
Code Shelter: A Maintainer Community for Abandoned FOSS Projects - rantanplan
https://www.codeshelter.co/
======
entelechy
This is amazing!

As one of the creators of a distributed package manager for C++ and friends
[1] we made a funny discovery:

Many C libraries that a big chunk of the ecosystem depends on, have not been
updated for many years. Some of those can only be downloaded from sourceforge
or ftp server.

Even worse, some libraries are copy and pasted from project to project and
have no actual home.

We uploaded them to github and started maintaining them.

If you know any abandoned C/C++ projects or C/C++ projects you need a hand in
maintaining, we are happy to help.

[1]
[https://github.com/loopperfect/buckaroo](https://github.com/loopperfect/buckaroo)

~~~
reality_czech
If none of the big tech companies will step up to adopt openssl, we should put
it down, like in a real pet shelter.

~~~
Ayesh
That whole Heart Bleed incident was a blessing for OpenSSL. It's now quite
active:
[https://github.com/openssl/openssl/commits/master](https://github.com/openssl/openssl/commits/master)

------
edzillion
You should set up an opencollective.com account (like Patreon for FOSS
projects) - I would support this project and I am sure there are others that
would too.

~~~
StavrosK
That's actually a great idea, thank you! I'll get on that right now.

EDIT: I made one: [https://opencollective.com/code-
shelter](https://opencollective.com/code-shelter)

What do people think the collective should be used for? I haven't used
OpenCollective much.

~~~
stevewillows
no hypen :)

[https://opencollective.com/codeshelter](https://opencollective.com/codeshelter)

~~~
StavrosK
Thanks, I just changed the URL to remove the hyphen but couldn't edit my
comment :(

------
mlinksva
Cool initiative. IIUC it lowers the cost of asking for and vetting help, which
can be substantial. Moving a project to a stewarding entity even more so --
actually I imagine easily matching/getting new maintainers on board could ease
eventually moving to a stewarding entity, eg Software Freedom Conservancy
(which I volunteer for) requires accepted projects to have multiple
maintainers from multiple organizations
[https://sfconservancy.org/projects/apply/](https://sfconservancy.org/projects/apply/)
which is a giant leap for an unmaintained project. I believe other
~foundations also have extensive onboarding procedures/requirements.

------
febeling
It's a great idea, and certainly much needed. I wish the name wouldn't imply
as much misfortune and this sense of giving all hope up on the part of the
original author. They have possibly toiled along for years. Some name that
inspires a sense of honor and gratitude might be a lot more attractive to
potential code donors.

~~~
StavrosK
It's meant in the sense of "shelter from the rain". Why do you think it has a
sense of giving up all hope? One of the main goals when creating it was to not
require the creator to move the repo away from their name.

~~~
febeling
Maybe it's a subjective association. But isn't a shelter a place for a
homeless person?

~~~
StavrosK
Yes, a place where they can get food, a bed and (hopefully) living conditions.
In my mind, it's a positive. Sounds like it's not so for everyone, hmm.

~~~
ljm
It's fascinating, because shelters in and of themselves are positive things:
they're built to be refuges or safe havens. Places where you expect help is at
hand.

They sound negative when you start to look at the reason for them existing.
Not because shelters are bad, but because homelessness and abuse and
abandonment is bad.

From a UK perspective, shelter to me makes me think of a bus stop or an awning
to get out of the rain, or to get some shade.

~~~
StavrosK
Yes, that's how I perceive it as well. The fact that you're in circumstance X
might suck, but shelter for that is always good. It's interesting to me that
people find the word "shelter" itself negative because they associate it with
the unwanted circumstance. I wonder if the same happens with "haven",
"succor", etc.

------
degenerate
The "add project" link on the FAQ page 404s:
[https://www.codeshelter.co/faq/](https://www.codeshelter.co/faq/) [ _fixed
now_ ]

How would this project approach FOSS projects that were abandoned, then sort-
of-picked-up by another maintainer, but with no actual continued development?

