Hacker News new | comments | show | ask | jobs | submit login

FindBugs isn’t dead (although my participation had been in hibernation for a while).

I’ve been juggling far too many projects, but I’m now working to move FindBugs back into the active rotation.

I also want announce I'll be working with GrammaTech as part of the Swamp Project, and they will be helping with rebooting the FindBugs project. This has been in the works for a long time (almost a year), and although I’ve known that GrammaTech was likely to win an award, this hasn’t been official and something I could talk about until recently. Was hoping to have something a little more concrete to talk about as far as that goes; but I don’t yet have the information I wanted to share.

Thanks to all the FindBugs fans and supporters who lobbied for me to return to active maintenance of FindBugs. Give me a week to get up to speed on current project needs.

Bill Pugh




It's still not a good sign that it took this level of public attention to get you to reply to the active community on their urgent needs.


^ this. There is absolutely no reason to not be answering emails, even if to say, "I'm really swamped, and need help."

I don't mean to denigrate you, but I must be candid here: hoarding admin rights so that only you have them and no one else can get any work done is simply not acceptable in a team environment.

Going forward, I would recommend taking a look through other projects you may be involved with, and make sure that you are not the only person with admin access. If nothing else, it would increase the "bus factor" to greater than 1: https://en.wikipedia.org/wiki/Bus_factor

Good luck.


Totally agree. Even worst, the community has already forked and is getting aligned behind https://github.com/spotbugs/spotbugs, his reappearance puts FindBugs in a very dangerous place. It either stays forked, with split efforts and APIs diverging forward, or it's shutdown to trust Bill again and hope for the best.

I for one have lost all trust on his ability to lead the project after such long absence, and the fact that he only reappeared after this hit HN, and only to respond here, to me is an indication he cares more about what people may be thinking / saying of him, than the well being of FindBugs.

I fear, the only way for FindBugs to stay alive, is for Bill to do what he probably should have done a long time ago: step down.


This is also the problem for other projects, the leaders' unwilling to giveup their position even they are inactive for a very long time and just hoping someone could help rescuing the dead horse.

https://github.com/jimbaker/talks/blob/master/jython-talk-py...


There is absolutely no reason to expect volunteers to owe you their time or responses.

I don't mean to denigrate you, but I must be candid here: demanding work from others without putting in the hard yards yourself is simply not acceptable.

Going forward, I would recommend taking a look at your written communication, and make sure that you are being fair and kind.

Good luck.


He didn't demand "work", he simply pointed out that hibernating or abandoning a project many people have come to rely on without arranging for others to (at least temporarily) take over is irresponsible and causes a lot of frustration.


Pretty much that. And to elaborate, there is no shame at all asking for help. I can think of a few ways in which to do this:

- If you are the sole maintainer of a project, putting up a note in the README asking for a co-maintainer or someone to take over the project entirely.

- Responding to emails with, "I'm swamped/I don't think I can do this right now, can you help/would you be willing take on this role?" Totally acceptable. There are lots of eager developers out there who would be willing to contribute to an open source project if they could.

- Posting on HN asking if anyone is willing to help out. :-)

I get that sometimes stuff happens in real life--illness, working long hours, taking care of children or family members--these are all perfectly valid reasons for not being able to put in the time needed to work on an open source project. However, the developer community cannot offer its help if said help is not asked for.


Answering emails is work. It's also often a lot harder than it sounds at first blush.


Setting up auto-reply takes 10 minutes. All modern email clients allow creating auto-reply rules based on who the email is from or the words the subject line or body contain.

"Thank you for your email. This is an automated reply to let you know that active development of this project is currently on hold. If you have any questions, please email bob@project.com, who is the current maintainer."

That's it.


I don't know why you are being downvoted, but I agree with you. The level of entitlement expressed on this forum is off the charts. This behavior is reflected in this case or in case of RethinkDB or any other startup which is closing down, where the frame of mind or needs of the people who build/maintain are secondary to those of customer/users. Its quite a paradox.


