A place to cache linked articles (think custom and personal wayback machine)
Du kannst nicht mehr als 25 Themen auswählen Themen müssen mit entweder einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.

index.html 19KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243
  1. <!doctype html><!-- This is a valid HTML5 document. -->
  2. <!-- Screen readers, SEO, extensions and so on. -->
  3. <html lang="fr">
  4. <!-- Has to be within the first 1024 bytes, hence before the `title` element
  5. See: https://www.w3.org/TR/2012/CR-html5-20121217/document-metadata.html#charset -->
  6. <meta charset="utf-8">
  7. <!-- Why no `X-UA-Compatible` meta: https://stackoverflow.com/a/6771584 -->
  8. <!-- The viewport meta is quite crowded and we are responsible for that.
  9. See: https://codepen.io/tigt/post/meta-viewport-for-2015 -->
  10. <meta name="viewport" content="width=device-width,initial-scale=1">
  11. <!-- Required to make a valid HTML5 document. -->
  12. <title>On Paying Open Source Maintainers (archive) — David Larlet</title>
  13. <meta name="description" content="Publication mise en cache pour en conserver une trace.">
  14. <!-- That good ol' feed, subscribe :). -->
  15. <link rel="alternate" type="application/atom+xml" title="Feed" href="/david/log/">
  16. <!-- Generated from https://realfavicongenerator.net/ such a mess. -->
  17. <link rel="apple-touch-icon" sizes="180x180" href="/static/david/icons2/apple-touch-icon.png">
  18. <link rel="icon" type="image/png" sizes="32x32" href="/static/david/icons2/favicon-32x32.png">
  19. <link rel="icon" type="image/png" sizes="16x16" href="/static/david/icons2/favicon-16x16.png">
  20. <link rel="manifest" href="/static/david/icons2/site.webmanifest">
  21. <link rel="mask-icon" href="/static/david/icons2/safari-pinned-tab.svg" color="#07486c">
  22. <link rel="shortcut icon" href="/static/david/icons2/favicon.ico">
  23. <meta name="msapplication-TileColor" content="#f7f7f7">
  24. <meta name="msapplication-config" content="/static/david/icons2/browserconfig.xml">
  25. <meta name="theme-color" content="#f7f7f7" media="(prefers-color-scheme: light)">
  26. <meta name="theme-color" content="#272727" media="(prefers-color-scheme: dark)">
  27. <!-- Documented, feel free to shoot an email. -->
  28. <link rel="stylesheet" href="/static/david/css/style_2021-01-20.css">
  29. <!-- See https://www.zachleat.com/web/comprehensive-webfonts/ for the trade-off. -->
  30. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_regular.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  31. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_bold.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  32. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_italic.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  33. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_regular.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  34. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_bold.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  35. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_italic.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  36. <script>
  37. function toggleTheme(themeName) {
  38. document.documentElement.classList.toggle(
  39. 'forced-dark',
  40. themeName === 'dark'
  41. )
  42. document.documentElement.classList.toggle(
  43. 'forced-light',
  44. themeName === 'light'
  45. )
  46. }
  47. const selectedTheme = localStorage.getItem('theme')
  48. if (selectedTheme !== 'undefined') {
  49. toggleTheme(selectedTheme)
  50. }
  51. </script>
  52. <meta name="robots" content="noindex, nofollow">
  53. <meta content="origin-when-cross-origin" name="referrer">
  54. <!-- Canonical URL for SEO purposes -->
  55. <link rel="canonical" href="https://nadim.computer/posts/2021-12-12-maintainers.html">
  56. <body class="remarkdown h1-underline h2-underline h3-underline em-underscore hr-center ul-star pre-tick" data-instant-intensity="viewport-all">
  57. <article>
  58. <header>
  59. <h1>On Paying Open Source Maintainers</h1>
  60. </header>
  61. <nav>
  62. <p class="center">
  63. <a href="/david/" title="Aller à l’accueil"><svg class="icon icon-home">
  64. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-home"></use>
  65. </svg> Accueil</a> •
  66. <a href="https://nadim.computer/posts/2021-12-12-maintainers.html" title="Lien vers le contenu original">Source originale</a>
  67. </p>
  68. </nav>
  69. <hr>
  70. <p><span class="date">2021-12-12</span></p>
  71. <p><img src="https://nadim.computer/res/img/maintainers.jpg" alt=""></p>
  72. <p>I’ve been almost completely ignoring the recent <a href="https://www.zdnet.com/article/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited/">Log4j security vulnerability story</a> simply because there’s nothing new in it: the story itself is the same old story. The discourse is the same old discourse. The hot takes are the same old hot takes.</p>