Example: Meteorite MKV repair engine

Original site: [http://www.mkvrepair.com/](http://www.mkvrepair.com/)

Original code:
[https://sourceforge.net/p/meteorite/code/HEAD/tree/](https://sourceforge.net/p/meteorite/code/HEAD/tree/)

"New" code (last activity 3 years ago):
[https://github.com/abarnert/meteorite](https://github.com/abarnert/meteorite)

I would love to see this project continued, and even added into other FOSS
projects like VLC.

~~~
StavrosK
> The "add project" link on the FAQ page 404s:
> [https://www.codeshelter.co/faq/](https://www.codeshelter.co/faq/)

Fixed, thanks for the heads up (there was an inopportune line break).

> How would this project approach FOSS projects that were abandoned, then
> sort-of-picked-up by another maintainer, but with no actual continued
> development?

The idea is that Code Shelter increases the bus factor, ie if the developer
(or developers) of a project all drop off, there's a way for people to
continue the project through Code Shelter.

What will usually happen is that a CS member will be interested in a project
and notice that it's unmaintained. If the project is already in CS, they can
just start maintaining it, or ask the maintainer to add it to CS. Since
maintainers are volunteers, there's no guarantee that someone will take the
project up, but the aim is to have a large enough pool of both maintainers and
projects that matching is frequent.

~~~
busterarm
Just to mention a tiny bit of friction that I find, that you're probably
already aware of...

I would totally apply to do this but my OSS contributions are pretty sparse
and go back a couple of jobs. I'm sure that I have the requisite experience
but my GitHub profile for the last year and change is pretty empty. The
application process totally discourages me from applying.

~~~
StavrosK
Yes, that's one thing that's currently a pain. How do you judge if someone is
a good fit to take over (or, even harder, co-maintain) someone else's project
just by looking at their Github profile?

Currently it's based a lot of "is this person already a maintainer of widely-
used OSS libraries", as this is both a good signal and (hopefully) effectively
foils malicious people, since, if you wanted to deploy some malicious code,
you'd probably do it on the libraries you already have.

If you have any better ideas for how to "interview" maintainers, please let me
know!

~~~
busterarm
My expectation is that someone who is willing to attach their real name to
something isn't willing to jeopardize their reputation and career over doing
something malicious to a project.

Identity verification, similar to what Keybase supports, where people add a
verification code to their social platforms might work here. Enough to verify
to a certain degree whether someone is who they say they are. Maybe add a call
to their employer to verify that they hold the role that they say they do
also.

To me that would be enough skin in the game.

~~~
StavrosK
Hopefully that would solve that issue, but there's also the matter of someone
being senior enough to be able to understand the direction of a project, set
it, etc. Basically, you need to be able to trust every single one of the
maintainers to have commit access on your project, with everything that
entails.

For completely abandoned projects, it may not matter as much, but for projects
that just need more eyes/hands, it's a larger consideration.

~~~
busterarm
> For completely abandoned projects, it may not matter as much, but for
> projects that just need more eyes/hands, it's a larger consideration.

Maybe add an agreement that if the community calls for a changing of the guard
at some point that pending a review the maintainer will step down if the
review process agrees.

------
airza
This is kinda off topic, but how on earth did the team who took 300,000$ for
light table end up foisting it off on _volunteers_?

~~~
hombre_fatal
Well, unless you think $300k sets you up for life and unless they could get a
revenue stream going, it's going to run out and be back in the hands of
volunteers no matter what.

This line of questioning (or accusation) is a good example of the phenomenon
where people often expect a disproportional amount of your future time because
they once gave you a one-time quantity of money, or possibly by pointing to
money that _other_ people gave you.

Look at it another way: $300k got us Light Table which was a pretty cool
editor. I used it to help people get started with Clojure and I didn't pay
them a dime. It didn't get us eternal paid support and maintenance, though.
How could it? It also unfortunately never developed the ecosystem around it
like Atom and VS Code were able to, so now it's here trying to find
maintainers.

Also, pretty much all editors are dependent on volunteers to create plugins
and ecosystem, even ones you directly pay money for like Sublime.

~~~
em-bee
_so now it 's here trying to find maintainers_

and it found one

------
stevefan1999
I admire your bravey in volunteering and investing your precious and finite
time in researching million lines of code that was forgotten by the rest of
the world that some of its mettle, perhaps was still enpowering the program we
use day by day but underappreciated.

