Episode 268
Maintainer Month 2025 with Dirkjan Ochtman on Sustaining Critical Rust Libraries
May 9th, 2025
34 mins 18 secs
About this Episode
Guest
Dirkjan Ochtman
Panelist
Richard Littauer
Show Notes
In this special Maintainer Month episode of Sustain, host Richard speaks with Dirkjan Ochtman, a long-time open source contributor and Rust advocate. They dive deep into what it's like maintaining critical infrastructure libraries, the motivations behind taking over "abandonware," and how funding ecosystems like GitHub Sponsors and thanks.dev help sustain low-level dependencies. Dirkjan also reflects on how Rust’s design lends itself well to long-term maintainability and shares thoughts on the challenges of burnout, context switching, and ensuring project continuity. Hit the download button now!
[00:01:33] Dirkjan explains how he chooses which projects he’s maintaining, being passionate about memory safety via Rust, and maintaining tools like Rustls, Hickory DNS, and Quinn.
[00:03:14] Dirkjan describes his motivation for maintaining abandonware and sees it as providing value to the community.
[00:04:23] ISRG funds Dirkjan’s work on memory-safe DNS and TLS libraires, and they are replacing C-based libraires with Rust equivalents.
[00:05:33] Dirkjan uses thanks.dev to help fund maintainers through the full dependency graph and revenue is limited but promising.
[00:08:06] Richard brings up Tidelift and Dirkjan mentions it’s not yielding results for Rust projects yet because the Rust ecosystem is smaller.
[00:09:30] We hear Dirkjan’s journey into Rust, starting in Python but frustrated by lack of type safety and performance, and creating his own compiler before appreciating Rust’s complexity.
[00:12:20] Dirkjan talks about his transition from Python to Rust.
[00:13:39] Dirkjan uses PyO3 to create Python bindings for Rust libraries.
[00:15:31] Richard wonders why projects become unmaintained and Dirkjan responds that people have life events, job changes, or shifting interests.
[00:17:11] How are unmaintained projects flagged? Dirkjan uses the RustSec Advisory DB to detect projects with no active maintainers.
[00:18:47] Dirkjan avoids burnout as a maintainer by keeping the scope narrow, only responds to PRs, doesn’t overcommit, and focuses on high-efficiency, low-effort maintenance.
[00:19:51] Rust has a strong system, built-in unit tests, great CI support, and Dirkjan encourages atomic commits to simplify code review.
[00:21:28] Dirkjan speaks about languages that are more maintainer safe.
[00:22:18] Richard brings up attack vectors and the ‘left-pad incident.’ Dirkjan shares how he builds trust via his public GitHub record.
[00:24:17] We hear Dirkjan’s offboarding and succession planning as he explains handing off projects like Askama and promoting multiple maintainers to reduce bus factor.
[00:26:08] Dirkjan’s long-term vision for OSS sustainability is he hopes to move higher in the stack and wants to make high-quality software easier to build.
[00:27:38] Dirkjan explains why he prefers to do asynchronous collaboration over pair programming.
[00:28:52] Dirkjan discusses Rust’s long-term ecosystem stability.
[00:31:09] Find out where you can follow Dirkjan on the web.
Quotes
[00:03:23] “You call it abandonware and I call it a dependency that has a million users.”
[00:19:02] “[When I take on a project], I don’t take on the burden of proactively improving the project.”
[00:19:11] “I will be there when someone submits a PR."
[00:20:37] “I ask folks to make small changes: atomic commits.”
Spotlight
- [00:31:37] Richard’s spotlight is Allan Day.
- [00:32:20] Dirkjan’s spotlight is Xilem.
Links
- SustainOSS
- podcast@sustainoss.org
- richard@sustainoss.org
- SustainOSS Discourse
- SustainOSS Mastodon
- SustainOSS Bluesky
- SustainOSS LinkedIn
- Open Collective-SustainOSS (Contribute)
- Richard Littauer Socials
- Dirkjan Ochtman LinkedIn
- Dirkjan Ochtman Blog
- Dirkjan Ochtman Mastodon
- Dirkjan Ochtman GitHub
- Dirkjan Ochtman Bluesky
- Rust
- Rustls
- Hickory DNS
- Quinn
- Internet Security Research Group (ISRG)
- Let’s Encrypt
- Automatic Certificate Management Environment
- PyO3 user guide
- Sustain Podcast-Episode 108: Sarah Gran and Josh Aas: Sustainable Digital Infrastructure with Memory Safe Code
- Sustain Podcast-Episode 148: Ali Nehzat of thanks.dev and OSS Funding
- Tidelift
- RustSec Advisory Database-GitHub
- Askama
- Allan Day’s GNOME Blog
- Xilem
Credits
Produced by Richard Littauer
Edited by Paul M. Bahr at Peachtree Sound
Show notes by DeAnn Bahr Peachtree Sound