  73. <p>One more interesting fork of the discussion has been regarding <a href="https://blog.filippo.io/professional-maintainers/">how to render open source projects more sustainable</a>. The article opens with a pretty strong and true lead:</p>
  74. <blockquote>
  75. <p><em>“Open Source software runs the Internet, and by extension the economy. This is an undisputed fact about reality in 2021. And yet, the role of Open Source maintainer has failed to mature from a hobby into a proper profession.”</em> <br><br>
  76. <em>[…]</em> <br><br>
  77. <em>“Volunteers are doing their best in their spare time out of passion, or because they are (or were) having fun. They feel tremendous responsibility, but ultimately can’t be expected to persevere in the face of burnout, a change in life circumstances (like, having a kid or changing jobs), or even shifting priorities. They also can’t be expected to provide professional levels of performance because, again, no one is paying them and they are well within their rights to do only the fun parts of the “job”.”</em></p>
  78. </blockquote>
  79. <p>The post goes on to suggest that open source projects should incorporate into LLCs (or similar) and start contracting with big companies depending on their projects.</p>
  80. <p>What puzzled me about the post is that the above was framed as some kind of novel idea, whereas if you read it once or twice you may quickly realize that it’s basically the playbook that led to the creation of Red Hat Inc. and many other companies out there. In fact, the list of <em>“examples of what [companies] might want out of open source projects”</em> provided in the article is pretty much exactly what Red Hat Inc. has done as a company towards RHEL and by extension Fedora Linux for the past decade.</p>
  81. <p>There is however a more novel aspect to the post, one which seems to be suggesting that maintainers also consider sending largely unsolicited invoices to big companies using their software and expecting those companies to <em>“assess, approve and pay them as a matter of routine”</em>.</p>
  82. <p>This, to me, is puzzling, and turns the post into a combination of two things: the idea that open source projects incorporate into LLCs, which is tried and true but definitely not without serious costs and downsides, and the idea that open source projects make themselves “<em>legible</em>” to the invoice-processing departments of big companies so that they can begin to aggressively invoice them for <em>“support and sponsorship”</em> on letterhead.</p>
  83. <h4>Here are the list of issues/questions that I have with that post:</h4>
  84. <blockquote>
  85. <p><em>“The trick is that you can easily incorporate a pass-through US LLC and open a business account for it even if you’re not a US citizen, it’s not rocket science. I am not an accountant but I did it in an afternoon.”</em></p>
  86. </blockquote>
  87. <p>I run two companies: <a href="https://capsule.social">one US-based startup</a> with VC investors, 14 employees, etc., and one <a href="https://symbolic.software">EU-based software consulting outfit</a> for my personal consulting projects and software publications. Both of them indeed took mere hours to set up.</p>
  88. <p>But that is an incredibly reductionist metric by which to measure the time, effort and commitment it takes to go from an registered LLC to a structure that’s handily dealing with invoicing big companies, processing these invoices, handling financials, delivering on contractual promises at scale, hiring, dealing with incidental costs and responsibilities, the potential need for legal, and much, much more.</p>
  89. <p><strong>Starting a company, anytime, anywhere, for virtually anything, is an extra set of commitments <em>on top</em> of being an open source maintainer. It is more like going from being engaged to being married to your project, rather than a free solution to balance maintainer responsibilities with new compensatory income.</strong></p>
  90. <p>If you want to, as the blog post suggests, use the above to get into a position where <em>“eventually, a whole career path with an onramp for junior maintainers, including training, like a real profession”</em>, then that’s not something for which the difficulty can be accurately represented with how long it takes to set up an LLC. That’s something based on an entirely new set of commitments and responsibilities: corporate responsibilities. Fiscal responsibilities. Taxes. Hiring. Delegating. Planning a product roadmap — you have to pretty much go all the way. It’s not a fun solution. It’s, at best, building a tiny Red Hat.</p>
  91. <p>There are some extremely lucky exceptions, such as what WireGuard has been able to accomplish through donations, grants, and adoption by private startups such as Tailscale. But that’s largely through a level of luck, goodwill and pretty insane level of privilege on the part of the project’s founder, who nevertheless worked on the project obsessively without the promise of revenue anyway for its first many years. WireGuard was also intelligently designed to avoid unnecessary overhead on the maintainer: it brilliantly eschewed even the possibility of needing to deal with dead weight such as backwards-compatibility due to its lightweight cryptographic design, or the need for WireGuard’s maintainer to bother with the questions resulting from composing WireGuard into larger systems and protocols (see the end of this post for how this could have also applied to Log4j.)</p>
  92. <p>So, when the blog post says that <em>“now is the perfect time for Open Source maintainers to become legible to the big companies that depend on them—and that want to get more out of them—and send them five-to-six figure invoices.”</em> it’s actually saying something far more boring and predictable: that it’s time for open source projects to become “legible” to companies by… becoming companies.</p>
  93. <blockquote>
  94. <p><em>“The moment a company has a contractual relationship with a maintainer for a significant sum of money (1x to 0.3x of a market salary, depending on how likely the maintainer is to invoice other companies, too) it can request what it needs as a contractual condition […] (Or not, if they turn down the contract! I’m very specifically not talking about transferring governance.)”</em></p>
  95. </blockquote>
  96. <p>Right, except that the transferring of governance doesn’t occur in some apolitical vacuum, and is often pressured by financial and political considerations that evolve as a result of the growth of the open source project. This point seems to be ignored and reduced to <em>“oh, but they can just turn down the contract!”</em> — which isn’t reflective, sadly, of how the world works. The blog post seems to be somewhat pushing for open source projects into the trap of becoming the clients of much more powerful corporations (and in some cases, nation-states) and I’ve personally seen the disastrous consequences this can often have on software and research communities over and over again (stories for another time).</p>
  97. <blockquote>
  98. <p><em>“This is what I hope to see happen more and more: Open Source maintainers graduating to sophisticated counterparties who send invoices for “support and sponsorship” on letterhead.”</em></p>
  99. </blockquote>
  100. <p>This point was actually (in what became the top comment on the blog post’s HN submission) <a href="https://news.ycombinator.com/item?id=29524103">already touched upon by the president of VideoLAN</a> in a much more effective manner than anything I could myself provide:</p>
  101. <blockquote>
  102. <p><em>“Well, this is exactly what I’ve been doing around VideoLAN (VLC, x264) and FFmpeg for the last few years. In order to do that, I’ve created 2 official companies Videolabs and FFlabs (besides the non-profit orgs) and I’ve gone through all the hoops to get paid (PO, billing, invoices, registering to large companies is a lot of paperwork, tbh, but well..) and we try and bill small to large companies that depends on those projects.</em> <br><br>
  103. <em>And FFmpeg and x264 are the core of the online video.</em> <br><br>
  104. <em>So I did exactly what Filippo is saying we should do.</em> <br><br>
  105. <em>But the result is really not impressive. Seriously, asking for money for support from those companies feels like we’re pulling the nails, even if their full business depends on it. Getting 30-50k$ from those companies for support for one year can be very challenging, long or leading to nowhere at all.</em></p>
  106. </blockquote>
  107. <p>Exactly — a main reason why big companies are employing open source software to begin with is because it saves costs. Companies are subject to obligations on the part of shareholders to keep expenses as low as possible, while startups are under even more onerous restrictions due to runway considerations.</p>
  108. <p>I would find myself hard-pressed to genuinely have faith in this level of corporate generosity, unless I myself ended up being an exceptionally pampered employee at a big tech company for so long that I managed to confuse what is a well-calculated socio-economic retention mechanism towards high value employees, for genuine kindness and a propensity for good will towards open source projects.</p>
  109. <p>Finally, there are also some inconvenient truths regarding Log4j, the particular open source project that inspired this discussion:</p>