Also, I think it's definitely a touching story to review how us evolve and
obsolete code and algorithms, it's like a genetic and natural selection and we
can learn from it to not let history happen again.

~~~
StavrosK
Thank you, but there's also a large number of projects which many people use
but that aren't that actively maintained. It's those projects that Code
Shelter mostly aims to help with.

------
colechristensen
I don't particularly qualify for maintainer as I have not been very active in
open source, but I found a bit I could contribute to puppet-samba.

I have more free time lately and a difficulty I have found is easily locating
places I could contribute without a huge time commitment.

For example I found some pretty minor changes needed to make testing work on
puppet samba, it was a 15 minute task but helpful in any case.

~~~
nanliu
For puppet projects, they should go to
[https://github.com/voxpupuli](https://github.com/voxpupuli) for community
support.

------
WrtCdEvrydy
This is kinda weird. I wouldn't consider tellform abandoned, but I guess it
is.

~~~
StavrosK
It doesn't have to be, maybe they just need some help.

------
satoshinm
This is really cool, glad to see someone tackling this problem.

I have added several of my abandoned projects, here is a quick summary of them
if there is any interest:

[https://github.com/satoshinm/WebSandboxMC](https://github.com/satoshinm/WebSandboxMC):
Bukkit plugin providing a web-based interface with an interactive WebGL 3D
preview or glimpse of your server - this bundles the NetCraft frontend in a
Minecraft server plugin. There are requests from Spigot users
[https://github.com/satoshinm/WebSandboxMC/issues/100](https://github.com/satoshinm/WebSandboxMC/issues/100)
to make it active again, which is what inspired me to add it to Code Shelter.

[https://github.com/satoshinm/NetCraft](https://github.com/satoshinm/NetCraft):
Web-based fork of
[https://github.com/fogleman/Craft](https://github.com/fogleman/Craft) . Craft
has been featured on Hacker News before, but it is pretty much abandoned, so I
forked it into NetCraft, but then in turn ran out of time/interest to update
it. The summary still applies: "Voxel game for modern web browsers (Chrome,
Firefox, Safari) and desktop operating systems (Windows, macOS, Linux). Just a
few thousand lines of C using modern OpenGL (shaders)." Heavily inspired by
Minecraft, but much smaller and simpler.

[https://github.com/satoshinm/pill_serial](https://github.com/satoshinm/pill_serial):
Triple USB-to-serial adapter firmware for flashing onto an STM32F103C8T6 "blue
pill" minimum development board . With this firmware you can make your own
USB-to-serial adapter, times three, by flashing a <$2 blue pill board.

[https://github.com/satoshinm/pill_duck](https://github.com/satoshinm/pill_duck):
Scriptable USB HID device for STM32F103 blue pill (inspired by USB Rubber
Ducky) . Another project for the "blue pill", this one lets you make an
automated USB keyboard/mouse device, an imitation of the popular Rubber Ducky
hacker tool, but a lot cheaper.

[https://github.com/satoshinm/pill_6502](https://github.com/satoshinm/pill_6502):
emulated 8-bit 6502 CPU and 6850 ACIA for STM32F103 blue pill . Want to build
a retrocomputer but an authentic 65C02 chip is too much? Play around with a
classic processor without buying old hardware? Emulate it with the cheap blue
pill, with enough support at least to run the Microsoft OSI BASIC ROM.

I have started a few more abandoned projects on
[https://github.com/satoshinm?tab=repositories&type=source](https://github.com/satoshinm?tab=repositories&type=source)
but these seem to have generated the most interest (especially the
NetCraft/WebSandboxMC combination, but the pill_ projects can be quite handy),
no longer can maintain them myself but would be great to see continued
maintenance provided a community finds them valuable.

~~~
StavrosK
These are pretty great, I'm especially interested in the Arduino Nano rubber
ducky ones. Do you want to be a Code Shelter maintainer?

------
dvh
Isn't this what's sourceforge is for?

~~~
aaaaaaaaaaab
Or the Apache foundation.

~~~
mrweasel
Doesn't becoming a Apache foundation project require that you have developers?
Or do they have money to pay people to work on abandon project?

~~~
reality_czech
If a project becomes inactive, Apache puts it into the Attic and development
ceases.

------
yeowMeng
Curious to know why the HN title is using `FOSS` but only mention of `FOSS` is
on the site’s /faq page. For free software zealots, the sites tag line “...
maintaining popular open source projects...” may not spur action as OSS is
missing that required RMS approved F.

