What are the ideas needed to establish the maintenance of open source software as a profession?



Open source software is growing day by day and is an integral part of today's Internet and services.

However, the 'maintainer ' who maintains open source software isn't well paid and isn't a sustainable profession, says software engineer Filippo Barsolda, who works at Google.

Professional maintainers: a wake-up call
https://blog.filippo.io/professional-maintainers/

'This is an indisputable fact in 2021,' says Barsolda, as open source software is the foundation of the world's economy as well as the Internet. Barsolda says he works as an open source software maintainer, but 'I couldn't move my role as an open source software maintainer from a hobby to a profession.'

In 2021, a zero-day vulnerability ' CVE-2021-44228 ' was discovered in Apache Log4j, a Java log output library. Log4j is a widely used library in the IT industry and is used in various areas such as Apple and Minecraft. As a result, the media reports that 'CVE-2021-44228' 'may be one of the most serious vulnerabilities in Internet history.'

Why does the vulnerability 'CVE-2021-44228' found in Java's Log4j library have a major impact on the world? --GIGAZINE



'There are only three people on GitHub,' said Barsolda, the maintainer who patched Log4j's zero-day vulnerability. Also, according to Barsolda, the maintainer is either a 'volunteer' or an 'employee of a large company.'

Volunteers are passionate about or have fun doing maintenance, and they only work as maintainers in their 'leisure'. Volunteer maintainers have so much responsibility that they can fall into burnout, Barsolda said. Volunteers may also be unable to continue their activities as maintainers due to changes in their living environment, such as changing jobs or giving birth, Barsolda points out. In addition, volunteer maintainers 'can't expect professional-level performance,' Barsolda said. The reason is that no one pays the maintainer.

In fact, npm , a popular open source package management tool, is raising development funding on Open Collective, but so far it has raised only $ 47.91.

UAParser.js --Open Collective
https://opencollective.com/ua-parser-js



GitHub Sponsors and Patreon are some of the ways to thank open source maintainers. However, the average maintainer of a successful project earns about 150,000 to 300,000 dollars (about 17 to 34 million yen) annually in the main job, and there is no project that can support this amount of money. ..

Another problem is that open source maintainers have no career path. 'You can gain experience as a maintainer, but you can't end up getting a job as a high-paying maintainer,' said Barsolda.

However, Barsolda said, 'Employing a large company as a full-time maintainer means getting higher compensation, but not as healthy both organizationally and personally as executives and executives. Personnel may ask, 'How much should we pay you exactly?', In which case you spend a lot of time proving that your job is important. Then you'll spend less and less time working, but as your project grows, the workload will increase, so your team will struggle to get more resources. It will lead to no one being promoted and suffering from burnout syndrome, stopping one's own company or changing roles. Seeing this happening repeatedly in multiple companies and ecosystems. I've been there, 'he said, noting the pain of working for a large company as a high-paying maintainer.



That's why Barsolda says that in order for a maintainer to get the right rewards, he should sign a contract with the maintainer to get the right money. This will allow businesses to maintain the right software and allow maintainers to focus on their work and get the right rewards.

in Software, Posted by logu_ii