We should fund them, sure, but that’s not enough.

The problem is the cost is so wildly asymmetric. When everyone with a computer and a subscription can vibe code low quality features, when everyone can submit dubious security bug reports, no amount of funding will even that out. Producing submissions is essentially free while triaging and reviewing remains very expensive.

3 years ago the cost was asymmetric in the other direction. The cost of writing code was high. The cost of finding security bugs was extremely high. The cost of triaging and reviewing was basically the same as it is today.

Large corporations that are well funded are facing the exact same issues internally right now. With agent output so cheap, how do you deal with the deluge? It’s not practical or desirable to have your best engineers doing nothing but reviewing generated code, some of which is likely very low value.

This plus accountability is the way; and what I think I mean here is "accountability for those who choose to USE (maybe not create) the software in a way that may be harmful."

If you'd like to push that accountability to the developers, that can work, but they should be paid or otherwise compensated accordingly for the risk they take on.

Why spend more money just to trawl through BS contributions? Cutting off the nonsense would be both cheaper and have the same result.

More funding for more development of open source is a good thing, but more money to ease the burden imposed by an ever rising tide of slop is not a solution.

LLMs can drown a fleet of paid maintainers. Machines can generate code (even good code, not just slop) far faster than humans can evaluate it.