Re: There's something I don't get
This is a bit harshly put, but accurate.
I do think companies need to do a bit more tho. A while ago at $JOB we wanted to implement a custom OAuth2 provider in python. We looked around, and there wasn't quite the open source libraries that fully encompassed the features we needed* (OIDC), so I took the best, most well maintained library and fully implemented OIDC for it, 100% test coverage, documentation, the whole 9 yards. The PR was accepted, and we had our custom project up and running in under 2 months.
That's wonderful - company needs something, develops it in OSS library, everyone's a winner... except we contributed nothing to the support of this feature. I was quickly on to the next project, no time for ID work, and we gave them nothing financially.
AC because this story leads to a github project, which leads to my commits, my company and my github username.
* 0auth actually had libraries that did, but we didn't trust them. It seemed their libraries kept boiling down to "wouldn't it be nicer to just pay us $2/user/month and let us do it". No it wouldn't.