Biggest mistake EVER. The Apache Foundation DOES NOT redistribute any money to actual contributors.

All money donated to Apache gets spend on their own infrastructure and salaries, etc.

> own infrastructure and salaries

Don't they contribute for the development? Or for what is that salary.

Salary for infrastructure admins, etc. Nothing goes to actual development on projects.

https://www.apache.org/foundation/how-it-works.html

> All participants in ASF projects are volunteers and nobody (not even members or officers) is paid directly by the foundation to do their job. There are many examples of committers who are paid to work on projects, but never by the foundation itself.

Mind you, the download mirrors are also free...

same problem with wikipedia / wikimedia foundation

But wikipedia, being a top 10 website, does have significant infrastructure costs.

Wikipedia only has two edits per second[1] and is mostly cacheable. If one wanted to, Wikipedia could be run with a minimal infra cost

[1] https://en.m.wikipedia.org/wiki/Wikipedia:Statistics

You seriously think that the multi-million dollar Apache foundation, which oversaw this mess and whose "Apache Way" supposedly should have prevented it but in fact is a joke, needs more money?

There are of course many worse causes, but among umbrella organisations which just exist to provide some services to Free Software projects, Apache doesn't stand out as particularly good and I doubt that "Security vulnerabilities due to our lacklustre oversight drove a big increase in donations" is the lesson we ought to provide.

You would expect the foundation to prevent bugs? When did Apache even even claimed to be bug free?

I would expect the foundation's "Apache Way" to have the effects it claims, rather than in fact being a way to dismiss concerns and pretend everything is on track when it isn't.

In particular the Apache Way includes: Responsible Oversight and The ASF Security Committee which you might think would be trying to stop stuff like this happening but really exists so that they can say they're responding to whatever new horrible problem has been found and so the system works.

What did the Responsible Oversight do with the idea of adding "lookups" to log4j which by the nature of the language and design of the API can't be safe? They accepted it and cheerfully documented this obviously bad idea. You can still go back and look at their documentation with the Wayback Machine, short of just writing "Look at this amazing remote execution security bug we added to our software" it could not be any clearer.

You don't know what responsible oversight is. You don't even know what foundation does do or does not do.

I disagree. If you are a software developer you should expect someone to pay you, so that you contribute to Open Source. Probably the bigger companies and indirectly the end user. It's time we break from this "free" stuff mentality. Nothing is free and even if we expect free stuff from developers, we shouldn't expect them to maintain that stuff for free at their expense.

Last time I needed an HTML/CSS framework, I was looking for the "best" open source and free one. I then decided to go with Tailwind and pay the $279 lifetime license fee. Now that I think more about, I'd have been happier with a subscription or paid updates than a "lifetime" license.

Remember that the Apache Foundation is the same foundation that insist on saying that open office is a nice piece of software and LibreOffice doesn't exist. While ignoring the fact that continuing to promote abondonware (open office) to school and other public institution is criminal.