I think there's also an interesting contrast between some of these things and one of the big drivers behind "open source" software (i.e., non-copyleft, BSD-ish rather than GPL-ish) is corporations finding it an effective way to collaborate on large infrastructure projects without needing all the red tape and complexity of cooperation contracts.
That seems to be one of the large drivers behind things like LLVM, where much of the contribution is coming from a handful of corporations, and the drivers are basically, "Having a good one of these is important to our business, but having a better one than everyone else is not important to the business." Or, in some cases with things like Kubernetes, it's also "Having what we use be both good and the accepted standard is important to our business."
The question arises as to why these projects have plenty of funding and contributions, whereas some others of "immense infrastructural importance" are "chronically underfunded" (as you mention). From my perspective of working inside a large company that does a lot of FLOSS work and also has a lot of internal-only infrastructure code, I don't see a lot of difference between this and some of the internal things we have -- the issue seems to be one of lifecycles. Mature software like OpenSSL that has become solid enough to be a fundamental underpinning, and which is deep enough in the stack not to want new features, stops being something that shows up on anyone's planning radar. All the rest of the problems flow from that root, and that's a challenging one to solve.
no subject
That seems to be one of the large drivers behind things like LLVM, where much of the contribution is coming from a handful of corporations, and the drivers are basically, "Having a good one of these is important to our business, but having a better one than everyone else is not important to the business." Or, in some cases with things like Kubernetes, it's also "Having what we use be both good and the accepted standard is important to our business."
The question arises as to why these projects have plenty of funding and contributions, whereas some others of "immense infrastructural importance" are "chronically underfunded" (as you mention). From my perspective of working inside a large company that does a lot of FLOSS work and also has a lot of internal-only infrastructure code, I don't see a lot of difference between this and some of the internal things we have -- the issue seems to be one of lifecycles. Mature software like OpenSSL that has become solid enough to be a fundamental underpinning, and which is deep enough in the stack not to want new features, stops being something that shows up on anyone's planning radar. All the rest of the problems flow from that root, and that's a challenging one to solve.