Slashdot Mirror
Contributing To a Project With a Reclusive Maintainer?
zerointeger writes "I am still fairly new to programming in C, but I was asked to extend an open source authentication module by my employer. The project is complete, testing has been done and it works as designed. The extension/patch I have created is fairly robust, as it includes configuration options, help files, and several additional files. The problem is that I have been unable to make contact with the current maintainer about having this feature added. I think the only reason I'd like to see this included is to prevent any patching of later revisions. A few others I have spoken with agree that the patch would benefit administrators attempting to push Linux onto the desktop, as we have done at the University that employs me. Has anyone else submitted patches/extensions to what seems to be a black hole?"
It's open source, so fork it and become the maintainer of the new version. When yours becomes more popular you will be famous, get offered large consulting fees, be able to afford blackjack and hookers, etc.
Sometimes OSS is a lot like butch lesbians. Take your question, for example:
Has anyone else submitted extensions to what seems to be a black hole?
Yes, sometimes a strap-on is precisely what is needed to fill a black hole.
But I digress.
What is the specific project you're fixing up? Is it fairly frequently updated by the maintainer?
That is really the point I think you need to figure out. If the maintainer has disappeared and does not update the package, then there's really no point in involving that person at all. He isn't the maintainer; you are. The only problem is, as you pointed out, if the package is updated and your patches aren't included, you'll need to provide patch updates to any of your users.
However, that said, what is more important to you? This package or your time? You don't work for the project, you work for your employers. Release this patch to whomever you like and give them the source. There's no reason you need to kill yourself trying to keep it updated if it works great for you now on the project version you targeted.
If its patches is applicapple to Linux, try to send to some of the Linux Distributions. They usually have good contacts to the upstream maintainers, and even if they have not, have ways to record some changes and share them.
(And that is where people that may take over upstream also most likely will look for patches)
Since your employer paid you to create the patch, and since your employer will save money by not having you maintain a fork indefinitely, you should lure the maintainer with the strongest argument of all: money, paid by your boss.
talk to the package maintainers of a couple of distributions instead. packages.debian.org packages.ubuntu.com etc. should help you find the maintainers email addresses.
Either the official maintainer has lost interest, in which case you can simply fork the project, or
I am still fairly new to programming in C (...)
...University that employs me...
He looked at your code, and decided that some noob at a university wasn't worth flaming. This is a fairly common attitude among open source projects. You'll quickly develop a very thick skin.
Publish the patches on the project mailing list, forum, or on your own website or blog. The most important thing is to get the patches out there. That will open it up to peer review and discussion. From there you have the possibility of linux distros picking up the patch and using it. Eventually the project may pick up your patches. A fork would be a last resort.
Personally, I'd try to contact the current maintainer, if any, first. Failing that, you could take over maintainership, fork the project, or simply publish your patches and update them as you would likely anyway. If you promise to maintain your patches people will expect you to do so, so you should be careful as to what you promise. Of course, unmaintained patches are much less attractive for others to use than fully integrated and supported ones.
List your options, choose wisely. Acquiring butch lesbians optional.
I saw you wrote this:
Your definition seems to mean "complete" or something along those lines. However in actual industry usage, robustness is a measure of software quality as tested. You may be providing a lot of configuration options, help files, and several additional files (what does this mean?), but are you providing well-tested, exception-proof code?
What is your test matrix like? What is the MTTF among your users? How many users are actually using it?
The patch you provide can be the most beautiful set of files ever created, but if the maintainer needs to fix all the bugs you created because you didn't test anything except the most obvious cases, then you aren't helping.
Something to keep in mind as you graduate from university programming to actual industry programming.
... tty layer was it?
Welcome to the OSS world, where maintainers disappear off the face of the earth, "unfun" parts never get updated, and projects die out to leave only stale Sourceforge pages dating back years.
Are you saying that mail to the maintainer remains totally unanswered? Is there any activity on the mailing list? Or are you saying that the maintainer is simply not responding to your request to include your particular patch?
I maintain several open source projects, and there are many reasons why I might not include a patch: I may not understand it, I may not want to maintain it, it may break other features, it may conflict with future changes, it may violate the coding standards, the license may be unclear or incompatible, the patch may have been generated incorrectly, etc.
I think Launchpad actually has one of the best systems for dealing with this because it allows anybody to submit patches and new versions and the community can vote on and select patches.
