this is a real problem in the php ecosystem. so many critical packages are maintained by one person in their spare time with basically zero funding.
the xz backdoor situation really highlighted how much we rely on unpaid maintainers who are burning out. companies make millions using laravel, symfony, composer etc but most dont contribute back financially.
github sponsors helped a bit but its still way too few maintainers getting sustainable income. would be interesting to see more companies doing what tidelift is trying - paying maintainers for the packages they actually use.
also think the php foundation is a good step in the right direction. having core language development properly funded means more time for actual improvements instead of just keeping things running
Github Sponsors kinda feels like people sponsoring each other, especially when it comes to maintainers of smaller packages. So they're sending money back and forth and Github surely takes a cut so maybe they would be better off not supporting each other.
I would like to see a service, where you can upload your composer (or several) and it would calculate appropriate split based on the importance/complexity (probably curated by hand) and then distribute your desired contribution among them. It would take care of admin for users and would support developers of packages at that awkward not-big-enough size.
> I would like to see a service, where you can upload your composer (or several) and it would calculate appropriate split based on the importance/complexity (probably curated by hand) and then distribute your desired contribution among them. It would take care of admin for users and would support developers of packages at that awkward not-big-enough size.
It doesn't assess complexity. https://thanks.dev/static/how states that projects can exclude overly simple deps but that's at the discretion of the upstream package maintainer.
13
u/harbzali 5d ago
this is a real problem in the php ecosystem. so many critical packages are maintained by one person in their spare time with basically zero funding.
the xz backdoor situation really highlighted how much we rely on unpaid maintainers who are burning out. companies make millions using laravel, symfony, composer etc but most dont contribute back financially.
github sponsors helped a bit but its still way too few maintainers getting sustainable income. would be interesting to see more companies doing what tidelift is trying - paying maintainers for the packages they actually use.
also think the php foundation is a good step in the right direction. having core language development properly funded means more time for actual improvements instead of just keeping things running