top | item 47202818

(no title)

Yeah I agree, maintaining OS projects has been a weird thing for a long time.

I know a few companies have programs where engineers can designate specific projects as important and give them funds. But it doesn't happen enough to support all the projects that currently need work, maybe AI coding tools will lower the cost of maintenance enough to improve this.

I do think there are two possible approaches that policy makers could consider.

1) There could probably be tax credits or deductions for SWEs who 'volunteer' their time to work on these projects.

2) Many governments have tried to create cyber reserve corps, I bet they could designate people as maintainers of key projects that they rely on to maintain both the projects as well as people skilled with the tools that they deem important.

discuss

mathstuf|1 day ago

> 1) There could probably be tax credits or deductions for SWEs who 'volunteer' their time to work on these projects.

Why exclusive to SWEs? They tend to be more time-restricted than financial-restricted (assuming the "SWE" comes from a job description). I'd be more interested in making sure that those with less well-paying jobs are able to access such benefits rather than stacking it onto those already (probably) making 6-figures.

Of course, the problems arise in the details. Define "volunteer": if $DAYJOB also uses it (in a way related to my role), is it actually, instead, wage theft? Also, quantifying the benefit is a sticky question. Is maintaining 10k emoji packages on NPM equivalent to volunteer work on libcurl? Could it ever be? Is it volunteer work if it ends up with a bug bounty payday? Google's fuzzing grant incentives?

da_chicken|2 days ago

There should be public works grants to maintain them, or else a foundation specifically to maintain them funded with donations, grants, etc.

The alternative is another XZ backdoor.