Conversation

No one is paying the log4j2 maintainers!? There is a whole page on the responsibilities of a

"Project Management Committee"... AND NO ONE IS PAYING THEM? apache.org/dev/pmc.html Open Source needs to grow the hell up. Yesterday.

Quote Tweet

Volkan Yazıcı

@yazicivo

Dec 10, 2021

Log4j maintainers have been working sleeplessly on mitigation measures; fixes, docs, CVE, replies to inquiries, etc. Yet nothing is stopping people to bash us, for work we aren't paid for, for a feature we all dislike yet needed to keep due to backward compatibility concerns. twitter.com/shipilev/statu…

806

2,464

Filippo Valsorda

@FiloSottile

Dec 10, 2021

This is the maintainer who fixed the vulnerability that's causing millions(++?) of dollars of damage. "I work on Log4j in my spare time" "always dreamed of working on open source full time" "3 sponsors are funding

@rgoers

's work: Michael, Glenn, Matt" People, what are we doing.

1,525

3,719

Filippo Valsorda

@FiloSottile

Dec 10, 2021

The market rate of a developer who can maintain a large open source project is at least $300k/yr. (Conservatively, check levels.fyi.) The most I've seen someone rack up on GitHub Sponsors and Patreon is like $1,000/month. You see the problem?

210

1,430

Replying to

I get $5,363 (USD) / month from GitHub Sponsors for my work on GrapheneOS. It's far more than I need personally so I use most of it directly on the project including funding other developers. There are also donations directly to GrapheneOS itself via Bitcoin, Monero and PayPal.

Replying to

and

It's a small fraction of what would be required to pay people market salaries but it's enough to make the project sustainable. My experience has been that 90% of the money comes from the cryptocurrency community and we could probably get much more if we worked on growing that.

Replying to

and

Purely relying on donations is working dramatically better than attempting to build an awkward business model around open source software. It's too hard to do that when other companies with more capital/connections able to use all of our work for free would be competing with us.

Replying to

and

I don't think that was a viable approach with open source licensing. Donations are proving to be a viable approach. I'm planning on founding a non-profit organization so that companies can properly write off their donations and we can get Canadian grants for developer salaries.

Replying to

and

Contract work associated with the project wouldn't count as funding it. There might be other GrapheneOS developers interested in doing that until we can get more funding but it has never interested me. If I just wanted to get paid for doing work, then I'd be working at Google.

7:31 AM · Jan 6, 2022Twitter Web App

Replying to

I am glad that works out for you, but I am unconvinced we can rely on engineers being willing to take < 20% of market rate to power all of open source. I spend less than I make, but I also want to retire early, and I'm not willing to give up on that for age or mkcert.

Replying to

The market rate you're talking about largely only applies to people willing to relocate to the US and work for either a major tech company or VC funded startup. It isn't the market rate for the vast majority of developers and most people aren't going to immigrate to the US.

Show replies