The Stack Overflow Podcast

Keeping the lights on for open source

Mar 17, 2026

Dan Lorenc, CEO of Chainguard and steward of secure open source supply chains. He explains forking archived but widely used repos to provide security maintenance and dependency upgrades. He talks about maintainer burnout, funding and security challenges in open source. He outlines how trusted stewardship, tooling, and scale keep critical projects alive and reduce supply-chain risk.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Open Source Is Not One Thing

Open source is many things, not a single monolith and faces diverse incentive and economic problems.
Dan Lorenc frames a gap: finished-but-not-dead projects need maintenance for security and compatibility rather than full-time feature work.

ANECDOTE

Log4j Weekend Patch Frenzy

The log4j incident showed open source maintainers patched many back versions over a weekend.
Dan Lorenc argues this rapid response outpaced typical proprietary patching and highlights community urgency under crisis.

ADVICE

Centralize Maintenance For Done But Not Dead Projects

Centralize low‑volume maintenance to gain economies of scale for security patches and dependency upgrades.
Chainguard's Emeritus approach: do no feature work but apply security patches and dependency bumps across many archived projects.

Get the Snipd Podcast app to discover more snips from this episode