While open-source sustainability has been a common topic in the hallways tracks and dev channels of major projects for years, the Heartbleed vulnerability in 2014 catapulted the topic in to the spotlight. Since then we've seen many discussions about how open-source should be supported for the long term, but rarely much action beyond a few token donations and some long Twitter threads. In this talk we'll look at an overview of what kinds of projects are out there, how sustainability works in real terms, and what techniques have worked or not worked over the years.