Open Source Needs Younger Maintainers. How Can It Get Them?
There’s been talk in recent months of the “graying” of open source: the fact the maintainer community is getting older, with few younger developers to take over their projects.
The issue came to wider attention back in July at a Youth and Open Source Panel at the United Nations, when Ruth Ikegah, a project manager from Nigeria, commented, “We need more young people here because I see a lot of old people.”
However, what was being discussed as a collective hunch or feeling now has data to confirm it: the latest State of the Open Source Maintainer report from Tidelift — an organization that supports open source maintainers — shows that not only is the community getting older, there is also a lack of younger developers involved in maintaining projects.
Specifically, 45% of participants in the survey had been maintainers for 10 years or more; in contrast, only 9% were new maintainers (working on open source for no more than two years). That’s a clear indication of the problem.
The last few editions of the survey have emphasized these demographic trends, according to Chris Grams, head of marketing at Tidelift. Since the first survey in 2021, Grams told The New Stack in an email interview, maintainers reporting themselves to be in the 46 to 55, or 56 to 65 age bracket has been growing: 11% in 2021, 27% in 2023 and 21% in 2024 (the decline this year suggesting people leaving the industry).
However, he sees the numbers around younger open source maintainers as more significant: “The really interesting news was that the percentage of maintainers under 26 has dropped precipitously from 25% in our 2021 survey to 12% last year and 10% today,” he wrote. “Perhaps the maintainer community is getting older, but it is even more startling how the population of young maintainers is declining.”
There’s no doubt this is startling. So embedded is technology in our lives that it should concern everyone, not just technologists. TNS readers have likely seen the famous xkcd comic about modern software infrastructure being held up by “some random person in Nebraska.”
The open source maintainer problem, illustrated. (Source: xkcd)
The urgent question today is what happens when that Nebraskan decides to call it quits and do something else with their time and there’s no one willing to take over.
Maintainers Grapple with Greater Demands
But what exactly is driving this issue? Given open source software is now well and truly mainstream and used in almost every digital product or service, surely being a part of the community that keeps that alive should be attractive, something developers want to join?
Ironically, it’s more likely the opposite is true: it’s actually open source’s popularity that’s making participating in project maintenance so demanding.
“I think many people kind of come in for the fun part, which is writing the code, and then all of a sudden you have this sort of dopamine hit of people, other people, starting to use your code that you wrote,” Grams told TNS in a video interview.
“And you're like, ‘Wow, this is amazing; people are using my code!’ And then all of a sudden you have millions of people using it, and then you're like, ‘Wow, this is amazing, but my inbox is full.'”
The current context is more nuanced than open source simply being mainstream and more widely used. First, new waves of regulation and a trend towards greater oversight and transparency mean there are new expectations on what maintainers should fix and amend.
“Part of it is governments coming out with higher security standards that they expect packages to meet,” Grams said, adding that “organizations somehow expect that open source packages that they're literally downloading off the Internet for free are going to have the same security standards as the things that they pay their developers hundreds of thousands to create.
And that, he said, is “a mistaken assumption for a group of underpaid hobbyists.”
There’s clearly a lack of understanding or awareness from many corporations that use open source software, he suggested.
“I've seen several examples of this over the last couple of months where a maintainer has received a form from a large corporation asking them to commit to this set of things that they need in order to be compliant,” Grams noted.
Open source might today be embraced by the enterprise world, but it would appear there’s still a lack of knowledge about how these valuable — sometimes critical — tools are actually built and maintained.
Carla Gaggini, who is head of global community and events at Isovalent as well as being an ambassador for OpenUK and chair of the Cloud Native Computing Foundation’s marketing committee, has a similar view. However, she is even more critical of the way open source has been treated by businesses.
“The exploitation of open source projects has been growing during the past 15 years or so,” she said in an online interview. “It has become pretty undeniable, hence lowering the motivation to freely donate time and effort when someone else is taking advantage of that with monetary gains.”
Grams sees the issue as one that follows the pattern of the “tragedy of the commons,” a concept introduced by the late ecologist Garrett Hardin to describe what happens when groups of people have unfettered access to a given resource.
“Even if your entire business relies on open source, you look around and no one else is really paying for it, you assume somebody else is going to take care of it, and there's no incentive for you to have to do it,” Grams said. “It's the same thing with any other sort of commons, like clean air or clean clean water, right?”
Burnout and Changing Expectations
The issue is not just a question of dealing with business expectations, but also our own. “I think that nowadays there's much more awareness around mental health, burnout and self-care,” Gaggini said.
This could explain why younger software professionals are more reluctant to take on responsibility for maintaining an open source project. Indeed, with pressure inside the industry increasing and more layoffs, it makes sense that the generation of software developers that have entered the workforce in the last decade are most concerned about their security and health.
And similarly, for those who have been in the business for years, a growing sense of instability only makes it more likely that they’ll walk away from it all.
“The exploitation of open source projects has been growing during the past 15 years or so. It has become pretty undeniable, hence lowering the motivation to freely donate time and effort when someone else is taking advantage of that with monetary gains.”
—Carla Gaggini, Isovalent
Ana Jiménez Santamaría, an open source project manager at The Linux Foundation, has an interesting perspective on the expectations of younger software developers.
