Pay the Maintainers: xz utils Hack Highlights the Dangers of OSS Maintainer Burnout

Open source software maintainers want to do creative work that matters and makes an impact; however, despite increasing demands, most maintainers still don’t get paid for their work, which is not only wrong but dangerous. The xz utils scare brought to light the very real implications of what could happen when maintainers are not supported and while this attack was thwarted the bottom line is that packages are not being maintained because for the most part, these open source developers are unpaid hobbyists who do not receive both the financial or societal (community, mental health, training, time) support needed to ensure the security and resilience of the open source software we all rely on.

Overworked and underappreciated developers, like xz’s, are a huge problem as It leads directly to burnout, bugs, and downstream costs. Collectively, the industry has made developers the basis of an 8.8 trillion-dollar economy without giving them anything but extremely indirect benefits.

In this session, Matthew Arnow, head of enterprise solutions at Tidelift, will share straight from the source maintainer feedback regarding the xz utils scare and how it has affected them, along with supporting survey data on the challenges and the consequences of not incentivizing developers and what he has learned about supporting maintainers while providing examples of success stories when maintainers are paid for their work to ensure their projects remain secure and healthy.



Matthew Arnow

Matthew Arnow has a diverse work experience and focus in the technology sector. After spending 15+ in enterprise mobility and security solutions Matthew is currently working at Tidelift, where they ...