Contributing To a Project With a Reclusive Maintainer?

zerointeger writes "I am still fairly new to programming in C, but I was asked to extend an open source authentication module by my employer. The project is complete, testing has been done and it works as designed. The extension/patch I have created is fairly robust, as it includes configuration options, help files, and several additional files. The problem is that I have been unable to make contact with the current maintainer about having this feature added. I think the only reason I'd like to see this included is to prevent any patching of later revisions. A few others I have spoken with agree that the patch would benefit administrators attempting to push Linux onto the desktop, as we have done at the University that employs me. Has anyone else submitted patches/extensions to what seems to be a black hole?"

Fork it!

It's open source, so fork it and become the maintainer of the new version. When yours becomes more popular you will be famous, get offered large consulting fees, be able to afford blackjack and hookers, etc.

Re:Fork it!

[petermgreen]

While forking is an option it can be a lot of work for little reward if noone picks up on your fork.

I'd say the first thing to do is try to figure out the following (some of theese will probablly overlap in thier answers)

1: Why is the maintainer not responding? is it because they dont like your patches, because they are overworked or simply because they are no longer involved in the project at all
2: are other users of the project experiancing similar problems.
3: is the project included with major linux distros (debian, fedora, suse etc) and if so what are they doing.
4: when was the last upstream release and does it look like there will ever be another one.

If you do fork you don't want to do it alone, if at all possible you want to get the distros and as much of the userbase on side as you can first.

Re:Fork it!

[wigaloo]

Another reason why the maintainer might not be responding: It's August, and people are on vacation and otherwise doing family-related stuff. Most open-source projects are done as a hobby, and in general August is a terrible time to submit patches to these kinds of projects. Wait until September and try again.

Re:Fork it!

[Directrix1]

Or you can upload it to a website, or the wiki if the project has one. Just make sure people understand what project it is useful with. I wouldn't fork immediately. Forking should be something you do as a last result because you feel you definitely need to take the project in a different direction (or a direction at all). BTW, why don't you mention what the actual project is?

Extensions and black holes

[BadAnalogyGuy]

Sometimes OSS is a lot like butch lesbians. Take your question, for example:
Has anyone else submitted extensions to what seems to be a black hole?
Yes, sometimes a strap-on is precisely what is needed to fill a black hole.

But I digress.

What is the specific project you're fixing up? Is it fairly frequently updated by the maintainer?

That is really the point I think you need to figure out. If the maintainer has disappeared and does not update the package, then there's really no point in involving that person at all. He isn't the maintainer; you are. The only problem is, as you pointed out, if the package is updated and your patches aren't included, you'll need to provide patch updates to any of your users.

However, that said, what is more important to you? This package or your time? You don't work for the project, you work for your employers. Release this patch to whomever you like and give them the source. There's no reason you need to kill yourself trying to keep it updated if it works great for you now on the project version you targeted.

Re:Extensions and black holes

[WillDraven]

What is the specific project you're fixing up?

Not to mention you're asking slashdot. Somebody here could know the guy who maintains it, or at least know somebody who mentioned to them that he got hit by a bus.

Try sending to some distribution

If its patches is applicapple to Linux, try to send to some of the Linux Distributions. They usually have good contacts to the upstream maintainers, and even if they have not, have ways to record some changes and share them.

(And that is where people that may take over upstream also most likely will look for patches)

Money makes the world go round

[Bananenrepublik]

Since your employer paid you to create the patch, and since your employer will save money by not having you maintain a fork indefinitely, you should lure the maintainer with the strongest argument of all: money, paid by your boss.

contact the package maintainer instead

[quitte]

talk to the package maintainers of a couple of distributions instead. packages.debian.org packages.ubuntu.com etc. should help you find the maintainers email addresses.

Just fork it

Either the official maintainer has lost interest, in which case you can simply fork the project, or

I am still fairly new to programming in C (...)
...University that employs me...

