> once we start talking about the kind of software large corporations (like AWS) will have an interest in

I'm not sure why someone who is spending their limited free time building software to give away for free would want Amazon as a downstream consumer

Do you enjoy spending your nights and weekends dealing with CVE reports, while a high-6-figure BigTech engineer nags you that they need it fixed?

▲

jaredklewis 6 days ago | parent | next [-]

We definitely agree on this point. Different licenses select for different things.

It is an annoying problem to have, but if your goal is to be able to support yourself by working on your open source project full time (not saying this has to be or should be everyone’s goal), then having big tech engineers nagging you is probably a good problem to have.

▲

swiftcoder 6 days ago | parent [-]

Honestly haven't seen many open-source maintainers convert a BigTech downstream into recurring revenue. I'm sure it does happen, but its far from the norm

▲

Aurornis 6 days ago | parent [-]

If your project gets adopted by Big Tech then your market rate as an engineer just went way up.

It’s a huge badge of honor and a rare accomplishment. You’re thinking too directly if you can’t imagine how having your OSS project adopted by Big Tech isn’t a career boost.

▲

zelphirkalt 6 days ago | parent | next [-]

Maybe it can happen, but ask the people maintaining open source projects long term, how much it helped them pass silly leetcode interviews, which companies insist must be done, even if you have a golden track record.

▲

notpushkin 6 days ago | parent | next [-]

“Google: 90% of our engineers use the software you wrote (Homebrew), but you can’t invert a binary tree on a whiteboard so fuck off.”

https://twitter.com/mxcl/status/608682016205344768

	▲	Aurornis 5 days ago \| parent [-]
		Please see his follow up comments years later where he reflects on the situation and agrees that he should not have been hired at that time. He posted that in the heat of the moment while angry, but they didn’t literally reject him for a single LeetCode problem. He admits that he was just not at a point where being hired into a FAANG job would have been a good move. That one Tweet has fueled years of internet rage from people who didn’t get the whole story, though.

▲

Aurornis 5 days ago | parent | prev [-]

I know people maintaining open source projects long term and getting FAANG adoption is a dream come true. That’s why I posted it.

I’ve also worked at companies where people who write OSS have been recruited with comp packages that would be hard to get even at FAANG because their OSS work was crucial to the company.

▲

swiftcoder 5 days ago | parent | prev [-]

Maybe in specific fields this is true, but a lot of folks in Big Tech view open source as where developers who couldn't hack the interviews end up (they also hold a pretty similar view of startup engineers, unless they are ex-FAANG)

▲

Aurornis 6 days ago | parent | prev [-]

> I'm not sure why someone who is spending their limited free time building software to give away for free would want Amazon as a downstream consumer

Are you kidding? This is the dream scenario for many open source projects: Getting adopted by a major company is a claim to fame like none other.

> Do you enjoy spending your nights and weekends dealing with CVE reports, while a high-6-figure BigTech engineer nags you that they need it fixed?

Then don’t? You don’t have to do anything. It’s fine to ignore it you want.

Practically speaking, Amazon engineers aren’t going to sit around and hope the maintainer fixes the thing that unblocks them. If they actually need it, they’ll fix it. They might fork it. They might try to recruit the person.

But nothing obligates you to do anything. This hand-wringing about the idea that someone might find the project useful enough to identify issues and report them is rather ridiculous. Just ignore it if that’s prerogative.

	▲	swiftcoder 6 days ago \| parent [-]
		Having been upstream of this problem (I was engineer at Amazon for ~5 years), they will typically not do any of those things. The amount of paperwork they have to jump through just to send you a patch makes it not worthwhile. They might fork in extremis, but to do that they first have to justify to management that it's worth ongoing effort to support. Hiring a maintainer really only happens for truly foundational projects like the Xen hypervisor. What they will do is use the public nature of the CVE process to pressure you to patch with the SLA - and that's generally pretty effective. Only a few open source groups (for example, the npm team) have enough public clout to reject CVEs without reputation damage.