
The Bus Factor: Life for Open-Source Projects After a Developer's Death - klint
https://www.wired.com/story/giving-open-source-projects-life-after-a-developers-death/
======
chis
Why not just fork the repo? I’d be annoyed if software I depended on was taken
over by new management and messed with with.

~~~
wink
I'd say this works 9/10 times - or more, but sometimes it would be _nice_ (or
important) - to really hand the _exact namespace_ off to a different
person/org.

This was a solved problem with domain names - but with the de-facto standard
of github and projects being "in the namespace of a user" (if they don't
create a separate org for this purpose they could then hand off without losing
their username) it's a problem again.

And Go is notoriously bad for this. Had this problem a while ago where one
library author just changed his name from uppercase first letter to all
lowercase. On a case sensitive filesystem this actually breaks imports :(

------
zbentley
This was thought provoking. Questions that arise after reading:

\- How do you verify proof-of-death of developers who may be working from an
environment where they can't easily separately verify their identities (e.g.
house arrest, or people who are working in secret due to legal or cultural
barriers to their being OSS engineers)?

\- What happens to people whose death is faked, e.g. by a government wishing
to take control of a project in order to introduce vulnerabilities or be an
obstacle to further development?

\- What happens when someone dies and people impersonate their
family/inheritors in order to take control of their projects for unethical
reasons? Given that a lot of the value here is political ("lead
maintainer"-type titles) as opposed to physical (data on servers somewhere),
are there any laws that affect this behavior? This is a regrettably common
phenomenon with non-software inheritances; can developer communities do
better?

\- What happens when someone dies who didn't leave instructions for the event
of their death, and the legally- or traditionally-entitled inheritors harm
their project or otherwise act unethically with it? Is the answer just "fork
it" with all of the FUD that entails? Or can something else be done?

~~~
searls
Disclosure: I was a developer interviewed and quoted in the piece.

These are all good questions. I'd suggest that the trickier edge cases you
outlined are indeed very tough scruples as they pertain to open source (but
also as they pertain to all property & copyright law).

I would say based on the experience I shared in the article with Jim that it's
very likely that a very large proportion of open source contributors have
_relatively simple_ situations but near-zero planning in place for the
inevitable. The best someone like GitHub could hope to ask for is a death
certificate and an executor of the estate being able to produce a document
that assigns the rights of digital assets to some named individual. It
wouldn't take very long to do (and I did it myself shortly after I had this
experience following Jim's passing).

But even that is a pretty blunt, communication-intense implement. The much,
much easier solution for maintainers to simply share access & knowledge as
soon as a project gains any amount of significance at all with people they can
trust. Platforms like GitHub & npm could introduce pretty simple "inactive
account" features that allow named beneficiaries to be added as owners in the
event an account goes dark, without needing to bring family & estate attorneys
into all this.

~~~
zbentley
Thanks for the thoughtful response!

