If you’re already aware of the issues that the open source community is facing, feel free to skip to my proposed solution.

Open source projects frequently face a “silent crisis” where critical software is abandoned, or “goes end-of-life” (EOL), because maintainers become burned out by the overwhelming demands of unpaid labor, security vulnerabilities, and, more recently, a flood of AI-generated spam pull requests.

Examples of FOSS projects impacted by Burnout

Here are notable open-source projects that have shut down, been archived, or faced severe disruption due to maintainer overload:

• Ingress NGINX (November 2025)

  Status: Retiring (no security patches after March 2026).

  Reason: Despite being one of the most popular Kubernetes components, it was maintained by only a few people working on their free time. In the two years this concern has been publicized, almost nobody has stepped up to help.

  Source: https://www.theregister.com/2025/12/02/ingress_nginx_opinion/

• FFmpeg (Fall 2025)

  Status: Pissed off at Google & https://x.com/theo (Twitch Creator?)

  Reason: Another piece of critical open-source infrastructure, FFmpeg regularly gets bug reports & feature requests by corporate users who are unwilling to contribute in a meaningful way.

  Source: The conversation on Twitter ending with

  

  Theo - t3.gg@theo

  @FFmpeg You clearly have no idea how much of my history was in ffmpeg. I built a ton of early twitch infra on top of yall. I’m not talking out of my ass. I’m complaining that a valuable piece of software can’t even play a fucking video recorded on an iPhone because “v4 soon”

  6:49 PM · Aug 4, 2025 · 202K Views

  ---

  29 Replies · 9 Reposts · 996 Likes

  Also, https://news.ycombinator.com/item?id=45891016

• External Secrets Operator (November 2025)

  Status: Froze all updates. (Has since resumed releases - Excellent example of how systems can evolve through moments of crisis)

  Reason: Four main maintainers burned out simultaneously, leaving only one active contributor. This occurred despite the project having corporate sponsors, highlighting that “money doesn’t write code” when the human team is exhausted.

  Source: https://github.com/external-secrets/external-secrets/issues/5084

• XZ Utils (September 2024 - near-shutdown)

  Status: Almost entirely taken over by malicious actors.

  Reason: The original maintainer, Lasse Collin, suffered from severe burnout and mental health issues, reducing his ability to care for the project. Malicious actors, under the name Jia Tan, exploited this, using fake accounts to pressure him, eventually gaining trust and commit access to insert a backdoor.

  Source: https://news.ycombinator.com/item?id=39891607

• Node-pre-gyp (May 2022)

  Status: Maintained in a “limbo” state for nearly two years.

  Reason: Primary maintainer Dane Springmeyer announced he was stepping down after nearly a decade of handling this critical tool in the Node.js ecosystem, causing a backlog of unresolved issues and security concerns.

  Source: https://github.com/mapbox/node-pre-gyp/issues/657

• Faker.js (January 2022)

  Status: Deliberately corrupted by the author.

  Reason: Author Marak Squires broke his own library and replaced it with a message saying “Pay me” after growing tired of maintaining a widely used library for free, used by Fortune 500 companies.

  Source: https://news.ycombinator.com/item?id=29863672

• Spree (2014)

  Status: Abandoned by its original, sole maintainer.

  Reason: Ryan Bigg, the sole maintainer of the e-commerce project used by major companies, found the daily demands “insurmountable” and affecting his mental health, leading him to stop maintaining it.

  Source: https://archive.is/vQds4

Examples of FOSS projects impacted by AI Slop

Several major open-source projects have taken action against a deluge of low-quality, AI-generated contributions—often referred to as “AI slop”—that have overwhelmed maintainers with fake bug reports and, in some cases, paused external contributions.

Here are the projects identified as having taken, or considering, such actions:

• curl: Lead maintainer Daniel Stenberg announced the winding down of the project’s bug bounty program in January 2026 to combat a “torrent of AI slop” and, specifically, to remove the incentive for submitting “crap, non-well researched reports”. The project was receiving multiple, often inaccurate, AI-generated reports daily.

