They get upset and expect things to be fixed for $0 because that is the value that the OSS maintainer put on his own work. So why is that surprising? It's how a market place works.
The "work" you're talking about is the development of the software. The post you replied to was talking about support:
>> People pay nothing for the software, but will expect paid quality support. [Emphasis added -- CRC]
Valuing what's there to freely download at this instant in time is one thing; bugfixes on top of that are support, which is a different thing.
If you get something for free, you don't have to pay for it; if you want something more on top of that, you may have to pay for it. That's how a market works.
Just out of curiosity - I wouldn't use vehicular manslaughter as a point of comparison for open source projects? Is there a reference I'm missing with that part of the comment?
Everyone involved has their own incentives, and gets to make their own decisions about when and where to invest their time and money.
Some devs are in it for the passion, some for the experience, some for the challenge, some for the learning, some so their work will live on when they change employers.
Startups get to use well-tested community supported libraries and don't have to build everything from scratch. Big companies get tech branding cred and can attract better talent, etc, etc.
And yes, maintainers sometimes get burnt out, consumers sometimes act inappropriately entitled, massively profitable enterprises often give back relatively little in return.
But that's all part of the deal going in, and everyone is fully aware of all the trade-offs straight from the onset.
What's so beautiful is that there are so many options whenever conditions change for any party. A maintainer goes to jail for vehicular manslaughter and a bugs needs fixing, no problem. Stand up a fork and the project continues on. A company's new leadership takes its own source project in a questionable direction and consumers are upset, no problem. Community forks and the project lives on.
And the result is we have this thriving, organic, creative, productive ecosystem which benefits us all in the end.