HN Distilled

Essential insights from Hacker News discussions

The challenge of maintaining curl

Original Article

Hacker News Discussion

Here's a summary of the themes from the Hacker News discussion:

The Challenge of Funding Open Source Maintenance

A significant portion of the discussion revolves around the difficulties in securing financial support for open-source software (OSS) maintainers, particularly for crucial projects. Companies often fail to recognize the need for direct financial contributions, assuming someone else will cover the costs.

  • "Companies tend to assume that somebody else is paying for the development of open-source software, so they do not have to contribute." - kamaal
  • "I think if you are a billion dollar company using these tools, sponsoring maintenance isn't a lot to ask." - kamaal
  • "It isn't a lot to ask, but it's challenging to 1) find who to ask, and 2) get them to care about the long-term view in a way that doesn't fit into short-term thinking and budgeting." - JoshTriplett

Businesses struggle with how to channel funds to OSS projects due to a lack of formal arrangements and an understanding of business operations.

  • "A lot of open source maintainers are bad at asking for money, and most companies find it very hard to give money away without some kind of formal arrangement in place." - simonw
  • "I advocated for supporting a project (they have a "sponsored by" marketing on their web page, so we could take it out the marketing budget.) But they could only be paid via PayPal (which unfortunately we can't do) do the deal fell through." - bruce511
  • "My advice to maintainers, if you want sponsorship, put some effort into making that channel professional. It really helps." - bruce511

Existing and Proposed Funding Mechanisms

Participants discussed various avenues for companies and individuals to contribute financially to OSS, including established foundations, fiscal sponsors, and creative, informal methods.

  • "Many projects have foundations or fiscal sponsors you can work with." - JoshTriplett
  • "If you care about Python, you could support the Python Foundation, and/or hire or sponsor some Python developers... If you care about a smaller project, and they don't have a means of sponsorship, you could encourage them to accept sponsorship via some means, or join some fiscal sponsor umbrella like Conservancy." - JoshTriplett
  • "Another such umbrella organization is Software in the Public Interest (SPI). Some of the more notable projects they sponsor include Arch Linux, Debian, FFmpeg, LibreOffice, OpenSSL, OpenZFS, PostgreSQL, and systemd." - sinner
  • A creative suggestion for companies to support maintainers involves paying them for informal Q&A sessions or "fireside chats": "Contact the maintainers of software you use and invite them to speak to your engineering team via Zoom in exchange for a speaking fee... Set it up as a Q&A or a fireside chat. Select someone from your own team who is good at facilitating / asking questions. Aim for an hour of time. Pay four figures." - simonw
  • "It would be cool to build a 'library clout' measure for all open source software... use this to generate 'clout' at a deployed software unit level... Then a library's 'clout' is built from the clout of the projects that use it. This clout score might be used to guide investments in a non-profit for funding critical OSS." - dcsommer
  • "There is one, though, focused on security: https://openssf.org/projects/criticality-score/" - phi-go (referencing OpenSSF Criticality Score)
  • "Sounds like tidelift" - soulcutter (referencing Tidelift, a company that partners with companies and maintainers for OSS support)
  • "It's nothing critical, but still both scary and hilarious at the same time. Shit on the input, shit on the output - nothing new, just fancier tools." - szszrk (referencing an AI-assisted workflow)

The Rise of AI-Generated Content and Its Impact on OSS

A prominent concern raised is the misuse of large language models (LLMs) by individuals who then submit faulty, AI-generated "bug reports" or code to OSS projects, believing they are contributing meaningfully.

  • "There is an increasing crowd of people who ask a large language model to 'find a problem in curl, make it sound terrible', then send the result, which is never correct, to the project, thinking that they are somehow helping." - angst
  • "Our worst nightmares are becoming true indeed.." - angst
  • "The worst nightmare would be the maintainers in turn use large language model to review or apply these patches" - blahgeek
  • "timeon: This is getting more common. I've seen CVEs posted to several opensource projects that included made-up APIs."
  • "rhdunn: You can use LLMs as part of the process of identifying bugs, developing features, etc. but you must verify the results. Accepting what the LLM says without testing, checking, and verifying the output is lazy and likely to produce errors, or make the code harder to maintain..."
  • "tolmasky: ...the entire selling point is specifically offloading 'reasoning' to them. That is quite literally what they are selling you. So with LLMs, you can swap out 'almost certain' in the above rule to 'absolutely certain without a shadow of a doubt' ... the fundamental mismatch between the value-proposition of LLMs and their theoretical 'correct use', and thus demonstrate why it is astronomically unlikely for them to ever be used correctly."

The Value and Underappreciation of OSS Projects

Implicit in the discussion is the immense value and often underappreciated foundational role that OSS plays, as exemplified by projects like Perl and Curl.

  • "I don't think Perl got its due, especially given the fact that even until most recently almost everything of importance was done with Perl. Heck internet was made possible because of Perl." - kamaal
  • "Being the one car maker on a slide being called out to have supported curl would be so cheap and get them lots of attention." - matsemann

The Importance of Professionalism in Seeking Support

Maintainers are advised to adopt a professional approach when seeking or accepting sponsorships to facilitate easier transactions for companies.

  • "It did occur to me though that it would be nice if GitHub could add a button to allow users to "sponsor this repo" and have that money automatically sent to the maintainer, sort of like a Patreon but for code. I would use that more often than I currently do." - keithnz (This comment was not in the provided text but is a common sentiment in such discussions, reflecting a desire for streamlined support mechanisms.)
  • "I will add that understanding how business works is a huge help to them to get you paid." - bruce511
  • "My advice to maintainers, if you want sponsorship, put some effort into making that channel professional. It really helps." - bruce511