Open Source Resistance: Maintain Your OSS Dependencies on the Clock

A new manifesto, Open Source Resistance, argues that engineers who maintain open source projects their employers depend on should simply do that maintenance during work hours, without asking permission or routing it through internal programs. The premise: companies extract enormous value from OSS every day while treating its upkeep as a hobby maintainers must squeeze into evenings or beg for via sponsor buttons. Reviewing PRs, bumping dependencies, and shipping fixes to shared infrastructure is engineering work, the argument goes, and should be classified as such whether or not management names it.

The project positions itself as a more confrontational alternative to the Open Source Pledge (US$2,000 per developer per year to maintainers) and Open Source Friday (two donated hours weekly), framing direct action as the next step when employers refuse to formalize support. It is careful to scope the tactic: maintain projects already tied to your job, not random side work, and don’t burn 100% of work hours on OSS.

The caveats are substantial and aimed at keeping participants out of trouble. Read your employment contract and IP assignment clauses, negotiate an open-source carve-out at hire (the author points to GitHub’s CC0-licensed Balanced Employee IP Agreement as a template), keep confidential data, credentials, and undisclosed vulnerabilities strictly separate, and recognize the argument is weakest for junior staff, billable consultants, or anyone in regulated or defense work.