Tidelift has published the results of a survey of over 400 open source maintainers. The most interesting findings are:
- 60% of open source project maintainers do not receive payment for their work on maintaining projects, while 14% of them consider this activity to be a hobby and are not interested in receiving money for it, while 44% would not mind receiving funding. For 24% of maintainers, part of their income is related to this work, and for 12%, maintenance is related to their main income. 24% are paid in the form of a salary from their employer, and 32% receive funds from third-party organizations or individuals (in 25% of cases, these are donations through platforms such as GitHub Sponsors, Open Collective and Patreon, 5% are direct transfers and 3% are funded by foundations). Paid maintainers have assistants in 74% of cases, while those who are not paid have assistants in 39% of cases.
- Maintainers spend 11% of their time on security-related tasks (up from 2021% in 4), 50% (up from 2021% in 53) on routine work, and 35% (up from 2021% in 25) on developing new features. Paid maintainers spend 13% of their time on security-related tasks, while unpaid maintainers spend 10%.
- 71% (76% paid and 68% unpaid) of maintainers use two-factor authentication, 65% (75% / 59%) use static code analysis tools, 60% (70% / 54%) create patches to eliminate vulnerabilities, 36% (50% / 28%) digitally sign releases, 29% (37% / 23%) use secure build tools.
- Maintenance practices used: 53% (51% of unpaid) - repeatable or verifiable builds, 46% (34%) - backward compatibility policies, 40% (24%) - formal dependency management process, 37% (33%) - code review by multiple contributors.
- Documentation in projects: 93% document the license, 76% document release notes and upgrade guidelines, 61% provide contributor guidelines, 53% create a code of conduct, 17% document conflict resolution policies, and 13% have a plan in case a maintainer leaves the project.
- 48% of maintainers feel undervalued. 38% are considering leaving their maintainer position.
- After the xz backdoor incident, 66% of respondents began to trust pull requests from non-maintainers less, and 37% began to trust co-maintainers less.
- 31% (9% - extremely positive, 22% - moderately positive) of respondents positively assess the impact of AI tools for writing code, 45% (23% - extremely negative, 22% - moderately negative) - negative, 24% - neutral.
- 27% of respondents would most likely not review and accept changes prepared by AI tools into the project, 37% would possibly not accept such changes. Only 3% (more likely) and 6% (possibly) expressed readiness to accept changes from AI.
- 45% of respondents do not use AI development tools and do not plan to use them in the future, 6% do not use them now, but plan to start using them in the future, 15% use them more than once a day, 13% use them more than once a week, 20% use them less than once a week. The proportion of maintainers who use AI tools at least occasionally: 71% are under 26, 58% are 26-35 years old, 39% are 36-45 years old, 42% are over 45 years old.
- 45% of respondents have been providing support for more than 10 years, 24% - 6-10 years, 23% - 2-5 years, 7% - 1-2 years, 2% - less than a year.
- 48% of maintainers live in Europe, 38% in North America, 8% in Asia (in 2021, 24% of maintainers were from Asia, 35% from Europe, and 35% from North America).
- There is an increase in the age of maintainers - compared to 2021, the number of maintainers in the 46-65 age category has doubled (in 2021, such maintainers were 11%, in 2023 - 27%, and in 2024 - 21%). The number of maintainers under 26 years old decreased from 25% in 2021 to 12% in 2023 and 10% in 2024.
Source: opennet.ru
