This is the maintainer who fixed the vulnerability that's causing millions(++?) of dollars of damage.
"I work on Log4j in my spare time"
"always dreamed of working on open source full time"
"3 sponsors are funding 's work: Michael, Glenn, Matt"
People, what are we doing.
Conversation
The market rate of a developer who can maintain a large open source project is at least $300k/yr. (Conservatively, check levels.fyi.)
The most I've seen someone rack up on GitHub Sponsors and Patreon is like $1,000/month.
You see the problem?
28
210
1,430
Replying to
I get $5,363 (USD) / month from GitHub Sponsors for my work on GrapheneOS. It's far more than I need personally so I use most of it directly on the project including funding other developers.
There are also donations directly to GrapheneOS itself via Bitcoin, Monero and PayPal.
1
6
It's a small fraction of what would be required to pay people market salaries but it's enough to make the project sustainable.
My experience has been that 90% of the money comes from the cryptocurrency community and we could probably get much more if we worked on growing that.
1
2
Purely relying on donations is working dramatically better than attempting to build an awkward business model around open source software. It's too hard to do that when other companies with more capital/connections able to use all of our work for free would be competing with us.
1
1
3
I don't think that was a viable approach with open source licensing. Donations are proving to be a viable approach. I'm planning on founding a non-profit organization so that companies can properly write off their donations and we can get Canadian grants for developer salaries.
1
4
Contract work associated with the project wouldn't count as funding it. There might be other GrapheneOS developers interested in doing that until we can get more funding but it has never interested me. If I just wanted to get paid for doing work, then I'd be working at Google.
1
2
Replying to
I am glad that works out for you, but I am unconvinced we can rely on engineers being willing to take < 20% of market rate to power all of open source. I spend less than I make, but I also want to retire early, and I'm not willing to give up on that for age or mkcert.
1
1
3
Replying to
The market rate you're talking about largely only applies to people willing to relocate to the US and work for either a major tech company or VC funded startup. It isn't the market rate for the vast majority of developers and most people aren't going to immigrate to the US.
1
4
I live in Canada and it would be easy to get a job in the US and to move there but that doesn't apply to most developers around the world.
People also have families they need to look after including more than their own kids in cultures with more emphasis on extended families.
2
1
Even European developer salaries are nowhere close to the market rate that you're referencing. The only reason that market rate exists is because those US companies don't believe in remote work and wrongly think they get something valuable from their narrow hiring practices.
There's a demand to support paying $150k+/year to any mediocre developer who went to one of certain universities, worked at one of certain companies and is willing to relocate to Bay Area, California.
Those companies think they hire top tier talent but they rule out most of it.
1
Daniel, I'm surprised day by day about how Google is not offering you a remote position to work on Android security team... :/
1
Show replies
In Norway the market rate for Developers flattens at around ~97K a year, and if you do technical manager positions you'd maybe top off at around 135k a year.
It's bewildering how out of sync US developers are around salary compared to ~90% of the market.
1
1
GrapheneOS has a lot of contributors from eastern Europe, India, etc. where the funding we're able to provide goes a long way. Funding developers based in the US isn't really an option for the most part. Maybe if they live off the grid in Montana.
1
1
Show replies