He looked at your code, and decided that some noob at a university wasn't worth flaming. This is a fairly common attitude among open source projects. You'll quickly develop a very thick skin.

Re:Just fork it

[TheRaven64]

Same here. One of our most active developers now was a complete n00b when he joined the project. I recently committed a big chunk of code to one of our core libraries written by someone who was a bit of a n00b. That took three rounds of code review, but at the end we got some really nice code and he became a lot less of a n00b, so everyone was happy. I could have written the code myself, but since there had been a TODO comment in the file that I added two years ago telling me to, it was probably not something I would have done for a long time.

Publish patches

[KarlH420]

Publish the patches on the project mailing list, forum, or on your own website or blog. The most important thing is to get the patches out there. That will open it up to peer review and discussion. From there you have the possibility of linux distros picking up the patch and using it. Eventually the project may pick up your patches. A fork would be a last resort.

Re:Publish patches

[TheRaven64]

Exactly. A lot of people have suggested a fork, which implies that they didn't read the question. The submitter already has a fork, maintained by his company (well, most likely just him). He wants to avoid the cost of maintaining a fork by getting his changes merged upstream. Unfortunately, he didn't give enough information for us to give the right answer.

Is the maintainer replying to other mails on the list and just ignoring this patch? Presumably he already sent the patch to the list, or there would be no way of getting it accepted (an email with attachments from someone who is not an existing correspondent is likely to be blocked as spam). Are other people on the list interested? Do any of them have commit access?

If other committers like it, then get one of them to commit it; the maintainer, if he wakes up, can always revert it. If no one else has commit access, are other people active contributors? How do they get their patches accepted? If the maintainer isn't replying to them either, then maybe he can persuade some of them to maintain a fork and accept his patch.

If the maintainer is awake and alive but just doesn't like his patch, then his best bet is to make a simpler version that exposes some public interfaces that allow extensions like his to work and to publish his code as an unsupported plugin.

What is your definition of "robust"?

[BadAnalogyGuy]

I saw you wrote this:

The extension/patch I have created is fairly robust, as it includes configuration options, help files, and several additional files.

Your definition seems to mean "complete" or something along those lines. However in actual industry usage, robustness is a measure of software quality as tested. You may be providing a lot of configuration options, help files, and several additional files (what does this mean?), but are you providing well-tested, exception-proof code?

What is your test matrix like? What is the MTTF among your users? How many users are actually using it?

The patch you provide can be the most beautiful set of files ever created, but if the maintainer needs to fix all the bugs you created because you didn't test anything except the most obvious cases, then you aren't helping.

Something to keep in mind as you graduate from university programming to actual industry programming.

This wasn't something to do with the ...

[kevingolding2001]

... tty layer was it?

Welcome to the world of OSS

Welcome to the OSS world, where maintainers disappear off the face of the earth, "unfun" parts never get updated, and projects die out to leave only stale Sourceforge pages dating back years.

Re:Welcome to the world of OSS

[characterZer0]

Better than a programmer disappearing off the face of the earth leaving code he wrote on a workstation backup in a closet somewhere, were it will never be able to be used by anybody else.

Re:Welcome to the world of OSS

[some-old-geek]

My confidence brimmeth over.

Re:Welcome to the world of OSS

[HeronBlademaster]

You know... you can request a takeover of defunct Sourceforge projects...

Re:Welcome to the world of OSS

[Pharmboy]

What happens if SourceForge goes under?

You will hear about it here first. And by hear about it, I mean /. will disappear, since they are owned by the same company. Just to be safe, I think we all need to do a little:

wget -m -p www.sourceforge.org

and maybe add it to cron.daily, to be extra safe. ;)

Fork it.

[imbaczek]

Use something like git and maintain your changes in your branch which you can push to e.g. github (substitute hg and bitbucket where appropriate). You'll have the added benefit of easy merging with upstream.

Yes, it happend to us

[Sun]

We ended up forking - mawstats.

