I would be much more excited in finding ways to fund public infrastructure like Amazon does Prime rather than going the other way around. If anything, academic open source which is the closest alternative has not really produced much and the production open source that actually works is by and large corporate-sponsored.
P.S. The article also opens by contrasting open source consumption and contribution. In a certain sense, as the article acknowledges later, I care much much more about government consuming free software, as a neutral platform to avoid lock-in for themselves and the taxpayer, as well as providing an open foundation for integration and letting people use free software if they choose to (and not lock them to iOS and Android, for instance.) That alone is one of the biggest ways they can contribute. The actual code contribution will come naturally if they do that.
but software is just not-a-base thing - it needs cpu's, computers. If you want
realy independence do base thing - computer hardware ! Make small hardware that just can run Linux, can display things and use keyboard and mouse... Do eg. Dennmark do this ? Or Bosh ? Or...
Computers just to connect to internet and send some messages via IRC or something... ;)
I think those who believe a companies will pay to you for a random OSS is just a kids. Ask people who can use a sheets, they explain you why your product will die with this approach.
Good article. Could come across a bit like an unintentional bait and switch from the other point of view though, these projects love to see adoption but then require funding to maintain? Maybe setting the project up more commercially that then self funds the open source platform like Laravel is a more sustainable model?
I agree that open source infrastructure needs to be funded. I think first there needs to be a mindset shift in who's responsible for open source.
Currently when new vulnerabilities pop up (i.e. xz-utils compromise, log4j shell), people are quick to blame the maintainers for it. Why shouldn't companies instead be responsible for these vulnerabilities?
Currently, companies treat open source code as someone else's, so they don't bother to audit, maintain it, or fund it.
Clearly, this is wrong, and reflected in the oss license, which states that code is solely consumer's responsibility.
> Currently when new vulnerabilities pop up (i.e. xz-utils compromise, log4j shell), people are quick to blame the maintainers for it. Why shouldn't companies instead be responsible for these vulnerabilities?
They are. I've never seen a single example of a company that was able to dodge legal liability for something bad that happened as a result of an open-source software package that they used.
The problem is that software companies generally aren't liable for anything that happens as a result of their software. If you store the code to a safe with $100k in OneDrive and Microsoft deletes that file by accident, they have zero legal liability - regardless of whether the fault was in Microsoft's proprietary code or some open-source library that they use.
That's the more fundamental problem that needs to be addressed first - that tech companies have extremely few responsibilities to their users, in a way that's unlike most other industries that have come before.
The public barely want to fund public infrastructure, for the electricity they use, the water they drink. And especially not for the electricity and water that their neighbours, or people across town, or people somewhere else in the country need.
They are not to blame. Why should they care, when open source itself doesn't care about them? The benefits don't go to the public; they go to those who can use it to build a business.
The public is already paying enough to fund all of these things properly, but the money is getting diverted to enrich politicians and military contractors.
Quite often the public infrastructure (at least in some EU countries) is funded in the way so that the investors give the funds and then a small fee is collected and used to pay for the loan and maintenance. Sometimes after the loan is fully paid the infra usage fees are waived.
I’ve given up on hopes of having funding on open source. My open source packages account for about 1.2% of all PHP code downloaded from Packagist (package manager) but unless there is a commercial effort behind it, I do not see it happening. A couple devs in highly hyped companies is able to generate a following big enough to solicit some non trivial amount of funding but the majority just doesn’t care enough about it to fund it. In the end, is open source maintainers are stupid enough to give our code away for free, so who’s really to blame for this. Perhaps it’s an overly pessimistic view, but not a view that has historically been disproven.
Governments should do this, but as a but as a way to create value and do things that are strategic but not locally optimal. Not just because some lawyer writes in some extra funding for ffmpeg (or whatever).
Small teams making software to solve problems, and then gradually aiming to hire for end users to be able to code (this is a good way of achieving the "less people, higher salaries" dream)
If we treat it as infra then I fear slightly that we'd end up like the Victorian to modern transition where the idea of public infrastructure being run by the people who built lots of it in the first place is unimaginable i.e. Britain's railways and many roads were built to make money, but we are now (I'd argue) so risk adverse and allergic to prices being allowed to signal anything that we would never actually allow this to happen now.
There's precedent for this type of thing in the EU. They sponsor(ed?) the bug bounty program for VLC Media Player[0] for example, among a few other OSS projects.
20 years ago I gave Dries the domain Drupal.com for free to support open source.
I recently gave the domain MrBeast.org to Beast Philanthropy.
But more important than Open Source is Freedom. I recently acquired the domain antifascist.org to fight the rise of fascism. This will be a website to share information on protecting your loved ones - it will be open source in that everyone can contribute.
I welcome anyone that wants to help - send an email or use the contact form on the website.
I lead open source projects for the United Kingdom National Health Service, specifically for NHS Wales Digital Health and Care. The UK is investing significantly in open source and publishing widely about the importance of open source.
If you're technical and curious, I'm currently porting the UK NHS design system from Nunjucks to more implementations, including vanilla HTML CSS TypeScript, and my personal favorite Svelte Tailwind Daisy UI. Claude Code is churning on it right now.
Good point. We do use the existing GOV.UK design system, because it's the basis for the NHS.UK design system. Broadly, there are medical-related design aspects that use specific system quality attributes processes such as clinical compliance and formal research to help guide the look and feel and accessbility.
