@joshbressers Good take. Cute trash panda. ✅

To your point of
"If those curated services don’t have what the developers need, they will find a way to sneak something through the back door. [...] The biggest threat to open source right now is the lack of support for developers that’s burning them out. Unfortunately we don’t know how to fix that problem yet."

I'd like to offer the comparison of "real engineering disciplines"™️ as amazing amounts of the computer-y and software-y stuff is in risk classes that clearly can compete with machines, buildings, planes and ships, etc.

All burns down to the point of "the effective risk perception of FOSS is not high enough at the right places. Let's make sure it is".

Here goes:
Any leading/acoountable structural engineer, aviation maintenance engineer etc. is responsbile for their work. This means whatever they sign-off on might bring them into jail the express route, very little questions asked, not insurable if it fails.
Thus, they are - in most cases - very inclined to only sign-off on what they believe will not land them in jail. They are very diligent in checking.
The accountable business heads have lesser but similar cases. They invest in protection and control because they are aware of the consequences. The protection is cheaper than the fallout costs.

University education in these fields, at least here, contains substantial education on these rights, requirements, realities, liabilities, etc. They know very well what they are getting themselves into and what they are handling.

The results are that we mostly don't bother about whether a building will collapse on us or - in most cases - use the the absurdly complex aviation system without much care. And rightfully so. There might be some hickups every now and then, but the majority will just work and be failure-operational or failure-tolerant in most cases.

None of this exists in almost all CS or econ/CS mix degree programs. Your average "tech"/"tech adjacent" grad is blissfully unware and ignorant of the reality, their rights, duties and dynamics of what they'll likely be dealing with for the foreseeable future (60-95% FOSS components). This needs to change.

Knowing what can and can not be expected from FOSS will enable people to adjust their engagement and investment in FOSS, make them consider their rights (and duties) and possible ways of enabling sustainability of their engagement before they become a burnt out distress case.
No company or other entity is entitled to free support, free maintenance or even continuation of something they "curbside thrifted" and willingly accepted as "use as is, it's your problem".
If they desire any of the above benefits, they can become the economic counterparty to said sustainability considerations of the origin.

Ensuring uninsurable responsbility for this "curbside thrifting" reliably hits MDs of legal entities of private or public nature will ensure sustained consideration of rights, duties, prevention/mitigation and investment priorities and adjust their risk/reward appetite/tolerance regarding this field according to their risk capability. I have seen substantial amounts of cases where that did happen after only one hit already.

And if properly educated and regulated, this will effective lead to sustained investment in FOSS at scale, in places where it fits the markets demands.
Scale that will clearly be larger and with lesser overhead than all tax money powered indirections I have seen so far, as laudable as the results and intent of them might be.