Deliberations over whether to fork jawstats was a hard one. The extension was part of a project done for a client of ours. We ended up deciding that we did everything we could to contact upstream, and it was either fork or keep things to ourselves. Luckily, the client (who is the one paying the actual money :-) agreed, and this is the result.

If you have no choice, then you have no choice.

Shachar

Death.

[MMC+Monster]

FOSS has no way to deal with a project's sole maintainer dieing. Especially if the maintainer uses a pseudonym on the web. If the maintainer has a real name, try to get a hold of him via phone directories, etc.

If you can't get a hold of him after a reasonable effort, certainly fork the code.

The main issue then becomes, when can a new maintainer take the trademark/name of the old project without expressed permission of someone who cannot be reached in a reasonable time period and may be dead?

Re:Death.

[adamkennedy]

> FOSS has no way to deal with a project's sole maintainer dieing

Perl does.

As usual CPAN has a long-established and regularly used method for dealing with issues like this. There's a process of handing off namespace control to new maintainers when previous maintainers go silent or die. With 7000 developers in the system, our experience is that a few dozen are going to die every year (although I imagine this will slowly increase as the median age creeps upwards).

In practice, we tend to see one significant case of death or death-like symptoms a year that requires a little more hand-holding to do proper module hand-off.

In the last few years, we've lost the maintainer of Perl's Tk bindings, a significant DateTime contributor, and a few years ago one of the largest CPAN authors quit programming to become a missionary in Japan and asked for new maintainers for all his work (that would be the "death-like symptoms" part).

Holidays

If the maintainer is French, don't expect an answer untill september 1st,

Re:Fork it! - not funny

[Provocateur]

the project should be taken away from them

No need to be uncivilized about it. There should be a ceremony, with flags and banners and trumpets and horses. The bold new developer's name should be announced with accompanying fanfare, and he shall kneel in front of the wizened author (who should have put out his cigarette before these solemn rites). The sword edges should be dull, lest angry words from jealous unrecognized forkers be heard and needless violence ensue. I should stop now before this starts affecting my English henceforth

My project, my blackhole.

[inflex]

I'm the creator/developer/maintainer of a lot of OpenSource projects and sometimes you just can't seem to keep up or you find that life outside of OpenSource keeps dragging you away from getting around to applying patches.

To be fair a lot of the patches I receive are very minor and could be applied in seconds as well as verified but then there's also the whole update announcements process and all the documentation changes too. After a while you find you get to spend a couple of hours every 3 months on a project where you cobble together all the patches, sort out the docs and lump-release it. Yes, it's a bad way of doing things but often when the code is a decade old there's not a lot of compelling drive behind maintaining things at a prompt rate... .especially when you're already scratching to keep up with all the bills and other "real life" things (partners, cars, social comittments blah blah blah).

Anyhow, don't take it personally, just send another message periodically and eventually the maintainer will either snap or something. . . .a lot of us simply forget, yes, it's as simple as... now where did I put my coffee? :)

Similar Story

[markus_baertschi]

I've lived a similar story a while back. I was using a perl module from CPAN for a customer project. During the implementation I found some bugs/limitations. After getting in contact with the maintainer he sent me some patches to fix my problems. I used those and my project went into production.

A couple of years later we did migrate the application to a new server and I reinstalled the perl modules from CPAN. I found that the patches I got never made it to the CPAN repository. I still got the original patches and used those to get my project shipshape again.

In parallel I tried to get in contact with the original maintainer, but I never got a reply. It looked like he dropped off the planet. After a while I applied for co-maintainer status of the module on CPAN. This was granted when I could plausibly demonstrate that I tried to talk to the original maintainer. Since then I'm now the 'official' maintainer of the module and do integrate patches and help users.

We don't know about your modul en and its infrastructure (homepage., mailing list, etc.). Perl modules live on CPAN, so it is a good start to start there. You'll have to see where your program lives and go from there.

