I met with some peers last week, and the core-js crisis came up. It's a long read, but to sum it up, the project has a massive impact in the JavaScript ecosystem, and the maintainer can barely get by. With that said...there are some complications in getting this person paid. The biggest one is he lives in a country (Russia) that is sanctioned by most of the world that uses the project. How do you solve that? As I said, it's complicated.

We then started asking other questions, such as how do we identify the next time bomb? Do we create relationships with our all of the maintainers in our supply chain? If our businesses rely on each link in the chain, that will make sense; however, it’s easy to throw money at the problem, but will it solve the problem?

"We sort of need a minority report to catch maintainers before they burn out."
John Anderton finding the maintainers before they burn out.

I used to think money was the answer to solve all issues in open source, but it's another myth. Some maintainers can't take money because it goes against their employment contract. Others don't want the responsibility that comes with money. They started the project because it helped them solve a problem and thought, why not throw it up on GitHub? Ironically it then becomes a new problem.

Armin Ronacher, the creator of the Python-based microweb framework Flask argued:

"...when I create an Open Source project, I do not choose to create a 'critical' package. It becomes that by adoption over time," wrote Ronacher.

Maybe the issue is unfixable. Either way, I believe that we can all still make an impact by finding ways to help maintainers in any way possible. It's not a time to give up.


Open source leaders call for permanent government funding package | IT PRO
Funding open source projects with taxpayers’ money is “inevitable” and should be treated like maintaining the electrical grid
"In light of high profile recent events, we are all aware that open source software is a critical part of software infrastructure as a whole. Security issues related to popular open source projects are in the news and in policy conversations. As open source professionals, we hope that policy makers carefully consider the distinction between open source projects and products."  − Aeva Black & Gil Yehuda

Open Source Security Policy Conundrum
From 2022, I recently met Amélie Erin Koran on a call with The Atlantic Council Cyber Statecraft Initiative Working Group. This video was brought up, and I found it fascinating.

More Media

From Team Charm · Bashbunni and JZ
Clare Dillon of InnerSource Commons on OSPOs and the Open Ireland Network
Clare takes us through how she got into open source and involved with InnerSource Commons, and how her work has helped build open OSPOs in Ireland and beyond since.

Final Thoughts

I know I asked a lot of questions above. It's because I don't know all the answers, and I want us to all start conversations on how to find them. Find 20, heck, 10 minutes this week to talk to someone about open source sustainability. The non-code contributors will help answer the difficult questions so the maintainers can do what they do best.

Thanks for reading, and remember...sharing makes Petey happy.

Issue 44