The Log4Shell vulnerability in the open-source logging tool log4j has sparked a widespread discussion about the sustainability and security of the open-source software (OSS) supply chain. This incident highlights the challenges faced by OSS maintainers, who often work unpaid and in their free time, especially when managing critical infrastructure projects. The debate includes whether the issue is with the OSS model itself or the societal and economic structures surrounding it. Some argue for making OSS maintainership a paid, full-time job to improve resilience, while others insist that the model isn't broken but requires better support mechanisms. Initiatives like GitHub sponsorships and Open Collective are steps towards funding OSS, but they are often insufficient to sustain infrastructure development. The article explores professionalizing OSS projects, using Ory as an example, which supports its open-source work with a commercial service, demonstrating a feedback loop that benefits both the OSS community and commercial users. The complexity and security of dependencies are also a concern, with automation and audits being necessary to protect the software supply chain. While the future of software is seen in OSS, the path to sustainable development varies, and while not all projects require a commercial structure, the support frameworks for OSS are still evolving.