Markus

Never worked for me in the past

[Sun]

There were several cases in the past where I tried this. I cannot recall a single time where offering money brought back from the dead an otherwise MIA maintainer.

The theory is solid, but I have never managed to see it work in practice. Perhaps their spam filter ate my "I WANT TO PAY YOU MONEY" email.....

Yes and ...

[OeLeWaPpErKe]

and politicians who don't represent the will of the people after the election should be impeached, disbarred ...
and companies who sign a contract and then go broke should still pay and fullfill the contract ...
and orphans should never get cancer ...
and all programs should be open source ....
and I should get paid for this
and ...

sorry - just getting frustrations out

This is why I no longer open-source my projects

[ugen]

I used to open-source everything I do. No more. My current project is closed-source (but free) application. While there are quite a few users, very few butt in with "extensions" that they feel absolutely must be there. No forking either - you don't get to take the results of my work, add a few things and distribute, creating confusion and incompatibility, which lead users to other products all together and hurt me (I don't care about the other guy). Don't like my design? Write your own damn product, it is a free country and you have access to gcc and vi :) just like I do.

Incidentally, in my experience with open-source projects significant majority of user response email consisted "feature requests", usually written in demanding "you owe it to me" key. Now with a closed-source application, no such thing and quite a bit of feedback begins with "thank you for the great product" :) Now that's good motivation, and it keeps me working.

Re:This is why I no longer open-source my projects

[Abcd1234]

I used to open-source everything I do. No more. My current project is closed-source (but free) application. While there are quite a few users, very few butt in with "extensions" that they feel absolutely must be there.

Great, so in a case like this, where a user created valuable new functionality, you wouldn't benefit. Instead, you'd be stuck doing the work, or refusing to do so, in which case you'd lose a customer who'd be forced to move to a different product, instead.

Basically, rather than ignoring useful patches, you now have to ignore users requesting useful features, who then just move on when you say 'no'. Yeah... that's much better.

No forking either - you don't get to take the results of my work, add a few things and distribute, creating confusion and incompatibility, which lead users to other products all together and hurt me (I don't care about the other guy).

How is that a product of being OSS? The issue, here, is very simple: a maintainer that's either non-responsive or MIA. If the maintainer were responsive, the changes would be added to the existing product, and everyone would be happy: the originator wouldn't have to maintain a separate tree, the maintainer wouldn't have to write the code themselves, and the other users would benefit.

In fact, in this particular case, closing the source only does one thing: fucks the customer, as they're now forced to find something else, since they can't just take the code and alter it as they see fit.

Now with a closed-source application, no such thing and quite a bit of feedback begins with "thank you for the great product"

I'm sorry, but I have to call "bullshit", here. Whether or not you get feature requests has absolutely *nothing* to do with the license the source code is under. Either way, you have users with ideas about how the product should work. The only difference is that, in the case of closed source, the user can't just contribute code back to you. Instead, they have to wait for you to decide their idea is worth implementing (and then live with whatever implementation you come up with). That sounds like a lose-lose proposition to me.

Re:This is why I no longer open-source my projects

[Abcd1234]

You seem actively bitter about the possibility of forks while explicitly choosing a license that not only allows them, but makes it so simple that it basically encourages them.

Actually, I think it goes deeper than that.

Most people don't *want* to fork projects. Your average contributor is a career developer who's probably being paid to do something else entirely, and only contributed to the project because they needed some functionality to get their job done. Alternatively, they're hobbyists, in which case taking on the responsibility of maintaining a fork isn't something most people are interested in.

Instead, the reason forks happen is because the maintainer is, for some reason, hostile to the wishes of some not-insubstantial portion of their user base. In this particular case, it appears the OP is actively *annoyed* by people requesting features. Well, big surprise that, in such a situation, people are likely to fork your codebase: given the option between maintaining your own fork or dealing with a hostile maintainer, forking is obviously the best solution. And so the OP, rather than, say, being less hostile to and more cooperative with his user base, chose to simply take his ball and go home.

