I find that a strange question to be honest. Plenty of FOSS is well funded. Not sure what you mean with "truly", but in my worldview code that is under a license accepted by both FSF/OSI is "truly" FOSS. A lot of people work on such code and are well payed.
I totally see the problems. But it's not that nothing is happening and no solutions exist. OpenSSL moved from "mostly one overworked guy with little funding" to "stable funding from multiple parties". It did so by convincing some major internet players that they need to increase the funding of software important for running the Internet. That is one way that can work. It's not the only one.
OpenSSL moved from "mostly one overworked guy with little funding" to "stable funding from multiple parties". It did so by convincing some major internet players that they need to increase the funding of software important for running the Internet.
How about this for a metric for whether the system is broken or not: What's a good estimate for the monetary cost of the "convincing"? Just revoking all of the keys cost millions. I wonder what the cost of the malicious activity was?
You might be interested in looking at "Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure" study from 2016 [1], which basically shows, that this is a very common misconception and not true at all (and why it's dangerous to continue assuming this way).
Yes. It's basically impossible to start with a new idea as a gifted new coder in open source and survive. I speak as somebody who's making close to $700 a month (and this is exceptionally high!) on Patreon for coding: literally the only reason I can say even that, is because I ran a small business for ten years selling closed source software directly, and establishing my reputation and skills.
So in order to not really be able to sustainably survive, took a decade of successful work in the commercial sphere. I fully intend to go open source with my life work, hardcore, but I am also fully aware that doing so rules out my own survival as an economic actor, and I'm trying to sort of develop an existence as a 'youtube/media personality' that'll support a poverty-level Patreon in a consistent way. That mechanism ought to keep me from actually starving or being homeless, but it's about 'being seen making or explaining stuff', not the code, no matter how brilliant or important the code is.
FOSS is NOT about making even the poorest living, and never will be. FOSS is about the vocabulary of thought. Broadening the vocabulary of thought is crucially important to the world, and completely orthoganal to being an economic actor. To devote yourself to it means starving or burning through your resources until you're starving, and being left with nothing.
This is important to understand, because it's solvable. If creativity and FOSS is anti-money but hugely beneficial to the world, we simply need to unlink survival from money, and conclude that whatever money represents, it's not merit.
>I find that a strange question to be honest. Plenty of FOSS is well funded.
You'd be surprised. Even extremely popular projects are severely underfunded, to the point of begging for money, while being used left and right by huge enterprises...
>I totally see the problems. But it's not that nothing is happening and no solutions exist. OpenSSL moved from "mostly one overworked guy with little funding" to "stable funding from multiple parties". It did so by convincing some major internet players that they need to increase the funding of software important for running the Internet.
If it has to come to that -- convincing Facebook, Google, IBM, whoever etc --, surely there's something problematic?
I'd say OpenSSL is an example of how FOSS funding is broken. It took several major internet-wide security issues before it was stably funded. Something so foundational to the internet should never have been so little funded to start with.
I heard Google pays its employers quite well. Plenty of FOSS is developed by Google, for example large parts of Chrome.
I think Linus Torvalds gets a reasonable salary. So do many other kernel hackers - payed by all kinds of companies.
Red Hat seems to be doing well, they have plenty of people working in all kinds of FOSS projects.
I already mentioned OpenSSL.
React is developed mostly by Facebook employers. I guess Facebook pays good salaries.
Free software is in the interest of the users - not in anyone else's interest. So, if you need software and if that software isn't your competitive edge, you have an incentive to cooperate with other users (as a developer or as a client of developers) and a free software license is a way to regulate that cooperation.
Criticizing free software licenses for not providing a business model is missing the point entirely.
One-click micropayment donations via web/OS standards and/or cryptocurrency; centralized patronage sites that allot money to OSS projects based on various metrics; different licenses for assets and code, with assets only available to licensees? Some ideas.
I suspect that the first step is for to break down the problem a bit more. Large projects need full-time developers, plus other kinds of expertise, which means organizations. For the long tail of libraries and small tools, I don't think that the problem is funding, it's team-building. If lone maintainers had better ways of recruiting extra team members to help carry the load, there would be a lot less of an issue with burn-out.
