Source URL: https://www.theregister.com/2024/09/18/open_source_maintainers_underpaid/
Source: Hacker News
Title: Open source maintainers underpaid, swamped by security, and going gray
Feedly Summary: Comments
AI Summary and Description: Yes
**Summary:** The text presents findings from Tidelift’s 2024 State of the Open Source Maintainer Report, highlighting the challenges faced by open source project maintainers, including security concerns, aging demographics, and the impact of AI tools on their workflow.
**Detailed Description:** The report sheds light on critical trends affecting the open source maintenance community, particularly the implications of insufficient compensation and increasing security burdens. Key points include:
– **Demographics and Aging Population:**
– A significant proportion of maintainers (45%) have been in the field for over ten years.
– There is a notable increase in maintainers aged between 46-65, while the number of maintainers under 26 has sharply declined.
– **Security Concerns:**
– Respondents report spending three times more time on security tasks compared to three years ago—11% of their total time.
– The xz backdoor incident caused a loss of trust, with 66% of maintainers becoming less trusting of non-maintainer pull requests, potentially increasing scrutiny on contributions.
– **Professional vs. Hobbyist Work:**
– The majority (60%) of respondents identify as unpaid hobbyists, with many reporting they receive little to no financial support.
– Paid maintainers (55% on average) were more likely to implement security practices associated with recognized frameworks compared to unpaid maintainers.
– **Awareness of Security Frameworks:**
– Awareness of security initiatives such as the OpenSSF Scorecard and NIST SSDF is increasing among maintainers, with the OpenSSF Scorecard having the highest reported awareness at 40% (up from 28%).
– **AI Tools Impact:**
– Maintainers expressed mixed feelings towards AI coding tools; 45% had negative sentiments regarding their utility due to issues like incorrect code generation and increased false pull request submissions.
– Two-thirds of maintainers are less inclined to accept contributions from AI-tool users.
– **Compensation and Recognition:**
– The report emphasizes a need for better compensation to avoid the deterioration of vital open source projects, as current income sources largely rely on donations (25%) and company salaries (24%).
These findings underscore the urgent need for improved support structures for maintainers to ensure the sustainability of open-source projects within the security landscape. As the community confronts new challenges like AI, there is potential for greater reliance on improved security methodologies and collaborative support.