If you are looking for OSS support for things like libre office, graphics, bluetooth, WSI, upstreaming, kernel and more, Collabora is a UK based company that can help~
Careful what you wish for. Government funding almost always comes with strings attached. Once a project becomes dependent on government, they will call the shots. Do what they want or get your funds yanked! This could include stuff like coding back doors for the NSA or implementing spyware.
Isn't this what the "Freemium" model is supposed to resolve? If a open source package is popular, people will build businesses around it and people who use it can then purchase support and get bonus features.
This allows the marketplace to determine which project get supported rather than bureaucratic decree.
Perhaps open source should update its license so that businesses profiting from it contribute a small portion of their earnings — say, 1% — to a global fund, whether allocated specifically to the open source maintainers and contributors or to the Decentralized Universal Kindness Income (DUKI /djuːki/) for all lives worldwide.
Still, most of these genius engineers likely don’t care much about such a small sum. They earn the honor and move on, while the charitable benefits flow to those who can monetize the software.
In some places, funding public infrastructure like public infrastructure has barely proven to be successful and sustainable. Some places are underfunded, and it shows, and other places are well-funded but in crippling debt.
Fairly comprehensive and good blog post. Possibly too new to make it in, a proposal to take the learnings of the German STF (mentioned in the post) and expand it to the EU level for the next budget cycle (2028-2035) https://eu-stf.openforumeurope.org/
50 comments
[ 2.8 ms ] story [ 113 ms ] threadP.S. The article also opens by contrasting open source consumption and contribution. In a certain sense, as the article acknowledges later, I care much much more about government consuming free software, as a neutral platform to avoid lock-in for themselves and the taxpayer, as well as providing an open foundation for integration and letting people use free software if they choose to (and not lock them to iOS and Android, for instance.) That alone is one of the biggest ways they can contribute. The actual code contribution will come naturally if they do that.
but software is just not-a-base thing - it needs cpu's, computers. If you want realy independence do base thing - computer hardware ! Make small hardware that just can run Linux, can display things and use keyboard and mouse... Do eg. Dennmark do this ? Or Bosh ? Or...
Computers just to connect to internet and send some messages via IRC or something... ;)
I believe, once in deep future, an open source developers will grown and stop repeating this sectarian mantra.
No one owes you anything. If you do opensource and you need in money - use your open source as marketing tool to promote services you sell.
It's simple as 2+2, I've mention it in my blog post https://vitonsky.net/blog/2025/06/24/open-source/
I think those who believe a companies will pay to you for a random OSS is just a kids. Ask people who can use a sheets, they explain you why your product will die with this approach.
Currently when new vulnerabilities pop up (i.e. xz-utils compromise, log4j shell), people are quick to blame the maintainers for it. Why shouldn't companies instead be responsible for these vulnerabilities?
Currently, companies treat open source code as someone else's, so they don't bother to audit, maintain it, or fund it. Clearly, this is wrong, and reflected in the oss license, which states that code is solely consumer's responsibility.
They are. I've never seen a single example of a company that was able to dodge legal liability for something bad that happened as a result of an open-source software package that they used.
The problem is that software companies generally aren't liable for anything that happens as a result of their software. If you store the code to a safe with $100k in OneDrive and Microsoft deletes that file by accident, they have zero legal liability - regardless of whether the fault was in Microsoft's proprietary code or some open-source library that they use.
That's the more fundamental problem that needs to be addressed first - that tech companies have extremely few responsibilities to their users, in a way that's unlike most other industries that have come before.
Turns out humans evolved for smaller groups than we've shoved into entire countries.
This is something like commercial open source
Contribution to existing projects lacks behind, but it's getting better.
Small teams making software to solve problems, and then gradually aiming to hire for end users to be able to code (this is a good way of achieving the "less people, higher salaries" dream)
If we treat it as infra then I fear slightly that we'd end up like the Victorian to modern transition where the idea of public infrastructure being run by the people who built lots of it in the first place is unimaginable i.e. Britain's railways and many roads were built to make money, but we are now (I'd argue) so risk adverse and allergic to prices being allowed to signal anything that we would never actually allow this to happen now.
[0] - https://portswigger.net/daily-swig/vlc-patches-critical-flaw...
20 years ago I gave Dries the domain Drupal.com for free to support open source.
I recently gave the domain MrBeast.org to Beast Philanthropy.
But more important than Open Source is Freedom. I recently acquired the domain antifascist.org to fight the rise of fascism. This will be a website to share information on protecting your loved ones - it will be open source in that everyone can contribute.
I welcome anyone that wants to help - send an email or use the contact form on the website.
Where?
https://www.england.nhs.uk/digitaltechnology/open-source/
If you're technical and curious, I'm currently porting the UK NHS design system from Nunjucks to more implementations, including vanilla HTML CSS TypeScript, and my personal favorite Svelte Tailwind Daisy UI. Claude Code is churning on it right now.
https://github.com/joelparkerhenderson/public-good-design-sy...
AMA. And we're hiring. Feel free to message me.
https://www.sovereign.tech/ https://nlnet.nl/
This allows the marketplace to determine which project get supported rather than bureaucratic decree.
Still, most of these genius engineers likely don’t care much about such a small sum. They earn the honor and move on, while the charitable benefits flow to those who can monetize the software.
https://opensourcedefinition.org/
https://github.com/fossjobs/fossjobs/wiki/resources