A report on burnout in open source software communities (2025) [pdf] (opens in new tab)

Github stars are such a terrible metric, completely gameable. The facy it is taken seriously appalls me.

>Its so easy to fake these nowdays.

What do you mean? Do you mean that automated agents will needlessly download your code for no reason to bump up your numbers? Or do you mean that you can't compare your own project to other ones because they might be faked?

Why did you need to show impact? Was it for internal budgeting?

People can't go into OSS projects expecting anyone will care as much as they do. In general, only a few applications become popular enough to remain in active self-sustaining maintenance a decade later.

The real question, is if a project is "worth it" for your own fun. =3

I'm sorry to hear about your experiences. I find it hard enough to deal with pushy people who have mismatched expectations (and yes, I'm not proud of it but at times I have been an entitled user.) I don't think what you're describing is limited to open source software though. Any time you make yourself available to the general population you're going to attract the full spectrum of human behavior. I guess the trick is to not make your project a honeypot for the debilitating stuff.

> I've learned to draw much stricter boundaries.

Could you elaborate on what has worked for you?

I imagine people who work in customer service have strategies too.

Unfortunately, a lot of this behavior is very common in online communities generally. Addicts or mentally ill folk with no outlet offline take it online to some authority member in the community, or really anyone who will spare them a second… the things this leads to can be absolutely insane. Sad all-around.

It's an unfortunate reality of giving things away for free - it reduces respect and attracts the wrong kind of people.

Echos a well known pattern in consulting that higher-paying clients cause less headaches than lower-paying ones.

Well this just made me feel a whole lot better (similar experience, though not as hardcore). Good lord.

I wonder if the distribution of Weirdly Entitled users is higher in some groups vs others?

ie JS/Node seems to attract more newbie users, so I wonder if that correlates with higher incidents of this

That's with the thought that maybe it's newbie users mostly being that source.

You just have to stand your ground. This is true for anyone in any leadership position, whether you run an open-source project, a business, or anywhere else. Don't be a pushover.

Just open any topic around systemd or Wayland here and see just how insanely unhinged people get at abusing OSS developers.

At this time the amount of toxic bile spewed at the OSS project I work on outpaces any good coverage by about 2:1.

There are other awful oss things out there too that I won't share because they would dox me.

I agree the key is boundaries. You will not be famous with them but you will enjoy your hobby and have a greater chance of forming real connections with them.

Once chat bots started yelling at me to update my repos, or submitting trash PRS, I made a new rule for myself. If someone wants a change I will let them make a pr and will read it when I want too.

So sorry to the million dollar teams making tens of million off my work but won't hire me for a job but my life is way more important no matter how much you yell.

This is awful.

I'd shut the project(s) down after a fraction of that. Karens can keep developing it themselves.

Oh man. So sorry.

Entitled maintainers are much worse. One such maintainer will stagnate the whole project, one such user is just blocked or ignored. Nobody cares

Allow me to auto-translate my comment which initially was a response to "How can an ordinary developer get involved in the open source community, and is it worth it?" article (in Russian), because it describes how these different social expectations arise from the start.

It's very long and poorly structured, but it's valuable from my standpint. Don't read if you value your time.

---

Your article only covers the most well-known, largest, and established projects that meet both the technical definition of open source (open source code, under a free license) and the social definition (code is publicly available to everyone, free of charge, with both bug fixes and simple bug reports encouraged), and are also economically attractive to businesses (more on that later). There may be a couple of hundred such successful projects. A drop in the ocean of open source.

From my experience, I believe that the lack of mention of this distinction between technical and social open source is the main cause of disagreements, disputes, and, ultimately, burnout due to misaligned social expectations.

---

FFmpeg vs. AWS (spoiler)

https://x.com/FFmpeg/status/2024934828961923514

This can even be seen in your screenshot of AWS vs. FFmpeg in the article: the author of the FFmpeg Twitter account repeatedly believes that corporations owe something since they use open source code, even though the license doesn't obligate them to do so. Moreover, when Google launched its fuzzing program (objectively the most advanced in the industry), which automatically identifies and reports security issues (which is a significant contribution in itself), FFmpeg wanted not just code fixes but also Google to pay them for the maintainers' time!

We came up with LICENSE.md, but we didn't think of SOCIAL.md.

---

In other words, it's a digital version of the tragedy of the commons, in which the cycle repeats itself from project to project:

* Initially, some technical open-source software is created, under a free license, to solve a specific problem, either for oneself or for a limited number of people.

* First, a few users appear, saying it would be nice to have such-and-such a feature—the authors implement it, since it's not that difficult and generally useful.

* Then, as users grow, handling their requests becomes tedious—often, features are offered that the author will never use, or support for a platform requires a significant amount of code that the author isn't interested in, and they can't test the software on.

* The worst thing is when the software becomes popular (especially if it works reliably and is unique in its kind) and some other large project starts using it. Congratulations, your project is now a public good. In a single day, the burden of social responsibility for any bug or security issue falls on the shoulders of the author/maintainer, because it now affects not only the initial limited user base, but potentially millions of users of other software that relies on both your code and you directly.

Until the final stage, you could sit down, think, and determine what exactly you're doing, and take steps to prevent this or that scenario (or, conversely, develop deliberately toward that scenario). But once that happens, it's too late to do anything. You've effectively become a provider of social software, with all its advantages and disadvantages, and it will be very psychologically scary to say "no" to people and somehow get out of this situation in the short term.

FFmpeg, for example, still refuses to recognize itself as social software, despite being used by hundreds of large projects and being the default distribution on desktop Linux systems.

---

How is this expressed? (spoiler)

FFmpeg's stated mission on its website is as follows:

FFmpeg is the leading multimedia framework, capable of decode, encode, transcode, mux, demux, stream, filter, and play pretty much anything humans and machines have created. It supports the most obscure ancient formats to the cutting edge. It doesn't matter if they were designed by some standards committee, the community, or a corporation.

This conflicts with the security needs of a wide range of users: the more multimedia formats supported, the wider the attack vectors available for users of any software that uses ffmpeg: video players, browsers, instant messengers, preview generators, etc. A security flaw in an old codec could lead to browser compromise if a user simply visits a page with a malicious video.

This isn't a hypothetical danger—errors in file format demuxers and multimedia codecs are among the most commonly exploited. Here's a very recent example (Dolby decoder on Android), and here's a more high-profile and complex one (JBIG2 to PDF on iOS/macOS).

It's assumed that programmers in third-party projects using the library have sufficient knowledge to correctly and securely configure the library in their software, as FFmpeg's primary goal is to ensure playback of a wide range of files, not to address the needs of developers who use the library as a dependency or the end users of that third-party software.

According to the ffmpeg Twitter account, its use on AWS isn't a sign of the library's success or quality, something to be proud of, but rather a significant psychological burden for the project, as the company provides neither funding nor human resources. One can only expect even more tickets in the event of problems, and a lack of fixes for bugs, which Amazon fixes only internally, rather than contributing back to the project.

---

If a project doesn't have any obvious distinguishing features that indicate it's not social, it's assumed to be so by default.

If a project is on GitHub, has a readme and an issues section, the average user or programmer will assume the author is writing for people, for society, for everyone around them, interested in developing the project, adding new features (especially those I need), and improving it in every way for the benefit of all users. After all, if that's not the case, why even publish it?

I used to have to explain the problem and the difference to an outraged public, but recently I came across an article by Jeffrey Paul https://sneak.berlin/20250720/the-agpl-is-nonfree/ comparing open-source code to a gift! My explanation boiled down to:

"Don't like the gift, it doesn't suit you? Throw it out and forget it!"

Money.

If you're making something that doesn't feel like a product (for example, a library that solves a specific problem that a non-programmer wouldn't be able to use, or even need), it would be a great success to get anything at all.

