Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How Do You Assess the Status of an Open Source Project?

Posted by Soulskill on from the say-its-name-three-times-in-front-of-a-mirror-site dept.

Chrisq writes: "Our software landscape includes a number of open source components, and we currently assume that these components will follow the same life-cycle as commercial products: they will have a beta or test phase, a supported phase, and finally reach the end of life. In fact, a clear statement that support is ended is unusual. The statement by Apache that Struts 1 has reached end of life is almost unique. What we usually find is:
  • Projects that appear to be obviously inactive, having had no updates for years
  • Projects that are obviously not going to be used in any new deployments because the standard language, library, or platform now has the capability built in
  • Projects that are rapidly losing developers to some more-trendy alternative project
  • Projects whose status is unclear, with some releases and statements in the forums that they are 'definitely alive,' but which seem to have lost direction or momentum.
  • Projects that have had no updates but are highly stable and do what is necessary, but are risky because they may not interoperate with future upgrades to other components.

By the treating Open Source in the same way as commercial software we only start registering risks when there is an official announcement. We have no metric we can use to accurately gauge the state of an open source component — but there are a number of components that we have a 'bad feeling' about. Are there any standard ways of assessing the status of an open source project? Do you use the same stages for open source as commercial components? How do you incorporate these in a software landscape to indicate at-risk components and dependencies?"

7 of 110 comments (clear)

  1. Check the community by Anonymous Coward · · Score: 4, Insightful

    Try and find someone looking for help using it online. See what people say to them. If there are lots of recent problems and responses that don't seem to suggest using other products, its likely in a good state to use.

    If no one is looking for help using the library, its either not in use, or way too easy to use (has that ever happened?).

    One thing to look out for is that if something works well, it might not need updates very often (or at all, depending on what it is). Don't abandon something simply because its old, or not being updated. Now, it its not being updated, has lots of open issues, and no users, thats a problem.

    You can also look for some issues/tickets, and see the response times on them.

  2. Not unique to open source by pavon · · Score: 5, Insightful

    This isn't a problem that is unique to open source. Several commercial libraries that we have used in the past have entered the twilight zone where the developer is neglecting them, and refuses to release any sort of roadmap or EOL announcement. Eventually, you just have to make your own call based on how much work it will be to move to a new library vs the risk of staying with the current one. At least with open source if you get stuck with a dead library you can choose to take over maintaining it on your own either as a long term strategy or a short-term stop-gap until you can move onto something else.

    1. Re:Not unique to open source by LulzAndOrder · · Score: 5, Insightful

      it is a problem that is unique to open source, but the part that is unique is that it's not a problem in open source. Because the source is open, "legacy" and "discontinued" software can still be maintained and used by however small a community of users wish to keep it alive. If Windows XP were open source, there would be no pulling the plug on it; there would be a healthy community making security patches for it still. nothing to see here folks, keep moving.

  3. Developer List by Seumas · · Score: 4, Insightful

    The first thing I do with regard to investigating any OSS is to find their developer list and skim the last few months of it. It's a good way to see the level of activity, responsiveness, and how cohesive or combative the core is.

  4. Re:Stackoverflow by larry+bagina · · Score: 4, Insightful

    Stackoverflow is moderated completely unlike Slashdot, so the best answers will usually bubble to the top.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

  5. Indeed. Are awk, sed, grep, vim dead? by raymorris · · Score: 5, Insightful

    Yeah you want to be careful with activity metrics. Awk hasn't seen many updates in the last two years. Mostly because it hasn't NEEDED much in the last ten or twenty years. That means it's already rock solid, not that it should be avoided.

  6. Re:Abandoned project takeover by Bill_the_Engineer · · Score: 4, Insightful

    Personally, I think if they do not respond, then the site should try to contact them - if they still do not respond (after a suitably lengthy time) then it should re-assign you as the new owner.

    The length of time to wait is much longer than you want. The original author of the project still owns the copyright and the rights to the name of the project. The best option is to fork the project and start fresh.

    --
    These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...