I can think of sudo (https://github.com/sudo-project/sudo/graphs/contributors) which is maintained by just one person and is being used by every major linux distribution
It almost feels like it's easier to list which fundamental projects have more than one active maintainer.
Many of the core library and tools are mostly finished and have very little yearly activity. How many maintainers does a project have if the last activity was one or two commits made or maybe just merged by one maintainer 3 years ago, and few more 5 years ago. Does it count as 2 maintainers, 1 maintainer, 0 maintainers? Does the "maintainer" from 5 years ago still have commit permission and how likely are they to get involved if some merge requests show up.
Even for active projects it's very common for 90% of work being done by one main maintainer.
> Many of the core library and tools are mostly finished and have very little yearly activity
Yeah. The ad-hoc, de-facto "Standard Library" for JavaScript, the "web", and fullstack web apps.
OSS ecosystem is sometimes so very "Down and out in the magic Kingdom" adhocracy like. Shame we haven't got the rest of the Bitchun' society's perks. :) hahaha!
SQLite won't accept contributions from outside the core team; joining the core team is an involved process, as they're taking extreme measures to ensure it will continue to be recognised as a work in public domain in as many jurisdictions as humanly possible. You can still support the project by paying them for their work (or by getting your employer to do so):
My understanding was that you could absolutely contribute without joining the core team, but you do need to file some paperwork to ensure that code can remain in the public domain. The need for the legal paperwork is that public domain is not a thing in multiple countries.
TL;DR: they have a company that legally employs every single co-author, to be able to sell you a Warranty of Title, just in case your company/jurisdiction/etc has a problem with public domain.
Starting in ~2008, the ones marked 'maint' and 'all' touch multiple files and don't appear to make substantive changes to e.g. cat. Since that categorization started, only 10 of the changes have been specific to cat.
To be fair, there are a lot of commits that just update copyright years or documentation. IMHO that's just regular housekeeping and cannot mean that cat was not "done" in first place.
Absent any changes in a year, the copyright year shouldn't be updated. Otherwise what you're claiming is that the copyright term starts from a date after creation of the content, so it's getting artificially extended.
The change in question isn’t about going from “Copyright (C) 2023” to “Copyright (C) 2024” but from “Copyright (C) 1998-2023” to “Copyright (C) 1998-2024”. Thus your case doesn’t apply, it’s not confusing. What I’m saying is that as far as I understand, having “Copyright (C) 1998” and not changing it would suffice.
Yes, I read your comment as saying that having the starting year and changing it every year would be sufficient. Which it isn't, but I've seen it often enough elsewhere that it's worth calling out.
This is a good answer. Especially in the light of the 2021 drama and the maintainer's benevolent dictator status. What happens when the community disagrees with a benevolent dictator's decision?
It would probably be easier to enumerate the small number of projects which have a larger amount of maintainers. I think the vast majority only have a few maintainers.
No payment, not a hobby, very little passion, doing it because the public needs it. (And possibly got started because, damn it, somebody had to write it / take over maintenance.)
Oh yes, I'm sure there are. I maintain a few; none are ultra-popular but some are kind-of-popular. And I am sure that others have had this sentiment before and wrote something which others now rely on, without being particularly passionate about continued development of that thing. And it becomes like a chore which you know is important to many people rather than just one or two.
I don't have something nearly as popular as these other projects; but if you have a popular project, a potential employer might offer work hours for it to get you as an employee.
Further, as a contributor of some now popular projects with one other maintainer, I can say that I mostly do it for fun. My current employer gives zero-fucks about it but if a new employer were to use it to woo me away, I would jump in a heartbeat.
My employment contract specifically allows me to keep any rights that I do on my own time and equipment that doesn't compete in certain areas -- and enumerates those industries.
Note that the situation will not be much better for closed sourced projects.
Sure, your vendor will probably fix bugs, but it may take some time until they find someone who has any knowledge of that codebase and survived last week's reshuffle, the re-org in spring and last year's buyout.
I don't know that it is better for closed source projects, but regardless open source has an escape hatch closed source doesn't. If something goes wrong, you can maintain it yourself, or fork it.
