Session: There’s no Sustainability Problem in FOSS. Except that there is.

The community seems to be rife with conversations about our sustainability problems. Do we actually have one? We’ll lead a discussion and debate around how we as a community can think about these issues, while drawing out the nuanced aspects of each as well as their potential solutions.

When something like left-pad or event-stream happens, how much responsibility should be taken on by companies who deployed a dependency that was critical enough to their operations that removing it created immediate crisis, but not well supported or understood enough that there was any kind of mitigation strategy or backup plan?

And yet, when you look at OpenSSL, curl, and other pieces of open source infrastructure that live in our dependency chains, there are many examples of projects that are important enough to be critical, but are under-resourced to the point that maintainers are having to make quality-of-life tradeoffs to stay on top of the project. We are responsible for ensuring that our shared dependencies are sustainably developed. But who is holding us accountable?

If a maintainer is driving themselves to burnout because they are supporting too many of their open source projects, don’t they bear some responsibility for that choice?

But how are we supposed to untangle which of the thousands of dependencies that we use are in most need of support – and what kind of support they prefer?

Is there a sustainability problem in FOSS after all?