Let's say I authored a piece of software that meets my needs. I thought others may benefit so released it under an open source license. Over the years bugs were fixed as I or others found them at the pace I could manage as a hobby at my discretion. Over a decade or so this software became ubiquitous, in use by other individuals, small companies, large companies, giant companies, and multinational conglomerates. Some may just be using the software minimally, others daily but for their own use, and others incorporate it into products or services they sell for a profit.
I should expect to see bug reports, feature requests, bug fixes, feature code, etc. Still not making any profit from the venture, I am still the hobbyist programmer. Sure I may see donations here and there to cover the cost of hosting distribution and maybe some additional costs all tied to the existence of the software. Then a "sky is falling" type of "security" bug is found when the software is used on or connected to the Internet. Now, I see fame as the author of the bug. I see demands from all, those using the software and not, those donating and not, those contributing and not, those helping and not; to fix this insidious bug I created. Why do I feel the loudest demands would be from the "nots"?
Let's say I am not using and never designed the software to be used on on or connected to the Internet. I look at the bug and state, "Do NOT use it on or connect it to the Internet" as my fix. Am I obligated to do any more? In looking over the users of the software some would appear to have more of an obligation to fix it than I. Depending on the original license chosen, a fork could be made and fix implemented possibly allowing the fork to become closed source or remain open source as a new project.
What obligation does one have as an author of an open source program? What obligation does one have as a user of open source software? Does it depend on means? Does it depend on use? Does it depend on anything?