or, “Holy shit, it works!”
Last May I left my job on the Go team at Google to experiment with more sustainable paths for open-source maintainers. I held on to my various maintainer hats (Go cryptography, transparency tooling, age, mkcert, yubikey-agent…), iterated on the model since September, and I’m happy to report that I am now a full-time independent open-source maintainer. That means I spend most of my time on maintenance, and I offer retainers to companies that benefit from my work and from access to my planning and my expertise. I now have six amazing clients, and I’m making an amount of money equivalent to my Google total compensation package, which proves the thesis that it’s possible to be a professional maintainer earning rates competitive with the adjacent market for senior software engineers.
For this first client cohort, I focused on companies that already understand open source, that work in fields adjacent to mine, and that I could reach through my network. My first client, who believed in the project before I even had a prospectus or contract tiers, is Glasklar Teknik AB, a new sister company to Mullvad VPN. Glasklar funds the development of Sigsum, an open-source public transparency log designed to produce offline-verifiable proofs, that came out of system transparency research by Mullvad. I’ve been working on Sigsum and on a framework and ecosystem of compatible and aligned open-source transparency tooling, and the collaboration has been great. In the order they joined, then came: Protocol Labs, who maintains IPFS and Filecoin, and whose R&D team produces excellent research on zero knowledge proofs and cryptography; Latacora, a retained security team for startups, who amongst other things makes resources such as myself available to their clients; the Interchain Foundation, themselves the stewards of the development of the open-source Cosmos SDK, a large critical Go+cryptography project; Smallstep, who provides easy-to-use PKI and Zero Trust tools (largely written in Go!) to manage human and machine identities; and Tailscale, a mesh VPN that feels like magic, with a passion for JSON, SQLite, and Go.
I’m sharing details about my progress to hopefully popularize the model, and eventually help other maintainers adopt it, although I’m not quite ready to recommend anyone else drop everything to try this just yet.
This experiment started from the observation that despite being critical for the functioning of the Internet—and, by extension, the economy—the role of open-source maintainer has not yet found a sustainable manifestation. Virtually all maintainers are either volunteers or full-time employees of large companies. Foundations on average don’t pay maintainers. A few projects manage to fundraise by selling support contracts or getting feature-scoped sponsorships.
All these models fail to align incentives with those of the project. Volunteerism is self-evidently not sustainable, as people’s life circumstances change. Full-time corporate employment scales poorly over time and especially when the project succeeds. Support contracts take significant time away from the actual maintenance work. Feature-scoped sponsorships reward increasin