> The level of entitlement expressed on this forum is off the charts.

This is ridiculous. Expecting the maintainer who hasn't contributed for over a year (hasn't given any life signs or shown any interest) to give admin rights to someone who genuinely cares about the project isn't entitlement. It's the absolute minimum he could do to keep the project alive at the expense of other peoples time and effort.


Not really. People die unexpectedly. Things come up. Adopting a project with a bus factor of one and expecting things to just work out, and blaming that person instead of yourself when they don't... I think that's pretty close to "entitlement", with a dash of wishful thinking.


Look, open-source projects may be "free" in the sense that you don't pay money for them, but they still cost time. Time to learn, time to integrate into your project, time to debug if things go wrong. Not to mention time to switch to another library if the one you picked doesn't work out for some reason.

As such, there exists a kind of implied social contract between the project owner and users. The owner wants people to use the library[1] and improve it, and the users in turn want semi-frequent updates/fixes and to be informed about the status of the project. Projects that are regularly updated receive more users and contributors, who in turn help provide bug reports, improvement ideas and PRs.

Calling users "entitled" for asking the owners to adhere to the aforementioned social contract, which defines open-source and holds it together like glue, betrays a fundamental lack of understanding of what this ecosystem is and how it manages to be a legitimate alternative to commercial software.

[1]If the owner has other reasons for putting up the project on Github/Gitlab etc (e.g. it's their hobby project, or they want to showcase their code to potential employers), and has no intention to support it, then they should include a note in the readme that the code is not intended for production use. Problem solved.


> As such, there exists a kind of implied social contract between the project owner and users.

No, there doesn't. The "reality" is this: you are using the code I have given out, and that's all you get from me.

I also very much enjoy how you talk about your own free time, and how it's not really "free" to evaluate this stuff, and thus there's a burden etc etc -- and then conveniently turn around immediately and say "but maintainers are required to give me their time, that's part of the social contract". What kind of bullshit is this? It's always the same shit -- time and money for me (I get to reap the rewards, shitpost on your bugtracker, and complain on my blog when you make me mad), none for thee (you're required to help me).

If you're so worried about your own time and your own cost savings -- go buy proprietary code. Or pay the maintainer. Then you can actually have a real contract without handwaving and appealing to non-existent "social contracts".

If you want to whine about taking on risk, maybe you should also bear the burdens of that, as well as the benefits. I'm sorry that's so unfair, but maybe it could teach you something.

> If the owner has other reasons for putting up the project on Github/Gitlab etc (e.g. it's their hobby project, or they want to showcase their code to potential employers), and has no intention to support it, then they should include a note in the readme that the code is not intended for production use. Problem solved.

So your answer is that we should always assume this "social contract" exists with every piece of code, and thus maintainers are obligated to slave away for us unless specified otherwise?

This entire post reeks of nonsense entitlement-justification. I do not owe you my free time because I posted a library on GitHub, though I may choose to give you my time. I am also free to rescind that offer at any time, and guess what -- I do not need your approval to do so (because, really, you are not that important). End of story.


>>No, there doesn't. The "reality" is this: you are using the code I have given out, and that's all you get from me.

Fine, then say so on the readme file! It's not lack of updates people are worried about. It's the uncertainty that comes with not knowing whether the owner intends to continue developing it or if they have abandoned it. If you pay some attention, you'll see that's what this entire conversation is about: the owner of a popular project being the single point of failure and then going missing.

>>I do not owe you my free time because I posted a library on GitHub, though I may choose to give you my time. I am also free to rescind that offer at any time, and guess what -- I do not need your approval to do so (because, really, you are not that important). End of story.

Again, no one is asking for your free time. If you don't want to update the project or push fixes, fine, whatever. The only thing people are asking you to do is to transfer ownership of the project - or at least admin/maintainer rights - to someone else in a responsible manner if you decide to abandon it. You may call this "entitlement." I call it "being an adult."

