Many open source maintainers quit – Increasing pressure on projects
Dissatisfaction grows in open source projects. Lack of remuneration given growing demands on functions, documentation and security is a burden for developers.
(Image: erzeugt mit Dall-E durch iX)
- Robert Lippert
The new Tidelift State of the Open Source Maintainer Report takes a look at the pressures that maintainers face today. In particular, the lack of remuneration continues to put pressure on project maintainers – A good 60 percent of them see no money for their commitment.
Focus on security, but it shouldn't cost anything
The situation also remains tense in the professional sector. Although a minority of around 12% of respondents can make a living from their work on open source projects, the figure has not improved compared to 2023, but has actually worsened slightly (13%). This is despite incidents such as the Easter drama surrounding xz Utils and the increased awareness of security aspects.
In fact, maintainers now have to invest up to three times as much time in the security of their projects compared to 2021. In addition to maintenance work and the development of new security functions, this also includes fixing security vulnerabilities, searching for new vulnerabilities and dealing with dependencies in the code. Time that is then lacking for other tasks.
Maintainers are increasingly focusing on security standards
At this point, the State of the Open Source Maintainer Report praises the growing awareness of standards such as the NIST Secure Software Development Framework, the OpenSSF Scorecard or the SLSA (Supply Chain Levels for Software Artifacts Framework). The OpenSSF Scorecard has established itself as a benchmark, particularly for source code in an enterprise context, and 30 percent of maintainers are already working with the model. A further 6 percent plan to use it in the next three months and 12 percent want to use it within a year.
(Image: Tidelift 2024 State of the Open Source Maintainer Report)
The report also provides a closer look at the project maintainers supported by Tidelift. Here, the figures suggest that financially supported maintainers are more likely to adhere to such standards –, meaning that support has a measurable effect on improving the security of open source projects.
Over a third of maintainers would prefer to give up
Working on open source projects does not only entail financial sacrifices. Around 48% of maintainers do not feel properly valued, which is around 8 percentage points more than in 2021. And if they were allowed to describe in their own words what they really dislike about their work, they would particularly criticize their community's sense of entitlement. As one respondent put it: "Most users, even those who need corrections, are not prepared to help out themselves. They simply expect someone else to solve the problem for free."
And so 38% of those surveyed are also considering giving up their commitment. According to the survey, 22 percent have already put this consideration into practice.
The Tidelift State of the Open Source Maintainer Report is available to download free of charge upon registration. It summarizes the responses of 437 maintainers, almost half of whom (45 percent) have more than ten years of experience in maintaining open source projects.
(dmk)
