Sudo Developer Seeks Financial Support: The Open Source Sustainability Crisis
Hello HaWkers, news that should make all developers reflect: Todd Miller, the maintainer of the sudo command - one of the most fundamental tools in the Linux ecosystem - is seeking financial support after more than 30 years of practically volunteer work.
How many times have you typed sudo without thinking about the person who keeps this software running? Let's understand the dimension of this problem and what it reveals about open source sustainability.
What Is Sudo and Why It Matters
sudo (superuser do) is one of the most used commands on Unix-like systems. It allows users to execute commands with another user's privileges, typically root.
Impressive Numbers
- Installed on virtually 100% of Linux servers
- Used on billions of devices (servers, IoT, containers)
- Critical part of system security chain
- Primarily maintained by a single person for 30+ years
- Current funding: practically non-existent
Context: Companies like Google, Amazon, Microsoft, and Meta depend on sudo in their infrastructure, but the main developer essentially works for free.
Todd Miller's Story
Todd Miller took over sudo maintenance in 1994, when he was an undergraduate student. Since then, he has:
Contributions Over the Years
Fixed hundreds of security vulnerabilities that could have compromised millions of servers
Added modern features like detailed logging, plugins, and advanced authentication support
Maintained compatibility across dozens of different operating systems
Responded to bug reports from developers worldwide
Extensively documented a critical security tool
The Sustainability Crisis
The sudo case is not isolated. It reflects a systemic problem in the open source ecosystem.
Other Concerning Examples
| Project | Importance | Situation |
|---|---|---|
| curl | Data transfer on 10B+ devices | Maintained by 1 person |
| OpenSSL | Internet cryptography | Minimal team |
| core-js | Used by 90% of websites | Maintainer needed donations |
| Log4j | Universal Java logging | Critical vulnerability in 2021 |
| left-pad | Dependency of thousands of packages | Removed and broke the internet |
💡 Reflection: Large tech companies build trillion-dollar businesses on software maintained by volunteers who struggle to pay their bills.
Why This Happens
The open source sustainability crisis has deep roots.
Structural Factors
"Free" Culture:
- Open source software is seen as "free"
- Companies assume someone will always maintain it
- Little culture of financial retribution
Value Asymmetry:
- Value generated: trillions of dollars
- Value captured by maintainers: practically zero
- Companies externalize maintenance costs
Invisibility:
- Users don't know who maintains their dependencies
- Success is silent (software works)
- Attention only comes when there are problems
Fragmentation:
- Thousands of projects, each with few maintainers
- Difficult to aggregate funding
- Support mechanisms still immature
Solutions in Development
The community and industry are starting to react.
Funding Initiatives
GitHub Sponsors:
- Allows direct donations to maintainers
- Growing adoption but still insufficient
- GitHub doesn't charge fees
Open Source Collective:
- Fiscal organization for open source projects
- Facilitates donations and contracts
- Financial transparency
Tidelift:
- Subscription model for companies
- Distributes funds to dependency maintainers
- Focus on security and maintenance
Foundations:
- Linux Foundation
- Apache Foundation
- CNCF
// Example: Checking critical dependencies in your project
// Use tools to identify projects that need support
const analyzeOSSRisk = async (projectPath) => {
const dependencies = await getDependencies(projectPath);
const criticalDeps = dependencies.filter(dep => {
return (
dep.downloads > 1000000 && // Highly used
dep.maintainers <= 2 && // Few maintainers
dep.funding === null // No funding
);
});
console.log('Critical dependencies without support:');
criticalDeps.forEach(dep => {
console.log(`- ${dep.name}: ${dep.maintainers} maintainer(s)`);
console.log(` Downloads/week: ${dep.downloads}`);
console.log(` Sponsor: ${dep.sponsorUrl || 'None'}`);
});
return criticalDeps;
};What Developers Can Do
As technology professionals, we have an important role in this issue.
Practical Actions
Individual:
- Donate to projects you use regularly ($5-10/month makes a difference)
- Contribute with code, documentation, or issue triage
- Spread awareness about critical projects' situation
- Consider being a maintainer of projects you use
As a Company:
- Include budget for open source support
- Sponsor maintainers of critical dependencies
- Allow employees to contribute during work hours
- Use services like Tidelift for professional support
As a Community:
- Pressure employers to support open source
- Value and recognize maintainers' work
- Educate about the software value chain
- Support public policies for development
The Risk of Inaction
If we don't solve this problem, the consequences can be severe.
Concerning Scenarios
Maintainer Burnout: Abandoned projects, unfixed vulnerabilities
Supply Chain Attacks: Bad actors buying or compromising abandoned projects
Fragmentation: Forking of critical projects, incompatibility, chaos
Forced Commercialization: Projects closing to survive financially
Loss of Innovation: Fewer people willing to create open source projects
Lessons For Career Developers
The sudo case brings important reflections for your career.
Points of Attention
Value vs Compensation:
- Creating value doesn't guarantee capturing value
- Open source is great for portfolio, but rarely pays bills
- Balance open source contributions with paid work
Personal Sustainability:
- Don't overburden yourself with volunteer maintenance
- Set clear dedication limits
- Seek ways to monetize if possible
Networking and Recognition:
- Open source contributions open doors
- But recognition doesn't pay rent
- Use as leverage for paid opportunities
Conclusion
Todd Miller's case and sudo is an urgent warning about open source ecosystem sustainability. Billions of dollars in tech infrastructure depend on individuals who work practically for free, and this is not sustainable.
As developers, we have the responsibility to support the projects we use and to pressure the industry for structural changes. The future of open source - and the internet itself - depends on it.
If you want to better understand how the technology market is evolving and how to position yourself, I recommend checking out the article The Junior Developer Crisis where you'll discover how to navigate job market changes.