  Source: https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/

• Tldraw: This project paused external contributions in January 2026, explicitly citing issues with AI-generated spam and low-quality PRs.

  Source: https://news.ycombinator.com/item?id=46641042

• QEMU: This virtualization project adopted a formal policy in 2025 to reject all AI-generated code contributions. The decision was driven by legal concerns as AI-generated code may not satisfy the copyright and licensing requirements needed for official inclusion.

  Source: https://shujisado.org/2025/07/02/how-can-open-source-projects-accept-ai-generated-code-lessons-from-qemus-ban-policy/

• Ghostty: In January 2026, the terminal emulator banned all unattributed AI contributions. Under its updated policy, “drive-by” AI PRs are closed without review, and users submitting poor AI-generated content face permanent bans.

  Source: https://news.ycombinator.com/item?id=46730504

• LLVM: Similar to curl, this project reported being forced to wade through an increasing amount of AI-generated junk to find legitimate contributions.

  Source: https://news.ycombinator.com/item?id=46440833

Why the FOSS community is under attack

The FOSS community grew organically out of a small group of professionals & academics, starting way back before the internet even existed (Actually, I don’t have evidence of this. I know internet was developed in the early 1970’s as ARPAnet & I assume that source code was freely shared even before then.)

In a small group, social norms can be enforced through social means.

So the FOSS community was able to develop a very idealistic set of social expectations, where there was no need for gatekeepers & contributions could be reimbursed through recognition alone.

As the technical community scaled & diluted into popular culture (& as open-source projects became the backbone of corporate products), the need for gatekeepers (project maintainers) increased while the reward for gatekeeping plummeted.

Up until the invention of LLMs, this remained almost manageable: many maintainers found ways to be reimbursed for their subject matter expertise in a manner that they found acceptable. However, in cases where the emotional rewards were not actually adequate or the demands made were just entirely too high, burnout occurred.

LLMs make this situation much, much worse by massively increasing demands for support as well as reviews of pull requests & bug reports, while also seizing the attention economy that reimbursed many maintainers financially.

My Proposed Solution

A universally accepted unit of value measurement: Money.

Without a quantifiable unit of value, there can’t be any enforcement of economic exchange. You can’t regulate demand by increasing prices & you can’t ensure that maintainers receive the rewards for their efforts that keep burnout at bay.

The cause of AI slop spam & corporations parasitically relying on open source is both due to a lack of economic enforcement.

Enforce that value of maintainers’ time & effort must be demonstrated & these issues will vanish almost instantly.

Answers to Expected Questions

• Q: What about those brilliant, but indigent students trying to gain recognition through their first PR? Or security vulnerability reports, which we seek to financially incentivize?
  A: Enable people to gamble on whether a PR or security vulnerability is worth reviewing. This is the perfect problem for a prediction market. Bug report rewards may need to be slightly increased to balance out increased cost of submission.

• Q: What about when we get too many security vulnerability reports, like FFmpeg was receiving from Google?
  A: A crowd-sourced bounty system would help maintainers determine what the user community believes should be prioritized.

• Q: Will financial reimbursement for open source contributions complicate my taxes or government benefits?
  A: Use a system that enables your contribution reward to be redirected to the nonprofit of your choice.

• Q: What alternatives are there to money?
  A: https://github.com/hanzili/slopscore has some good ideas for identifying spam based off of user metrics, but I’m not aware of solid alternatives for resisting burnout or corporate parasites.

• Q: Does an implementation for any of this exist yet?
  A: I have a fledgling repository here for proof of concept & dogfooding. Other similar projects I found included Gov4Git, which focuses more on consensus mechanisms, & DRIPS, which focuses more on sponsorship (although their Ethereum infrastructure could be very useful)

That’s all I got. Thanks for coming to my TED talk.

Oh, and I’m looking for work as a systems designer. You can check my resume for implementation details that I’m familiar with, but I’m confident I can learn any language or framework. I’m particularly interested in improving human organization through performance metric & incentive modification.