Open Source
Funding OSS
HashiCorp changed Terraform's license from open to BSL - and the community forked the project within 24 hours, creating OpenTofu. Why does this happen? How do OSS projects get funded, and what goes wrong?
- Evan You (Vue.js) earns $170,000+/year through GitHub Sponsors - one of the rare few who can work on OSS full-time
- webpack receives $40,000+/year via Open Collective - pays maintainers an hourly rate for specific tasks
- Sovereign Tech Fund (Germany) funded curl for $150,000 - curl runs on essentially every internet-connected device
- OpenSSL received critical funding only after Heartbleed 2014 - until the vulnerability went public, the budget was $2,000/year
Monetization models: dual licensing and open core
**The sustainability problem:** most OSS projects are held together by a handful of burned-out maintainers working for free. When that breaks down - projects get abandoned, or worse, relicensed. There are a few sustainable models.
**OpenTofu vs Terraform:** when HashiCorp changed the license, the Linux Foundation created the OpenTofu fork in 24 hours. This shows the power of communities: if a project is important enough, a license conflict equals a fork. That's why relicensing is such a radical move.
Elastic changed Elasticsearch's license from Apache 2.0 to the Elastic License. AWS responded by creating OpenSearch. What was Elastic's primary motivation?
Direct funding: Sponsors, Open Collective, Tidelift
Direct funding is when users and companies pay maintainers directly. Several platforms make this easier.
**Vue.js real numbers:** Evan You earns ~$170,000/year via Patreon + GitHub Sponsors and works on Vue full-time. This is the exception - most popular projects (Babel, webpack) receive $20,000–50,000/year split across several maintainers.
How does Open Collective differ from GitHub Sponsors for an OSS project?
Corporate sponsorship and grants
The largest OSS projects are funded by corporations - not out of altruism, but because depending on unmaintained code creates business risk. Google, Meta, and Microsoft pay full-time engineers to work on OSS.
**Corporate control is a risk:** when a company funds a project with full-time engineers, it gains influence over the roadmap. Node.js was forked as io.js in 2014 due to conflict with Joyent. Kubernetes moved to CNCF to reduce Google's dominance. A neutral foundation lowers this risk.
Why did Google donate Kubernetes to CNCF instead of keeping it under Google's control?
Key takeaways
- Dual licensing: free under AGPL, paid under commercial - protection from AWS-style adoption without contribution
- Open core: base functionality is OSS, enterprise features are paid - GitLab, Elasticsearch
- License changes risk forks: OpenTofu, OpenSearch - communities fork within 24 hours
- GitHub Sponsors for individuals, Open Collective for projects with transparent finances
- CNCF/Apache foundation provides neutral governance - AWS and Azure are willing to contribute
Related topics
Funding is tightly coupled to licenses - the choice of license determines the monetization model.
- Next lesson: Licenses, CLA and Compatibility — Licenses are the foundation of any OSS monetization strategy
Вопросы для размышления
- You created an open source database. AWS starts selling a managed version and earns more from your code than you do. Which license would you choose - and what are the risks of each option?
- Babel is critical infrastructure for millions of projects, yet historically received $20,000/year. Why don't companies pay for dependencies they use every single day?