Fundamentally, it's an attitude problem: some people see software development, and OSS in general, as a collaborative process, and enjoy working with others, accepting contributions, etc. Others, however, see users and potential contributors as a nuisance and something to avoid. Big surprise if the latter group choose to obviate OSS in favour of a closed development model.

Be Professional, Patient, Assertive

[desertcrevasse]

We are involved in a similar effort to add features to mod_auth_cas. While the project maintainer is far from unresponsive, it's clear he has other responsibilities and attends to the project as time allows. We are making demonstrable progress toward having our features merged into the project, but the process has taken longer than anticipated. What has worked for us:

- Be Professional
We followed the recommended procedure for submitting the patch, have been responsive in addressing questions, and have tweaked the patch when asked. Throughout we've maintained an attitude of humility, which makes friends and influences people.

- Be Patient
Provide adequate time for your submission to be evaluated. Like so many open source projects, the maintainer probably handles the project in his "spare" time.

- Be Assertive
Inquire about the status of your submission regularly via communication channels the project provides. The frequency of your inquiries should be reasonable; nags are easily dismissed. Inquiries that express a sincere willingness to be part of the solution are particularly effective. Also, you may consider contacting other folks personally that may have influence upon the project. If you can't get the maintainer's attention, maybe you can get the attention of a trusted colleague who will encourage the maintainer to take a look. I believe this point in particular was helpful in getting our patch reviewed and acted upon.

Good luck. From a cursory review of your project goals, it sounds like your contributions would be sincerely valuable for pam_krb5. I'm pretty sure we could make use of it at our University.

M

MTTF

[codeguy007]

What are you a Windows programmer? I have never heard of Software having a "Mean Time To Failure" but then I am more of an Administrator and haven't done much QA.

This is a big problem in the Python world.

[Animats]

The Python world suffers badly from this problem. There are many add-on modules for Python that are written in C. The interfaces for databases, SSL sockets, and similar things one needs for basic web applications are third-party modules in Python. In most cases, the module has one maintainer.

The C API for Python changes with each release of Python, and modules have to be updated and rebuilt for each platform. This process lags years behind Python releases. Often, the needed changes are minor, but short of forking and taking over maintenance of the module, there's no way to get them done fast.

There have been amusing moments. At one point, the maintenance organization for a module used in business applications was a World of Warcraft guild. At least they got stuff done.

The reclusive maintainer

[br00tus]

I once wrote a patch for a program on Sourceforge that was only a few lines but had taken weeks to figure out, and it definitely improved the package. I wouldn't call the maintainer reclusive, he was more like a cuckoo clock who would show up once a year, work like crazy on the program, then disappear again. After I wrote the patch he disappeared. A few months later, I was busy myself and forgot about it. Two and a half years later I started getting e-mails from his projects mailing list again where he was saying he was putting out the new version. He had already updated a bunch of files in the CVS, so I redid my patch against the latest CVS and made noise about my patch again. Well, he included most of it in his next release. Until then, it was sitting in the patches part of Sourceforge for anyone who would be very serious about the program to see.

People get busy in their real lives, and open source projects are usually a low priority next to putting food on the table, trying to get laid etc. Another problem is the paucity of good developers involved in open source projects relative to the number of people using them. There is a definite learning curve in these languages. I have been working with C language for 20 years now (initially making small programs to make C programs compile on my particular OS) and on some level I still don't really understand pointers and memory - in fact I know I don't because I missed those questions on a recent examination.

Some people have been saying to fork it, but then you have to take on the burden of all of that. I would say definitely think before doing a fork, are there enough developer man-hours (person-hours) out there, including myself, over the next several years that will work on this project that will make a fork necessary? You don't want to fork a dead-end project into something that's just going to become another dead-end project. On the other hand, if there's a multi-year commitment from yourself (and maybe others) and the maintainer has disappeared completely for weeks and months on end, then maybe a fork is in order.