And frankly, get over yourself. You aren't that important either. Just because you posted a piece of shitty code on Github doesn't give you the right to act like an asshole when people come to rely on that code. Try not to let it get to your head too much, mmkay?


> Fine, then say so on the readme file!

Understanding that a project with a single maintainer may become unmaintained unexpectedly should be common sense.

> Again, no one is asking for your free time.

You literally are. Including the time and energy needed to decide whether or not to continue maintaining the project, and to hand it off in an appropriate way.

> Just because you posted a piece of shitty code on Github doesn't give you the right to act like an asshole when people come to rely on that code.

Is this normally the tone you take when asking people who helped you to keep helping you?

Just because you randomly downloaded some code from Github and chose to rely on it doesn't mean the author owes you a damn thing. Don't like it? Fork it. That actually is how open source works.


Open source software runs the gamut from unmaintained to supported by a foundation with multiple corporate members, a board, and plans in place to ensure continuity under various adverse circumstances. How much stability do you need?

It isn't the responsibility of the project owner to tell you that their project doesn't meet your needs. It is your responsibility to check how the project is run and choose whether or not to take on that risk.

People actually doing the work of evaluating the risks they are taking on is how open source actually does become a legitimate (sometimes safer) alternative to commercial software.

People not doing the work, taking on risk without doing their homework, and then whining when it bites them in the ass is, well, "the story of left-pad".


> There is absolutely no reason to not be answering emails

Sometimes there is.

You can express your disappointment in how a project is managed without implying that someone else isn't living their life properly.


Yes, we all need to prevent speaking to prevent implications. ;)

Or are you implying the author is so thin skinned he cannot take a bit of judgement?


I agree. It's also odd that this clarification of the project status has been posted here now and there has been no reply to that thread in (what I think is) the official mailing list, which has been going on for around a week, where people have been trying to get in touch with him.


Indeed. Probably having more people with admin access would help making sure that the project's bus factor is greater than 1 :)


You must have paid 4 digits or more for his services then? Otherwise I think you can't demand any attention at all and be happy if you receive it.


I have been involved in open source and non-commercial, volunteer driven projects for at least a decade. It's true that it's not right to demand volunteers who spend their time on the projects to answer questions. However, in this case, having read the mailing list thread and even the parent post to which you replied, I don't believe anyone is _demanding_ anything from the project owner.

People who are passionate about a project, as a user or contributor, do tend to ask what the status/roadmap of a project is. At least in open source projects I contribute to, that's not considered as demanding something from the project leaders, just because no one has paid for the project.

IMO, there are times where it's valid to state that no one has paid for the project so aren't entitled to anything, but I don't think this case is a valid one. I've seen this statement being used many times with open source projects and such project usually tend to lose sight that users are a central part of open source projects.


I agree with all you say. And I also understand being angry about a project for not considering me as a user enough.

However, "There is absolutely no reason to not be answering emails" gave me the impression that at least one person is demanding replies to emails. I still feel it's okay to tell the quoted person that if he doesn't pay someone he can't demand from that person to answer emails.

Last but not least, if someone hasn't answered emails for some time, who seemingly had enough trust before to be important in a software project, then it may be wise, even for people with legit demands, to see whether or not that person had good reasons for his absense or not.


I'm not even talking about the software. I'm talking about the people that were the active maintainers who made a few attempts to connect with him over the course of a year, being let down. And the response after that time of "ok, I'm back now" after a Hacker News post hits the front page, without apology or explanation to them.


According to the website, FindBugs was partially funded by a couple of NSF grants. So US taxpayers did indirectly pay for his services.


Thats ridiculous reasoning, grants pay for research, not for maintenance of software.


Depends on the grant.


That's great, but it feels you have been a single point of failure on a widely used project. As well as rebooting the project do you have any plans to expand the admin role so it's harder for the project to find itself in this situation in the future?


I'm a bit confused why you decided to respond to HN, but not to the offical mailing list. Even if just with a copy of this text...




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: