Open-source June 15, 2022
6 min read
Maintaining Open-source Software: A Thankless Job
Maintaining Open-source Software: A Thankless Job
Eugene van Ost
Eugene van Ost Peaka / IT Soothsayer

Maintaining Open-source Software: A Thankless Job

Open-source projects are an enigma to regular people. How they start, flourish, and get maintained is not known to anyone but the geekiest of us. But there must be someone taking care of these projects upon which so much rests, right?

Maybe there are tiny people behind the scenes, who make sure that these gigantic efforts are sustained, much like the dwarves of Erebor, "the Lonely Mountain," or "the kingdom under the mountain" in the Hobbit, relentlessly mining the gold and gems underground.

Or, maybe it is all thanks to the efforts of a handful of combative men and women who don't know how to quit, like the 300 Spartans who stopped the huge Persian army in its tracks at Thermopylae.

The stakes associated with open-source maintenance are so high that a harder look at it is justified.

Getting to know the contributor funnel

Who are these unsung heroes of the software industry that make the open-source world go round? People involved in open-source software can be grouped under three categories:

Users: People who just use the software and rarely interact with the maintenance crew. They don't submit code or documentation.

Contributors: People who care about the software enough to file good, detailed issues and open pull requests.

Maintainers: People who review the external contributions, conduct triage, and merge them. Maintainers are the ones who set the direction of the project because they get to prioritize the issues.

These three categories comprise a contributor funnel, a term coined by Homebrew project leader and GitHub principal engineer Mike McQuaid. In a presentation he gave in 2016, McQuaid goes into detail on the contributor funnel, which is actually a blueprint to turn some of the users into contributors and some of the contributors into maintainers so that open-source projects will not die.

Understaffed, underfunded, underappreciated

Open-source projects' coming to an abrupt end is highly likely because most of these projects lack the funds and staff that could guarantee their survival. This applies to even the most popular projects out there.

When the widely-popular open-source crypto library OpenSSL was diagnosed with the Heartbleed vulnerability on April 7, 2014, it was being maintained by just two people and receiving a whopping $2000 a year in donations.. Many other open-source projects are maintained by a single maintainer who makes all releases and reviews and merges all pull requests. McQuaid gives a similar number for Homebrew, which had around 500,000 users and 5,000 contributors in 2016 but only around ten maintainers. That makes one maintainer for every 50,000 users. And remember, maintainers are not compensated for their time and effort. They have day jobs, families they need to take care of, and bills they should pay. To add to that, maintaining a project is not the most exciting job a coder can have, as explained by Vladimir Agafonkin, the creator of the Javascript library Leaflet:

"… once the project gets established and mature, most of your work is not about exciting features and doing cool things anymore—99% of the work is just dealing with some weird bugs, some obscure situations, and just trying to reproduce someone else's problem, and boring things like that. It can be demoralizing, and sometimes people will burn out and not be able to handle the project once it becomes really popular."

If you think the recognition maintainers receive from the open-source community should be enough, think again because tracking individual contributions back to contributors is no easy task. Even if it is possible, very few people are interested in learning who solved which problem. So, maintaining an open-source project remains a thankless job.

Loosening the purse strings (at last)

In the absence of material gain and recognition, what drives maintainers is their love for the profession and the open-source ideals they try to uphold. Keeping these people motivated is in the interests of everybody benefitting from the open-source projects. One way of doing that is to sort out the financial viability of those projects.

Humanity cannot afford to treat projects that underpin huge businesses and government institutions as hobby projects. Fortunately, corporate decision-makers and government officials seem to be awakening to this reality. Ensuring the security of open-source projects has become paramount with the recent Log4j vulnerability and pushed the White House to call for an Open Source Security Summit. The U.S. administration mobilized companies such as IBM, Microsoft, Meta, Linux, and Oracle to take measures to counter such risks. During the summit, tech companies jointly pledged $30 million to shore up the security of open-source projects. Companies also agreed to conduct annual reviews of the 200 most popular open-source projects.

Having donated $15 million to open-source security in 2021, Google took the opportunity during the Open Source Security Summit to announce the launch of the "Open Source Maintenance Crew." This team of developers is tasked with standardizing security procedures in open-source projects and tightening security configurations.

Conclusion

Big tech and the government have stepped up to the plate and assumed responsibility for the security and sustainability of open-source software. This was long overdue, but it still is good news. However, the open-source community is not wholly dependent on others to survive. Open-source projects can become self-sufficient, take care of their maintainers, and even expand their staff if they are monetized properly. Our next blog post will tell you how.

Your biweekly inspiration delivered to your inbox

Join our newsletter for news, tips, and blog posts on anything data integration!

warning-icon Please fill out this field
check-icon Thank you! You have been subscribed.
Similar posts you might be interested in
How to Create an Ideal Customer Profile for SaaS Businesses
Open-source June 15, 2022
How to Create an Ideal Customer Profile for SaaS Businesses

How do you create an ideal customer profile (ICP)? Why should a SaaS company create one? How does Peaka help you hone your ICP? Find out in this blog post.

avatar
Bruce McFadden Peaka / Seasoned Taskmaster
How to Create an Account-Based SaaS Marketing Strategy
Open-source June 15, 2022
How to Create an Account-Based SaaS Marketing Strategy

Here is everything a SaaS founder needs to know about account-based marketing, how it works, its benefits, and how Peaka can help ABM teams implement it.

avatar
Eugene van Ost Peaka / IT Soothsayer
Top 6 SaaS Revenue Metrics to Track in 2024
Open-source June 15, 2022
Top 6 SaaS Revenue Metrics to Track in 2024

A deep dive into SaaS revenue metrics, four data integration tools to track SaaS revenue, and benefits of blending your revenue data with your CRM data.

avatar
M. Çınar Büyükakça Peaka / Prolific Polemicist
peaka-logo-small
Begin your journey today

Start your 14-day free trial to explore Peaka!

Enjoying this article?

Subscribe to our biweekly newsletter on data integration, SaaS analytics, and entrepreneurship tips.

success-mail-img

You've joined our email list. Our newsletter will be delivered to your inbox every other week, with news from Peaka and the no-code world, as well as updates on the latest trends and developments in the data integration space!

success-mail-img

Thank you for your interest. We’ll contact you soon.

publish-icon
Let’s work together!

To better understand your requirements and how we can assist you, please fill out the contact form below. Our dedicated team of experts is ready to listen and address your specific needs.