←back to thread

Open Source is one person

(opensourcesecurity.io)
433 points LawnGnome | 2 comments | 28 Aug 25 01:54 UTC | HN request time: 0s | source
Show context
blueflow ◴[28 Aug 25 09:58 UTC] No.45050331[source]
If they had done an activity check they would have seen that half of all projects have zero maintainers.
replies(1): >>45051284 #
ysofunny ◴[28 Aug 25 12:21 UTC] No.45051284[source]
software once "perfected" (working well enough long enough) needs NO maintenance. No cleaning. No calibrating/tunning.

updating is a systemic issue, not a per-project matter

replies(8): >>45051346 #>>45051557 #>>45052779 #>>45053610 #>>45053967 #>>45055423 #>>45056222 #>>45057634 #
blueflow ◴[28 Aug 25 12:29 UTC] No.45051346[source]
Maybe we need a Linux distro based on "inactive" software and look how reliably it performs.
replies(2): >>45051400 #>>45051997 #
ii41 ◴[28 Aug 25 13:36 UTC] No.45051997[source]
I was once forced to use older (but not deprecated) LTS Ubuntu and I hated it. New software come out and you're gonna want to use them (often forced to use them), and they of course use newer dependencies. I had to do the distribution maintainer job and package a bunch of software myself.
replies(1): >>45053299 #
1. marssaxman ◴[28 Aug 25 15:18 UTC] No.45053299[source]
What sort of work do you do?

I only use LTS distributions, and this is not a problem I have encountered, so I wonder what accounts for the difference in our experiences.

replies(1): >>45054005 #
2. spott ◴[28 Aug 25 16:18 UTC] No.45054005[source]
I think this depends on how they are used.

If you are leaning on the package manager for managing things like Python, then they are really annoying.

If you are just skipping that and using something like UV, then you won’t care that LTS only has python 3.9 or similar.

If you are trying to use them interactively, then they can be annoying because everything new isn’t available. If you are using them as a server for running pre-packaged code, then they are fine.