That is already how it works. The loner hacker in moms basement working for free on his super critical OSS package is largely a myth. The vast majority of OSS code is contributed by companies paying their employees to work on it.

▲

marcus_holmes 4 hours ago | parent | next [-]

I'm thinking of projects like curl [0]

this is a cornerstone of modern software development. If it died, or if got taken over by a malicious entity, every single company on the planet would have an immediate security problem. Yet the experience of that maintainer is bad verging on terrible [1].

We need to do better than this.

[0] https://curl.se/docs/governance.html

[1] https://lwn.net/Articles/1034966/

▲

duskdozer 4 hours ago | parent [-]

>As an example, he put up a slide listing the 47 car brands that use curl in their products; he followed it with a slide listing the brands that contribute to curl. The second slide, needless to say, was empty.

>He emphasized that he has released curl under a free license, so there is no legal problem with what these companies are doing. But, he suggested, these companies might want to think a bit more about the future of the software they depend on.

There is little reason for minimal-restriction licenses to exist other than to allow corporate use without compensation or contribution. I would think by now that any hope that they would voluntarily be any less exploitative than they can would have been dashed.

If you aren't getting paid or working purely for your own benefit, use a protective license. Though, if thinly veiled license violation via LLM is allowed to stand, this won't be enough.

▲

marcus_holmes 3 hours ago | parent [-]

There is a lot of opposition in the FOSS community for restrictive/protective licenses. And to be fair, this comes from a consistent and entirely logical worldview.

There's a bunch of problems with getting companies to pay for this, too - that sense of entitlement (or even contractual obligation), the ability to control the project with cash, etc.

I don't have any answers or solutions. But I don't think we can hand-wave the problem away.

▲

uecker 2 hours ago | parent [-]

The problem is that they get away too easily with bugs in their products they ship to customers. If this would come with some penalties, there would be some incentive to invest in security and this would probably often flow back to upstream projects.

▲

teytra 24 minutes ago | parent [-]

Like a money-back guarantee?

Like you get when you buy e.g. MS products?

	▲	uecker a few seconds ago \| parent [-]
		Maybe you misundertood. I am not talking about the open-source projects, but the downstream products such as cars that integrate curl.

▲

larodi 5 hours ago | parent | prev [-]

The sad truth about open source in 2026 is that it does not serve the society the way it is advertised or did back in the 90s.

▲

spockz 3 hours ago | parent [-]

How so? We have open source operating systems running on a whole sleuth of systems ages apart. Interesting ideas and open collaboration coming out of the OS world.

This opposed to closed off “products” that change at the whims of the company owning it.

	▲	larodi 20 minutes ago \| parent [-]
		Statistically. Most of it is created to serve marketing, personal or other agenda needs and is sponsored through the corresponding means for it. There’s a lot of misconception about how the open source comes to be and very small part, still significant of course, of it was really created for the benefit of a community. There are exceptions, but dig the organisational culture and origins and you’ll see the pattern. Also, thousands of projects are made for the satisfaction of the author himself being highly intelligent and high on algorithmic dopamine.