Mike McQuaid has a message for open source maintainers at profitable companies:
"Stop asking permission to fix what your employer already depends on."
Open source software underpins critical infrastructure across the global economy, powering everything from public services and financial systems to energy grids, defence technologies and international organisations such as the United Nations.
Yet despite its centrality, much of that infrastructure is still maintained by small numbers of volunteers working in their spare time.
The maintainer behind the movement
McQuaid is the creator of OSS Resistance, a movement calling on engineers to contribute directly with their time because maintaining the open source infrastructure companies rely on ultimately serves those companies too. His argument is simple: if a business depends on open source software, helping maintain it is not charity — it's work.
He describes himself as living “two parallel lives”: one as a technology executive and the other as the long-time project leader of Homebrew, the open source package manager used widely across macOS and Linux systems.
“Homebrew is relied on by huge numbers of people, but it’s still run entirely by volunteers.
We have some money coming in, but it’s that awkward middle stage where there’s too much for stickers and not enough to actually pay someone a salary to work on it full-time.”
Keep contributing on company time
The idea behind OSS Resistance emerged partly from his experience at GitHub, where he helped drive initiatives such as Open Source Friday and GitHub Sponsors.
But while those programmes encouraged contribution, they still framed open source work as something employees needed permission to do.
“For years, my own attitude was basically: I’m going to do this during work hours until someone tells me not to. And nobody ever did.
“As long as the work got done, nobody cared.”
McQuaid argues that many maintainers already quietly spend part of their working day contributing to projects their employers depend on — and that this is both rational and sustainable.
“There’s always some amount of bandwidth and slack in the system,” he says.
“People might check TikTok, text friends or browse Amazon during downtime — or they could answer an open source pull request.”
For him, the larger issue is burnout. Once maintainers have families and full-time jobs, the expectation that they should continue performing unpaid maintenance work deep into the evenings becomes increasingly unrealistic.
The strategic importance of open source software
The consequences extend far beyond developer communities. As governments, militaries and critical industries become increasingly dependent on open source software, the sustainability of the ecosystem becomes a strategic concern.
For example, according to Benjamin Wolba, co-founder of the European Defense Tech Hub, open source software has become deeply embedded in modern defence systems and Ukraine’s wartime technology stack.
“Open source enables rapid iteration and deployment at a pace traditional defence struggles to match,” Wolba says.
“When development cycles are measured in days instead of decades, openness beats over-engineered, closed systems.”
He points to projects such as ArduPilot, Betaflight, YOLO and MAVLink as examples of open source technologies now embedded across modern battlefield systems.
Open Source becomes a sovereignty issue
Max Corbani, Partner at >commit, believes those pressures are only intensifying. The early-stage venture fund is built on the conviction that the next generation of global technology companies will emerge from open source. It combines ecosystem data from GitHub, package managers, container registries, Discord servers and developer forums with a network of open source founders, executives and enterprise CTOs to guide investment decisions and support portfolio companies as they scale.
Corbani argues that geopolitical, technological and regulatory forces are converging simultaneously.
“I think the pressure is only going to keep growing.”
One major driver is digital sovereignty with increasing demand for open source from companies and governments that want more ownership of their infrastructure and more digital sovereignty.
"The ability to run, adapt and control your own infrastructure independently is becoming an imperative, and open source is the only credible and realistic path to genuine sovereignty,” Corbani adds.
“You simply cannot build sovereign digital infrastructure on top of someone else’s closed platform.”
Too much dependence, too little support
At the same time, Europe continues to rely heavily on OSS while investing relatively little in the people maintaining it. Linux Foundation research found that only 28 per cent of European organisations employ full-time contributors to the open source projects they depend on, despite 81 per cent reporting high value from doing so.
Research from Germany’s Sovereign Tech Agency paints an equally fragile picture: a third of maintainers surveyed receive no payment at all for their work, while nearly three-quarters of projects are maintained by three people or fewer.
In April, the agency launched a new funding program to support maintainers who work in the field of open standards and interoperability and want to get involved with the standardisation organisations IETF, W3C, or ISO with a monthly remuneration of €4800 to €5200 for the time spent on standardisation work and committee meetings.
For McQuaid, the real shift needed is cultural rather than purely financial: maintainers establishing healthier boundaries around what they owe, to whom, and on what terms. Money can help, he says, but it is not a cure-all.
“Homebrew has a reasonable amount more money than we used to. It fixes some problems. It introduces new ones.”
Automation meets maintenance
AI is simultaneously easing and intensifying the maintenance burden.
McQuaid has already seen the benefits directly inside Homebrew.
“Our main issue tracker currently has one open issue,” he says. “A huge amount of bug-fixing work is now almost automated.”
Because Homebrew is a command-line tool with highly structured issue templates, AI systems can often reproduce, diagnose and patch problems quickly. But both interviewees stress that human oversight remains critical.
“Open source has always been built on trust — that’s its most important foundation, and no technology will change that,” Corbani says.
“AI has the potential to accelerate contribution significantly, but we still need humans willing to take accountability.”
“These tools can absolutely augment contributions and help maintain projects if they’re used wisely.
But they can also be weaponised to identify and exploit vulnerabilities faster and at a much greater scale.”
The cost of saying no
Regulation is adding yet another layer of complexity. Frameworks such as the EU Cyber Resilience Act are likely to increase expectations around security, resilience and long-term support for open source projects.
“Regulatory pressure is going to push companies to demand stronger guarantees from the open source they depend on,” Corbani says.
Yet maintainers are already struggling to keep pace.
“At Homebrew, we’ve become much more aggressive about saying no,” McQuaid says, pointing to the project’s decision to phase out Intel Mac support as Apple moves on from the architecture.
“We simply do not have the resources to support hardware the way Apple itself can.”
For both McQuaid and Corbani, the broader challenge is no longer whether open source matters but whether the ecosystem can evolve to support the people maintaining the infrastructure modern economies increasingly depend on.
If your business depends on open source infrastructure, the next contribution doesn't necessarily need to come from a sponsorship budget. It might simply come from giving your engineers permission to spend an hour fixing the software you already rely on.
Or, as OSS Resistance argues, perhaps they shouldn't need permission at all.
Would you like to write the first comment?
Login to post comments