  110. <ul>
  111. <li>First, like many other open source projects, Log4j is small enough to easily become in-house-replaceable the moment that companies start to feel pressured to spend money on it. Tangentially, Apple doesn’t sponsor Homebrew.</li>
  112. <li>Second, the fact that you can also solve a lot of these problems by reducing your overhead as a maintainer, and not by increasing it:</li>
  113. </ul>
  114. <blockquote class="twitter-tweet tw-align-center" data-dnt="true"><p lang="en" dir="ltr">Apparently the maintainers of Log4j already agreed the underlying functionality was a ridiculous feature and wanted to remove it, but were held back by backwards compatibility requirements <br><br>if your engineers are telling you something old needs to go, it needs to go</p>&mdash; badidea 🪐 (@0xabad1dea) <a href="https://twitter.com/0xabad1dea/status/1469643409799499785">December 11, 2021</a></blockquote>
  115. <p>All of this to say that, once more, reality is ultimately both more boring and more complicated. I wish it wasn’t: I’d love for it to be so easy and consequence-free to raise money as an open source project maintainer.</p>
  116. </article>
  117. <hr>
  118. <footer>
  119. <p>
  120. <a href="/david/" title="Aller à l’accueil"><svg class="icon icon-home">
  121. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-home"></use>
  122. </svg> Accueil</a> •
  123. <a href="/david/log/" title="Accès au flux RSS"><svg class="icon icon-rss2">
  124. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-rss2"></use>
  125. </svg> Suivre</a> •
  126. <a href="http://larlet.com" title="Go to my English profile" data-instant><svg class="icon icon-user-tie">
  127. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-user-tie"></use>
  128. </svg> Pro</a> •
  129. <a href="mailto:david%40larlet.fr" title="Envoyer un courriel"><svg class="icon icon-mail">
  130. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-mail"></use>
  131. </svg> Email</a> •
  132. <abbr class="nowrap" title="Hébergeur : Alwaysdata, 62 rue Tiquetonne 75002 Paris, +33184162340"><svg class="icon icon-hammer2">
  133. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-hammer2"></use>
  134. </svg> Légal</abbr>
  135. </p>
  136. <template id="theme-selector">
  137. <form>
  138. <fieldset>
  139. <legend><svg class="icon icon-brightness-contrast">
  140. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-brightness-contrast"></use>
  141. </svg> Thème</legend>
  142. <label>
  143. <input type="radio" value="auto" name="chosen-color-scheme" checked> Auto
  144. </label>
  145. <label>
  146. <input type="radio" value="dark" name="chosen-color-scheme"> Foncé
  147. </label>
  148. <label>
  149. <input type="radio" value="light" name="chosen-color-scheme"> Clair
  150. </label>
  151. </fieldset>
  152. </form>
  153. </template>
  154. </footer>
  155. <script src="/static/david/js/instantpage-5.1.0.min.js" type="module"></script>
  156. <script>
  157. function loadThemeForm(templateName) {
  158. const themeSelectorTemplate = document.querySelector(templateName)
  159. const form = themeSelectorTemplate.content.firstElementChild
  160. themeSelectorTemplate.replaceWith(form)
  161. form.addEventListener('change', (e) => {
  162. const chosenColorScheme = e.target.value
  163. localStorage.setItem('theme', chosenColorScheme)
  164. toggleTheme(chosenColorScheme)
  165. })
  166. const selectedTheme = localStorage.getItem('theme')
  167. if (selectedTheme && selectedTheme !== 'undefined') {
  168. form.querySelector(`[value="${selectedTheme}"]`).checked = true
  169. }
  170. }
  171. const prefersColorSchemeDark = '(prefers-color-scheme: dark)'
  172. window.addEventListener('load', () => {
  173. let hasDarkRules = false
  174. for (const styleSheet of Array.from(document.styleSheets)) {
  175. let mediaRules = []
  176. for (const cssRule of styleSheet.cssRules) {
  177. if (cssRule.type !== CSSRule.MEDIA_RULE) {
  178. continue
  179. }
  180. // WARNING: Safari does not have/supports `conditionText`.
  181. if (cssRule.conditionText) {
  182. if (cssRule.conditionText !== prefersColorSchemeDark) {
  183. continue
  184. }
  185. } else {
  186. if (cssRule.cssText.startsWith(prefersColorSchemeDark)) {
  187. continue
  188. }
  189. }
  190. mediaRules = mediaRules.concat(Array.from(cssRule.cssRules))
  191. }
  192. // WARNING: do not try to insert a Rule to a styleSheet you are
  193. // currently iterating on, otherwise the browser will be stuck
  194. // in a infinite loop…
  195. for (const mediaRule of mediaRules) {
  196. styleSheet.insertRule(mediaRule.cssText)
  197. hasDarkRules = true
  198. }
  199. }
  200. if (hasDarkRules) {
  201. loadThemeForm('#theme-selector')
  202. }
  203. })
  204. </script>
  205. </body>
  206. </html>