I've done it myself.
That one property along is enough if you want longevity, open source is always a safer bet than closed source.
In my case, I guess it extended the projects life by another 20 years.
(By the way, unzip is arguably not feature complete. The ZIP spec has been updated multiple times since 2009, with the notable addition of the Zstandard compression method, among other things https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT)
> It is stable and in use by distinguished frameworks and tools such as Mockito, Hibernate , Jackson, Google's Bazel build system and many others. Byte Buddy is also used by a large number of commercial products to great result. It is currently downloaded over 75 million times a year.
If you really want to dwelve into this, while the applications have plenty of cases let's not forget the underlying libraries that "everyone" depends on.
JSON Schema is the industry standard schema language for JSON, used by big players like OpenAPI and by an insanely high number of APIs and products out there.
The TSC core team stays at ~6 people (I'm one of them)
Good list. Sometimes the easiest way to contribute is to just donate some money, so that the existing maintainers can continue to focus on their work. OpenBSD is the "mothership" project for both OpenSSH and LibreSSL: https://www.openbsd.org/donations.html
Unfortunately I couldn't find any information on how to donate to these projects:
e2fsprogs (https://github.com/tytso/e2fsprogs) is a widely-used utility suite for creating, maintaining, and repairing ext2, ext3, and ext4 filesystems
There are many, people doing (good, valuable) things on PHP, however active people with deep understanding of the engine can be counted on less than a hand. (I contributed some small things to the engine and other parts in the past)
People ask this question a lot in academia. The system just about incentivizes creating dupliware and/or abandonware that is critical to a domain, field, or niche, so there is tons of it (there is also A LOT of very good stable software, but ignoring this for now). This makes it very difficult for new parties to find open source software they can rely on, for funders to determine what software to support, for institutions to track their contributions, etc.
I am working on a project solving for this specific question (and many others), across the open source and open science ecosystems, starting with open source research software but ultimately intends to touch the whole space. Among other things, we want to take continuous measurements of the health of open source projects, the use of open source projects, the perception of open source projects, the "impact of open source projects", and the needs of open source projects. We are combining data collection with stigmergic markers and eventual webs of trust.
It is incubated by NumFOCUS, and includes collaborations from across the academic industry.
Bringing it here for your thoughts.
The project is called "The Map of Open Source Science" (MOSS) and is built on the "Simply Omniscient Layer" (SOL). It is essentially an omniscient open permissionless graph database of the digital knowledge and research ecosystems, as well as a corresponding visualization (eventually people will be able to build their own visualizations interfacing with SOL).
"MOSS is a comprehensive, composable, interactive map of the digital knowledge and research ecosystems. We identify connections between open source research software projects, research papers, organizations, patents, datasets, funding pathways, AI models and applications, and the people who drive it all.
The MOSS proof of concept so far demonstrates nine use-cases:
Identify relevant tools for your research
Showcase the impact and connections of the people that make and maintain open source research tools
Showcase the impact and connections of the organizations that build, support, and fund development of open source research tools
Showcase the impact and connections of open source research tools
Identify gaps in open source research tooling
Navigate repetition of open source research tool features
Identify, prevent, and reinvigorate abandoned open source research tools
Streamline the grant submission and review process
Navigate security flaw identification - who to contact, what downstream tools are effected, what alternative tools exist"
People used to fight for upstream factories to return the water they used clean to the river. It was an ecologist's fight.
Now corporations do projects with 5 or more zeroes in budget and a high percentage of the code is free software or open source. And they give 0 back to free or open projects that they parasite.
Many of the core library and tools are mostly finished and have very little yearly activity. How many maintainers does a project have if the last activity was one or two commits made or maybe just merged by one maintainer 3 years ago, and few more 5 years ago. Does it count as 2 maintainers, 1 maintainer, 0 maintainers? Does the "maintainer" from 5 years ago still have commit permission and how likely are they to get involved if some merge requests show up.
Even for active projects it's very common for 90% of work being done by one main maintainer.