Use something like git and maintain your changes in your branch which you can push to e.g. github (substitute hg and bitbucket where appropriate). You'll have the added benefit of easy merging with upstream.
We ended up forking - mawstats.
Deliberations over whether to fork jawstats was a hard one. The extension was part of a project done for a client of ours. We ended up deciding that we did everything we could to contact upstream, and it was either fork or keep things to ourselves. Luckily, the client (who is the one paying the actual money :-) agreed, and this is the result.
If you have no choice, then you have no choice.
Shachar
FOSS has no way to deal with a project's sole maintainer dieing. Especially if the maintainer uses a pseudonym on the web. If the maintainer has a real name, try to get a hold of him via phone directories, etc.
If you can't get a hold of him after a reasonable effort, certainly fork the code.
The main issue then becomes, when can a new maintainer take the trademark/name of the old project without expressed permission of someone who cannot be reached in a reasonable time period and may be dead?
Help! I'm a slashdot refugee.
If the maintainer is French, don't expect an answer untill september 1st,
Seriously, if the current maintainer (in name only - sounds like he/she's lost interest, or to use the modern euphemism, is "too busy"), can't be bothered to fulfill their responsibilities the project should be taken away from them.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
the project should be taken away from them
No need to be uncivilized about it. There should be a ceremony, with flags and banners and trumpets and horses. The bold new developer's name should be announced with accompanying fanfare, and he shall kneel in front of the wizened author (who should have put out his cigarette before these solemn rites). The sword edges should be dull, lest angry words from jealous unrecognized forkers be heard and needless violence ensue. I should stop now before this starts affecting my English henceforth
WARNING: Smartphones have side effects--most of them undocumented.
I'm the creator/developer/maintainer of a lot of OpenSource projects and sometimes you just can't seem to keep up or you find that life outside of OpenSource keeps dragging you away from getting around to applying patches.
To be fair a lot of the patches I receive are very minor and could be applied in seconds as well as verified but then there's also the whole update announcements process and all the documentation changes too. After a while you find you get to spend a couple of hours every 3 months on a project where you cobble together all the patches, sort out the docs and lump-release it. Yes, it's a bad way of doing things but often when the code is a decade old there's not a lot of compelling drive behind maintaining things at a prompt rate... .especially when you're already scratching to keep up with all the bills and other "real life" things (partners, cars, social comittments blah blah blah).
Anyhow, don't take it personally, just send another message periodically and eventually the maintainer will either snap or something. . . .a lot of us simply forget, yes, it's as simple as... now where did I put my coffee? :)
I've lived a similar story a while back. I was using a perl module from CPAN for a customer project. During the implementation I found some bugs/limitations. After getting in contact with the maintainer he sent me some patches to fix my problems. I used those and my project went into production.
A couple of years later we did migrate the application to a new server and I reinstalled the perl modules from CPAN. I found that the patches I got never made it to the CPAN repository. I still got the original patches and used those to get my project shipshape again.
In parallel I tried to get in contact with the original maintainer, but I never got a reply. It looked like he dropped off the planet. After a while I applied for co-maintainer status of the module on CPAN. This was granted when I could plausibly demonstrate that I tried to talk to the original maintainer. Since then I'm now the 'official' maintainer of the module and do integrate patches and help users.
We don't know about your modul en and its infrastructure (homepage., mailing list, etc.). Perl modules live on CPAN, so it is a good start to start there. You'll have to see where your program lives and go from there.
Markus
There were several cases in the past where I tried this. I cannot recall a single time where offering money brought back from the dead an otherwise MIA maintainer.
The theory is solid, but I have never managed to see it work in practice. Perhaps their spam filter ate my "I WANT TO PAY YOU MONEY" email.....
I don't think he's already forked it. He has a privately held altered copy, and possibly makes the source available somewhere.
"fork it" implies you might have a different app name, hosted separately (even if "separately" just means a different zip file). In other words, not just changes the code. Forking implies becoming the new maintainer and setting up a way for users to get feedback to you instead of the original fork.
