[Arainach]

> OSS maintainer burnout is strictly a less important concern than software security,

Burnout means that no more fixes come - ever - and that things sit vulnerable until everyone relying on that tool takes the time to build and switch to a replacement.

Maintainer burnout is perhaps the single biggest threat to the ecosystem right now.

[tptacek]

That can't possibly be an argument for forbearing security vulnerabilities in software. It's an argument for prioritizing hypothetical flaws over real ones.

[Arainach]

If these flaws are so important, users of open source (business or individual) need to pay up - literally. Pay the maintainers enough to justify spending the time on these things, including the opportunity cost of not working at other software jobs during that time.

Pay each maintainer an absolute minimum of $200K a year or shut up and do the work yourself - in a fork if necessary.

[chadgpt3]

This comment should not be greyed out. I feel that we all forget this far too much. You've exaggerated it somewhat.

There is no right to demand someone does something for free, and we have gotten dependent on people doing things for free. We don't have to pay people but if we don't want to, then we have to be willing to do it ourselves. Otherwise it could go away at any moment and we have no recourse.