According to the 2020 FOSS Contributor Survey conducted by the Linux Foundation, 48.7% of respondents are paid for work on free and open-source software[1].
And yet there a critical free and open-source software projects that are chronically underfunded and that have no realistic ability to monetize.
Difficulty of financially supporting “FOSS”
Finding projects to support
It is surprisingly difficult to financially support “FOSS”. You can of course support some projects that you know you use or that you know you like. But this will always just be a small fraction of the projects you actually use.
A company or an individual has only one option when trying to support FOSS: they have to research what projects they actually use. They can’t fund all the projects they use, because even just using a single FOSS project (e.g. Mastodon, the Linux kernel) entails depending on hundreds, if not thousands of independent projects. Only the wealthiest donors can afford to split their donation into a thousand pieces and still end up with amounts that justify the transaction fees.
Most willing donors have to prioritize their donations.
A project thus has to clear two obstacles before being funded:
- They have to be visible to willing donors.
- They have to be significant enough to the donors that found them, to be supported financially.
There are too many projects that never clear these obstacles before something disastrous happens. XZ and Log4j to name the most famous ones.
This is not the fault of any of these projects, this is the nature of the modern software supply chain. We depend on more projects than we could possibly fund individually, so we need to fund them collectively.
A very similar problem occurs when trying to find projects to contribute, though here the solution cannot be collective support as no one can contribute to all FOSS projects at once.
Funding “FOSS” vs. Funding a FOSS Project
The second funding problem for “FOSS” is that there is a meaningful difference between “Funding FOSS” and “Funding a FOSS Project”.
The first means to fund not just the development of FOSS projects, but also the supporting infrastructure that FOSS needs. The conferences, the support groups, the mental health hotlines for burned out volunteers and the discussion forums, like the one that this article is published on - to name just a small part of it.
When financial support only exists for a set of FOSS projects, this infrastructure either falls into neglect or is never built up in the first place. But it is necessary for all of the FOSS community to survive.
Without connections, without support, without exchange across projects and without help from burn-out, stress, abuse and other mental health crises, fewer and fewer projects will succeed and those projects that persist will do so despite the environment and not because of it.
Collectively funding Free and Open Source Software
I only see one solution to this problem of overly targeted funding. We need trusted institutions - foundations and companies with a reputation in the FOSS community - to start fundraising for the FOSS community as a whole. They can find the projects that are vital and in critical states, provide support in the form of counseling, connecting maintainers to trusted contributors and maintainers and paying the maintainers and contributors for there work on a case by case basis.
And they can also dedicate resources better to supporting the FOSS movement as a whole.
We don’t need another grant program that maintainers need to take time out of their day to apply to for a very limited amount of funding over a very limited amount of time. This initiative needs to be available to FOSS maintainers for advice and support, but it also needs to pro-actively reach out to projects it deems critical, vulnerable or desperate.
Otherwise disasters, like the XZ vulnerability, will keep happening.