Developer Fatigue
Norbert Preining: Future of “my” packages in Debian
After having been (again) demoted (timed perfectly to my round birthday!) based on flimsy arguments, I have been forced to rethink the level of contribution I want to do for Debian. Considering in particular that I have switched my main desktop to dual-boot into Arch Linux (all on the same btrfs fs with subvolumes, great!) and have run Arch now for several days exclusively, I think it is time to review the packages I am somehow responsible for (full list of packages).
After about 20 years in Debian, time to send off quite some stuff that has accumulated over time.
KDE/Plasma, frameworks, Gears, and related packages
All these packages are group maintained, so there is not much to worry about. Furthermore, a few new faces have joined the team and are actively working on the packages, although mostly on Qt6. I guess that with me not taking action, frameworks, gears, and plasma will fall back over time (frameworks: Debian 5.88 versus current 5.90, gears: Debian 21.08 versus current 21.12, plasma uptodate at the moment).
With respect to my packages on OBS, they will probably also go stale over time. Using Arch nowadays I lack the development tools necessary to build Debian packages, and above all, the motivation.
I am sorry for all those who have learned to rely on my OBS packages over the last years, bringing modern and uptodate KDE/Plasma to Debian/stable, please direct your complaints at the responsible entities in Debian.
-
Open source maintainer threatens to throw in the towel if companies won't ante up
Yet another developer of open source software has tired of companies utilizing the code he helps maintain without giving anything back to support the project.
On Tuesday, Christofer Dutz, creator of Apache PLC4X, said he will stop providing community support for the software if corporate users fail to step up and open their wallets.
[...]
"This is my final attempt," he wrote. "If this also doesn’t help with getting at least some form of financial attribution for my hard work, I will close down my business and there will be no further form of support from my side."
This lack of financial support is particularly remarkable given his claims about the potential value that can be accrued by running Apache PLC4X. In a previous blog post he describes prototyping a data collection system using the software that would have saved the unnamed customer €20m.
-
Open Source Sabotage Incident Hits Software Supply Chain | eSecurityPlanet
An astonishing incident in recent days highlights the risks of widespread dependence on open source software – while also highlighting the free labor corporations benefit from by using open source software.
Marak Squires, an open source coder and maintainer, sabotaged his repository to protest against unpaid work and his failed attempts to monetize faker.js and color.js, two major NPM packages used by a huge range of other packages and projects.
The software industry relies on various interdependent ecosystems and resources. This incident shows a well-known and unsolved issue for the software supply chain: the dependency hell. It’s especially true in the world of Nodes.js and JavaScript, but it’s also a common concern with open source software in general.
Hackers try to infect legitimate apps during a supply chain attack to distribute malware. In the case of faker.js and color.js, we have a pretty rare variant that leverages the highest privileged access.
-
When open-source developers go bad | ZDNet
Chances are unless you're a JavaScript programmer, you've never heard of the open-source Javascript libraries 'colors.js' and 'faker.js." They're simple programs that respectively let you use colored text on your node.js, a popular JavaScript runtime, console, and create fake data for testing. Faker.js is used with more than 2,500 other Node Package Manager (NPM) programs and is downloaded 2.4 million times per week. Colors.js is built into almost 19,000 other NPM packages and is downloaded 23 million times a week. In short, they're everywhere. And, when their creator, JavaScript developer Marak Squires, fouled them up, tens of thousands of JavaScript programs blew up.
-
