fidzu : php

Yesterday I wrote about how Open Source infrastructure across many ecosystems is fragile and underfunded.

Drupal is no exception.

Like most Open Source projects, Drupal runs on infrastructure that millions of people depend on but very few people directly pay for.

Drupal's infrastructure costs roughly $3 million per year, including servers, bandwidth, CDNs, software, and staff.

Funding comes from a mix of donated infrastructure from AWS and the OSU Open Source Lab, corporate memberships through our Drupal Certified Partner program, in‑kind contribution from Tag1, and revenue from DrupalCon, donations, and sponsorship on Drupal.org.

Last year, Drupal Association board member Tiffany Farriss and CTO Tim Lehnen analyzed the project's infrastructure costs. Their estimate: infrastructure for Drupal 8+ sites costs about $10 per active website per year.

But the Drupal Association spends only about $7.50 per site per year. About $3 comes from DrupalCon and the Certified Partner program. The remaining $4.50 comes from in-kind support: donated hosting, Tag1's infrastructure partnership, and volunteer contributions. That is all we have to spend.

The missing $2.50 per site shows up as technical debt: certain upgrades get deferred, legacy systems persist longer than they should, and the community sometimes wonders why infrastructure progress feels slow.

Even the $7.50 per site we currently fund is fragile. DrupalCon revenue depends on event attendance. Advertising depends on traffic. Tag1's in-kind contribution depends on one company's continued generosity. Our donated infrastructure from AWS and OSU could disappear at any time. At that point, the funding gap grows, more infrastructure work gets deferred, and things could start breaking.

Before talking about new funding models, it is worth asking whether the Drupal Association could reduce its infrastructure costs. Ten dollars per site per year may sound like a lot. Should we operate all of this infrastructure ourselves, or rely more on hosted platforms like GitHub or GitLab? Are parts of our infrastructure more complex than they need to be?

These are the right questions to ask. I believe we need to work both sides of the ledger: take a hard look at what we spend and build a funding model that depends less on goodwill. In practice, infrastructure decisions rarely optimize for everything at once. They involve tradeoffs between cost, speed, flexibility, and control.

Corporate patronage is worth considering. A single well-resourced sponsor could fund Drupal's infrastructure in a way community fundraising cannot, and if the choice were between a patron and a crisis, a patron wins. It's fast, requires no technical changes, and doesn't touch the social contract with site owners.

But patronage trades one fragility for another. Instead of depending on event attendance or AWS cloud credits, you depend on one company's continued generosity and strategic alignment with the project. If their priorities shift, we're back where we started. A patron funding infrastructure at this scale would also expect meaningful benefits. That usually means greater visibility and some level of control over Drupal.org.

Most infrastructure systems connect usage to funding. Cloud platforms charge for compute. Roads are funded by taxes paid by the people who drive them. Drupal's infrastructure has neither mechanism: millions of sites depend on Drupal.org services, but the cost of operating those services is disconnected from the people who rely on them.

A funding model tied to usage avoids some of the issues with corporate patronage, but comes with its own trade-off. Open Source culture is built on anonymous access. You can download any package, no questions asked, no account required. Any usage-based model has to break that norm. The simplest version would probably require a Drupal.org API key to download packages or receive automatic update notifications.

Requiring an API key is standard practice for any commercial API, but in Open Source it feels different. Requiring site owners to identify themselves to Drupal.org is a cultural shift, even if the key itself is free forever. Any such mechanism requires changes to Drupal Core, which could take years to reach the installed base. If we go down this route, we can't wait for a funding crisis to begin this work. By the time a real crisis arrives, we would still be years away from a solution.

I don't have a specific mechanism to propose yet. But we should start this conversation now, while we have the time and stability to get it right. The alternative is making the same decisions later, under more pressure, with fewer options and less trust to spend.

Thanks to Tiffany Farriss, Tim Lehnen, Gábor Hojtsy and Lauri Timmanee for reviewing my draft.

10 Mar 2026 10:30pm GMT

DrupalCamp NJ 2026 will take place from 12 March 2026 to 14 March 2026 at Princeton University in Princeton, New Jersey, bringing together Drupal developers, site builders, and community members for three days of training, sessions, and collaboration. Among the scheduled presentations is "Governance You Can See: Embedding Content Rules Directly Into Drupal," a session by Nathan Wallace that explores how governance guidance-often stored in documents and policies-can be embedded directly within Drupal's publishing experience to help teams maintain content quality, accountability, and editorial clarity.

10 Mar 2026 3:00pm GMT

10 Mar 2026 1:33pm GMT

This week, Symfony 6.4.35, 7.4.7, and 8.0.7 maintenance versions were released. In addition, we introduced featured listings for Symfony job postings. Lastly, we published AI skills for Symfony UX. Symfony development highlights This week, 103 pull requests…

08 Mar 2026 8:16am GMT

Symfony 8.0.7 has just been released. Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project. Tip…

06 Mar 2026 5:12pm GMT

Symfony 7.4.7 has just been released. Read the Symfony upgrade guide to learn more about upgrading Symfony and use the SymfonyInsight upgrade reports to detect the code you will need to change in your project. Tip…

06 Mar 2026 4:45pm GMT