Of course, it's much easier to just get it included "upstream". If the base maintainer doesn't want people making mass changes to the code for whatever reason you got no choice.
and politicians who don't represent the will of the people after the election should be impeached, disbarred ... ... ... .... ...
and companies who sign a contract and then go broke should still pay and fullfill the contract
and orphans should never get cancer
and all programs should be open source
and I should get paid for this
and
sorry - just getting frustrations out
I used to open-source everything I do. No more. My current project is closed-source (but free) application. While there are quite a few users, very few butt in with "extensions" that they feel absolutely must be there. No forking either - you don't get to take the results of my work, add a few things and distribute, creating confusion and incompatibility, which lead users to other products all together and hurt me (I don't care about the other guy). Don't like my design? Write your own damn product, it is a free country and you have access to gcc and vi :) just like I do.
Incidentally, in my experience with open-source projects significant majority of user response email consisted "feature requests", usually written in demanding "you owe it to me" key. Now with a closed-source application, no such thing and quite a bit of feedback begins with "thank you for the great product" :) Now that's good motivation, and it keeps me working.
We are involved in a similar effort to add features to mod_auth_cas. While the project maintainer is far from unresponsive, it's clear he has other responsibilities and attends to the project as time allows. We are making demonstrable progress toward having our features merged into the project, but the process has taken longer than anticipated. What has worked for us:
- Be Professional
We followed the recommended procedure for submitting the patch, have been responsive in addressing questions, and have tweaked the patch when asked. Throughout we've maintained an attitude of humility, which makes friends and influences people.
- Be Patient
Provide adequate time for your submission to be evaluated. Like so many open source projects, the maintainer probably handles the project in his "spare" time.
- Be Assertive
Inquire about the status of your submission regularly via communication channels the project provides. The frequency of your inquiries should be reasonable; nags are easily dismissed. Inquiries that express a sincere willingness to be part of the solution are particularly effective. Also, you may consider contacting other folks personally that may have influence upon the project. If you can't get the maintainer's attention, maybe you can get the attention of a trusted colleague who will encourage the maintainer to take a look. I believe this point in particular was helpful in getting our patch reviewed and acted upon.
Good luck. From a cursory review of your project goals, it sounds like your contributions would be sincerely valuable for pam_krb5. I'm pretty sure we could make use of it at our University.
M
What are you a Windows programmer? I have never heard of Software having a "Mean Time To Failure" but then I am more of an Administrator and haven't done much QA.
The Python world suffers badly from this problem. There are many add-on modules for Python that are written in C. The interfaces for databases, SSL sockets, and similar things one needs for basic web applications are third-party modules in Python. In most cases, the module has one maintainer.
The C API for Python changes with each release of Python, and modules have to be updated and rebuilt for each platform. This process lags years behind Python releases. Often, the needed changes are minor, but short of forking and taking over maintenance of the module, there's no way to get them done fast.
There have been amusing moments. At one point, the maintenance organization for a module used in business applications was a World of Warcraft guild. At least they got stuff done.
People get busy in their real lives, and open source projects are usually a low priority next to putting food on the table, trying to get laid etc. Another problem is the paucity of good developers involved in open source projects relative to the number of people using them. There is a definite learning curve in these languages. I have been working with C language for 20 years now (initially making small programs to make C programs compile on my particular OS) and on some level I still don't really understand pointers and memory - in fact I know I don't because I missed those questions on a recent examination.
Some people have been saying to fork it, but then you have to take on the burden of all of that. I would say definitely think before doing a fork, are there enough developer man-hours (person-hours) out there, including myself, over the next several years that will work on this project that will make a fork necessary? You don't want to fork a dead-end project into something that's just going to become another dead-end project. On the other hand, if there's a multi-year commitment from yourself (and maybe others) and the maintainer has disappeared completely for weeks and months on end, then maybe a fork is in order.
First, its important to decide if the project is active or not.
Commits to its version control system is good indicator of that. No commits for several months means its quite dead. Then forking/trying to take over the project(SF supports a procedure like that IIRC, I dont know about others) is only option. Taking over usually means getting contact with the original maintainer and that may fail, leaving only forking.
If the project is active there simply might not be enough developers to review the patch or adjust it if the review demands it. Or your patch may have issues that make reviewing it complicated. Often patches are submitted against a version long behind the development version and don't really apply any more.
For an active project there usually is one place where developers converge, often IRC or mail list. Finding that place and posting your patches along with willingness to improve it(sometimes its as simple as patch format) to meet the maintainers demands usually results in an easy merge.
Sometimes however, the extension/feature is not desired by maintainers and you will be told so and you would have to fork.
The best way to do such things is to contact the maintainer when you start developing your extension. It pretty much guarantees a merge at the end.