“Many young professionals today, myself included (speaking as a late millennial/early gen Z), seek quick results and are highly motivated by public recognition (something that open source communities already offer),” she said over email. “This immediate gratification can drive initial participation but may not sustain long-term commitment without proper incentives or support structures.”
In other words, Santamaría believes open source participation could well be attractive to a cohort of developers; there just isn’t the infrastructure to make it seem worthwhile and sustainable.
The Impact of AI on Open Source Maintainers
While individual attitudes and current industry pressures are playing a part in the graying of open source, the explosion of AI-generated code — thanks to tools like GitHub Copilot — are also having an impact on maintainers.
Grams explained how he sees it: “AI is grabbing all of this open source code and sort of incorporating it — and people are using these tools to develop code that they don't understand. So, on the developer side, it feels good; on the maintainer side, I think that's a little scarier… you're starting to get lots of pull requests from AI-generated code and things, and you’ve got to go and evaluate the quality of that stuff.”
With pressure inside the industry increasing and more layoffs, it makes sense that the generation of software developers that have entered the workforce in the last decade are more concerned about their security and health than about volunteering for unpaid labor.
The Tidelift report includes perspectives from survey participants on the impact of AI-generated code on project maintenance. “I don’t want to become the gate for reviewing tons of automatically generated pull requests,” said one. "Sounds like it would further wear me and my co-maintainers down.”
The burden on maintainers is clear, but it’s also worth considering how the generational divide might be relevant here. Stack Overflow’s 2024 Developer Survey results showed that less experienced developers are more likely to trust AI.
In turn, this opens up the possibility that code itself is being redefined: from crafted and designed, to material that can easily be spun up and thrown away when it’s not needed.
Admittedly, this might be too fatalistic and completely unfair to a whole generation of software developers (I’m sorry). But it isn’t hard to see how the consequences of such an attitude could make open source stewardship exceptionally difficult.
What Can Be Done? And Who’s Responsible?
So who is responsible for tackling this? This could be a ticking time bomb — if the industry fails to deal with the graying of open source, the consequences could be dire. “We are already seeing some concerning signs,” Santamaría said. “Widely used libraries like OpenSSL have faced issues with insufficient resources and maintainers.”
For Santamaría, mentorship and education are key. She points to initiatives like Google Summer of Code — “an excellent program that connects students with open source organizations, allowing them to contribute to real-world projects under the guidance of experienced mentors” — and open source program offices (OSPOs) in academic institutions, such as at the University of California, Santa Cruz and the Universidad Rey Juan Carlos in Madrid, as setting a great example of what can, and should, be done.
"There's not a clear set of skills and training curriculum for the skills required to be a maintainer in 2024, with all of the additional responsibilities that are put on it.”
—Chris Grams, Tidelift
She believes OSPOs should be embraced by businesses more broadly, and also suggests that InnerSource can help “by educating an open collaboration culture across business units.” This can, she added, “be a baseline to transition more easily to effective open source participation across communities.”
Grams has a similar view, believing a “formal maintainer apprenticeship” could be helpful, one that gives developers interested in maintaining an open source project the opportunity to learn the skills they need.
“Open source maintainership has traditionally been sort of an apprentice thing, where you get involved in a project and you kind of participate,” he said. But, he added, “It's not like going to computer science in college and learning a set of skills. There's no ‘be a maintainer’ curriculum in university right now, right? So I think that's the gap."
Grams detailed the problem: “There's not a clear set of skills and training curriculum for the skills required to be a maintainer in 2024, with all of the additional responsibilities that are put on it.”
A key problem — and one that Grams acknowledges — is that the open source world is currently very dependent on major players in the industry. There’s a risk that even if open source projects can thrive in the future, the independent ethos from which it originated will be lost.
One possible avenue for the future is more government intervention. This is, Santamaría noted, already happening in Spain, where she lives.
“Grants provided by the European Union for open source projects can make a substantial difference,” she wrote. “These grants serve as rewards that encourage developers to contribute and maintain projects, thereby alleviating some of the financial burdens associated with sustained involvement.”
Grams also sees government investment as part of the future. Indeed, if we really are seeing a tragedy of the commons, it certainly wouldn’t be surprising to see governments step in — that’s precisely what’s happened historically.
He told The New Stack he is particularly excited about the Sovereign Tech Fund in Germany, where the German government is actively putting money into open source projects that support critical digital infrastructure.
Transmitting the Core Values of Open Source
While these initiatives all have the potential to be powerful — maybe even transformative — they won’t necessarily solve the generation gap; there needs to be awareness, interest and engagement early on in people’s careers if they are to care about open source software in the way that earlier generations of software developers did and still do.
Santamaría told us there’s a “growing need for strong open source digital creators and advocates who can engage with the younger generation on the platforms they frequently use” on platforms like TikTok and Twitch. “Creators have the potential to build educational and engaging material that not only teaches technical skills but also transmits the core values of open source.”
This point about values is surely critical. At a time when software is becoming more and more commoditized and software development is threatened by the persistent demand to do more with less, returning to the values of independence, collaboration and open source stewardship is essential.
That doesn’t just mean stalwarts talking about the glory days of the past (although that is important). It’s about showing younger generations of developers that they are part of a tradition that has a lineage far richer than any corporate entity.
Santamaría offered a reminder that the future of open source ultimately rests in the hands and minds of younger software developers: “We need the voices of this young generation to drive the open source ecosystem forward and ensure it continues to be the cornerstone of modern software development.”
