I’m inclined to think that all Open Source software is great, the whole concept of Open Source, Free, Libre software is wonderful. What’s not to like? Turns out, there are some issues.
Some Open Source projects – possibly the majority of them – are supported by large corporations. They pay for programmers to do their thing, and offer the results without encumbrances. It’s not altruism; these companies understand that they’re getting a fine product. They get a good reputation, and we all lived happily ever after. Sadly, sometimes this arrangement fails.
A couple of years ago, the maintainers of CentOS announced that instead of the usual 10-year support cycle, they would only support the version for two years. This news was a serious blow to many businesses and organizations, who had made relied on the ten year cycle when mapping out their plans. Among those affected was CERN.
While it is pleasant to think that some corporations support Linux projects out of the goodness of their flinty little hearts, we must keep in mind that they will do whatever they think will advance their business, regardless of harmful consequences to others. If they have no obligation to continue support, that support could be withdrawn at any time, for any reason, and there’s not much we can do about it.
Another issue is that many Linux projects are managed by a single person, or a very small team. These people often have to do this in their spare time because they have to work for a living. They don’t get paid for their projects. Sometimes these programmers stop programming. They burn out, or have kids, or their workload at their job is heavier, etc.
This leads to orphaned projects. There are tens of thousands of programs available to Linux, of varying quality and usefulness. Many of these projects have been abandoned. Evidently these projects are kept in the repositories because people may still be relying on them. This likely is a bad idea. If a program hasn’t been maintained for a long time – exactly how long I couldn’t say – then they’re not getting security updates, and might therefore become vulnerable.
These issues can become serious problems, but they’re not all limited to Open Source. Corporations that support projects, whether Linux or Windows or Mac, can decide to drop them if it seems to their benefit. In some cases, these companies can render their older software unusable. You simply can’t even run the programs, much less get support for them.
The main difference between proprietary and Open Source software is that, if an Open Source maintainer of a project quits, theoretically someone can fork the project and keep it going. Theoretically.
The problem is that usually no one steps in, and the project languishes. Ultimately the software becomes outdated. Without updates it becomes a potential security hole.