Conversation

Filippo Valsorda

No one is paying the log4j2 maintainers!? There is a whole page on the responsibilities of a

"Project Management Committee"... AND NO ONE IS PAYING THEM? apache.org/dev/pmc.html Open Source needs to grow the hell up. Yesterday.

Quote Tweet

Volkan Yazıcı

Log4j maintainers have been working sleeplessly on mitigation measures; fixes, docs, CVE, replies to inquiries, etc. Yet nothing is stopping people to bash us, for work we aren't paid for, for a feature we all dislike yet needed to keep due to backward compatibility concerns. twitter.com/shipilev/statu…

60

806

2,464

Filippo Valsorda

This is the maintainer who fixed the vulnerability that's causing millions(++?) of dollars of damage. "I work on Log4j in my spare time" "always dreamed of working on open source full time" "3 sponsors are funding

's work: Michael, Glenn, Matt" People, what are we doing.

47

1,525

3,719

Filippo Valsorda

The market rate of a developer who can maintain a large open source project is at least $300k/yr. (Conservatively, check levels.fyi.) The most I've seen someone rack up on GitHub Sponsors and Patreon is like $1,000/month. You see the problem?

28

210

1,430

Replying to

I get $5,363 (USD) / month from GitHub Sponsors for my work on GrapheneOS. It's far more than I need personally so I use most of it directly on the project including funding other developers. There are also donations directly to GrapheneOS itself via Bitcoin, Monero and PayPal.

1

6

Replying to

and

It's a small fraction of what would be required to pay people market salaries but it's enough to make the project sustainable. My experience has been that 90% of the money comes from the cryptocurrency community and we could probably get much more if we worked on growing that.

1

2

Replying to

and

Purely relying on donations is working dramatically better than attempting to build an awkward business model around open source software. It's too hard to do that when other companies with more capital/connections able to use all of our work for free would be competing with us.

1

1

3

Replying to

and

I don't think that was a viable approach with open source licensing. Donations are proving to be a viable approach. I'm planning on founding a non-profit organization so that companies can properly write off their donations and we can get Canadian grants for developer salaries.

1

4

Replying to

and

Contract work associated with the project wouldn't count as funding it. There might be other GrapheneOS developers interested in doing that until we can get more funding but it has never interested me. If I just wanted to get paid for doing work, then I'd be working at Google.

1

2

Filippo Valsorda

Replying to

I am glad that works out for you, but I am unconvinced we can rely on engineers being willing to take < 20% of market rate to power all of open source. I spend less than I make, but I also want to retire early, and I'm not willing to give up on that for age or mkcert.

1

1

3

Replying to

The market rate you're talking about largely only applies to people willing to relocate to the US and work for either a major tech company or VC funded startup. It isn't the market rate for the vast majority of developers and most people aren't going to immigrate to the US.

1

4

Replying to

and

I live in Canada and it would be easy to get a job in the US and to move there but that doesn't apply to most developers around the world. People also have families they need to look after including more than their own kids in cultures with more emphasis on extended families.

11:26 AM · Jan 6, 2022Twitter Web App

Replying to

and

Even European developer salaries are nowhere close to the market rate that you're referencing. The only reason that market rate exists is because those US companies don't believe in remote work and wrongly think they get something valuable from their narrow hiring practices.

2

1

Replying to

and

There's a demand to support paying $150k+/year to any mediocre developer who went to one of certain universities, worked at one of certain companies and is willing to relocate to Bay Area, California. Those companies think they hire top tier talent but they rule out most of it.

1

Show replies

Filippo Valsorda

Replying to

I know for a fact that it is entirely possible to make $750k/yr remotely from Canada for a senior engineer with a specialty, not at a FAANG. As in, I have seen the offer, and the other 3-4 $500k+ competing offers they were picking from.

1

4

Filippo Valsorda

Replying to

and

Honestly, I am kind of tired of having this discussion, though. I constantly keep tabs on the market to make these assessments, but get dismissed as out of touch by people who usually last interviewed 5+ years ago. The market has moved dramatically in the last 1-2 years alone.

3

1

3

Show replies