tostphoto - stock.adobe.com
How much is enough to support those who maintain open source?
Without the ongoing work of developers, open source projects would become stale and riddled with unfixed bugs and security issues. We look at the issues of funding and fairness
The research and development team at Spotify has nominated four open source projects to receive a share of its annual €100,000 FOSS (Free and Open Source) Fund.
Tyson Singer, Spotify’s head of technology and platforms, said: “The recipients are all independent projects that are meaningful to Spotify’s tech stack and the work we do.”
Along with improving the code base, fixing security vulnerabilities and continuing the development of the projects, Spotify said the fund aims to bring attention to independent open source projects and their value to the wider community.
This year’s recipients are AssertJ, Jdbi, Testcontainers and Xiph, which will each receive €25,000 from the FOSS Fund.
AssetJ is a Java library designed to help engineers write clean tests by making assertions and errors more readable. AssertJ is used in many of Spotify’s critical tests and is found in 764 of the company’s repositories containing production components.
Artefacts from the Jdbi library are used in 379 production repos at Spotify. This library provides what Spotify describes as “easy access to relational data in Java” and, according to one Spotify engineer, Jdbi is used “a ridiculous amount”.
Testcontainers is another Java library used for testing. Nearly all of Spotify’s back-end services use Testcontainers for running Docker containers during testing.
Xiph is a non-profit organisation that produces free multimedia formats and software tools. Having garnered the most nominations from Spotifiers last year, the Xiph.org Foundation received €19,000 from the fund in 2022 and €25,000 this year.
While the supported projects generally align with Spotify’s heavy use of the Java Developer Kit (JDK), Xiph.org is focused on supporting and developing free, open protocols for multimedia.
Discussing Spotify’s continued support for the project, Dave Zolotusky, principal platform engineer at Spotify, said: “We are dedicated to protecting the foundations of internet multimedia from control by private interests, which aligns with our belief that there should not be gatekeepers to the internet.”
How can open source be funded fairly?
Given the value Spotify gains from open source tools and its dominance in the music industry, there are some who question whether putting €19,000-€25,000 of funding into an individual open source project reflects the true value the project delivers to the company.
Amanda Brock, CEO of OpenUK, said many businesses, such as Spotify Starling Bank and Skyscanner, have built entire businesses on open source software: “It forms the infrastructure of their digital services. The beauty of open source software is that there is a free flow of the software (subject to licence compliance it is freely available for use by anyone for any purpose).”
However, she said this has led to an imbalance between the open source “maintainers”, who may be voluntarily creating and maintaining in their free time, and those who use it in a commercial sphere and may form the basis of million- and billion-dollar businesses.
“Whilst the licensing of open source makes it freely available and allows exactly this, the scale of this today due to unprecedented adoption in the last decade means we really need to find an equitable way for users who, by necessity, want to engage in the communities whose work they utilise and rely on and from which their businesses benefit from to give back to the open source community,” she added.
According to Brock, it has become evident that companies which enjoy the use of open source software, alongside the public sector, are using it at such a scale that there is an imbalance.
“Today, open source forms the base of national and critical national infrastructure, as well as the basis for the infrastructure in organisations like Spotify. We have to praise Spotify for making this effort to share the economic success they have enabled by open source software. It’s a great step in the right direction, and one they have been making for some time.
“But in the same way as we question how much profit is enough for a company, we need to try to work out how much contribution back is fair and right. How much is enough?”
Without financial support, there is a very real risk that many open source projects will stop being maintained. This is a topic Brock spoke about in a Computer Weekly Downtime Upload podcast recorded last year.
Brock said she would like an approach that allows companies to contribute to open source financially and through skilled resources to enable its continued success.
“Without this evolution, the imbalance in work input and benefits recouped may break this elegant, free-flowing collaborative innovation system,” she said. “We see the friction this causes today not just in the pain and burnout of maintainers – who have no obligation to meet user demands unless money has changed hands and there is an agreement – but in companies feeling unable to stay true to their open source roots. It is a space you can expect to see a lot more discussion around.”
Financial sustainability a big problem in open source
Discussing Spotify’s 2023 FOSS Fund recipients, Percona’s head of community, Joe Brockmeier, who was previously involved in the Apache Software Foundation and worked at Red Hat, said: “The entire idea of open source is that it’s a commons that we all contribute to and that we all benefit from. While you could look at this as ‘is Spotify doing enough?’, I’d suggest that would be the wrong way to look at it. Spotify is doing something, which is more than many organisations. Could Spotify do more? Maybe, but it would also have to justify it to shareholders after a certain threshold.”
Joe Brockmeier, Percona
In his experience, open source projects and companies still have a long way to go to figure out the best way to ensure projects are sustainable and that the organisations benefiting from open source are doing their fair share.
“Spotify’s contribution isn’t equal to the value it derives from FOSS, but it shouldn’t have to be if all organisations that benefit from open source were also taking steps to contribute back,” said Brockmeier.
Earlier this year, Computer Weekly spoke to Per Ploug, open source tech lead at Spotify, about the financial sustainability of open source projects. Ploug believes the idea of having confidence that an open source product has longevity goes to the heart of the problem currently facing the open source community.
“We have an enormous financial sustainability problem in open source,” he said. “I think a large number of open source maintainers are underpaid or underappreciated. They are also stressed about the rising demands on open source maintenance that we are seeing.”
Responding to the questions on FOSS funding, Spotify’s Zolotusky described the $19,000-$25,000 provided to maintainers as “a start”, adding: “We’re using this initial amount to help us evaluate what kind of impact we can make. Funds are meant to ensure the maintainers have the financial means to continue maintaining their projects, fix security vulnerabilities and continue improving the codebase.”
In addition to donating financial support, Zolotusky said the purpose of the fund was also to bring attention to independent open source projects and their value to the wider community.
Read more about supporting open source
- Open source is critical to the tech industry, but nearly half of maintainers work unpaid -- and the situation is becoming untenable amid rising corporate use and security concerns.
- While KubeCon-CloudNativeCon North America focused on specific software projects, case studies and tech challenges, there was a discernible undercurrent of concerns over OSS.