Have you ever considered donating (money, improved documentation, or code fixes) to such widely used and significant projects as glibc (a C library), FriBidi (a library for working with right-to-left scripts: Arabic/Hebrew), or libusb (a cross-platform low-level library for working with USB devices)?

Each of these libraries is extremely popular and has a user base of billions of devices. They're usually the ones people think about when something isn't working.

When I read articles like this one (remember the title: "How Can an Ordinary Developer Get Into Open Source and Is It Worth It?" The examples include free products created by corporations, or commercial products initially oriented toward open source, but open source), and I always wonder: what does open source even mean to the author? It seems to me that today it's analogous to an "open source business," with a hierarchy a la the cream of society (whom we'll be writing about, where it's prestigious to contribute your code) and some homeless people with their libraries at the bottom, who aren't even worth touching.

>>(quote from the article) I personally met someone who dragged out a PR for a week because he didn't understand what a CLA was or how to sign it.

Do you understand what a CLA is? Perhaps you should explain it to the reader, otherwise they might not want to contribute to such a project after the explanation? Perhaps the idea of transferring their copyrights to a corporation isn't appealing to them at all? Or maybe there's a code maintenance obligation for X years, and they're not even aware of it?

The presence of a CLA, if it mentions transfer of rights, usually means that for once, it's safe to shift responsibility for solving your problem to the maintainers by creating an issue, rather than digging around in the code. People won't complain, because they're working on the project for money and that's their job!

> when you give away your work and time for free

> I gave away ... the reward was

You're expecting a reward for your charitable work. A grocer faces its own hardship too (the late night alcoholic who trashes one of your aisle), but it's made bearable by the flow of income this provides.

Get paid. Like seriously. At least make the companies pay. You seem to be in exceptionnally successful with your project and well connected, why not try to start a kind of open-source consortium with other maintainers and companies to try to get some momentum into normalizing the fact companies should pay for the libraries they use. Surely, any company can throw 10k a year into open source projects, there must be a solution that doesn't leave people like you disgruntled.

> The suggestion that paying OSS maintainers is a solution really misses some major issues.

As a maintainer, the biggest major issue is that I don't want their money.

It does lead to the question will opensource self developing code bases become a thing. I.e. agents that get bug reports, features change requests, etc and then implement them all open to the public. Perhaps with some human guidance. What would this do to OSS?

> Once money is distributed, scams will appear pretending to be a worthy OSS project

That's not how it works. Rather, very nice people will insert themselves into already established projects and start siphoning the money to themselves, their friends, their businesses and so forth. You have a problem with that? Then you are toxic and probably several different "-ist", and should be removed from contributing.

The xz utils issue very likely included intentional efforts on the state actor to burn them out. That isn't something a culture change among users can fix.

> In the real world, this happens if someone has planted a tree in their garden and people like how it looks, then when they want to cut it down, "the community" would like an opinion.

I wouldn't actually put this forward as an argument for the concept of "community ownership", but I will point out that there are many circumstances where the ownership of trees on your yard is actually significantly decided by the community you live in. Whether that's your HOA, or city regulations, or tree law, what you do on your own personal property is often not just your own isolated thing.

It's more whether one allows oneself to be taken advantage of or not. Only a vocal minority take that stance, others would just be disappointed if it went away.

I like the approach ngrok took - made a v1 that remained open source, but once realized it had high demand, built v2 closed as a paid service.

Another approach is to offer professional services around it.

Basically it's very optional to accept the attitude of others that you should provide them value for free.

>I think this whole idea of "if you make something nice that other people like, you are obligated to serve people forever" is totally bogus.

Personal opinion, I think western society at large has a ton of brain rot. People are increasingly falling onto monkey instincts. They'll gaslight you to death that you owe it to help but then try to almost murder you if you don't.

OSS has gone off the rails recently. There’s a project under the Apache Software Foundation—I forget which—that is essentially a byproduct of the operations of a Chinese beverage company. That’s more like what I remember.

We’re talking about code that users can modify themselves to solve their own problems. That’s it. I don’t need to hear about the struggle.