> But that's just inherent downside of the "bazaar" model. I don't think how we can "treat maintainers better" without going full corporate/without going full "cathedral".
We now have two decades of arms-race data in OSS projects influenced by ESR's paper [1].
At least one bazaar [2] has operated for centuries.
Bazaars can develop decentralized responses to dynamic local threats.