(opensourcesecurity.io)

433 points LawnGnome | 1 comments | 28 Aug 25 01:54 UTC | HN request time: 0.412s | source

Show context

blueflow ◴[28 Aug 25 09:58 UTC] No.45050331[source]▶

>>45047460 (OP) #

If they had done an activity check they would have seen that half of all projects have zero maintainers.

replies(1): >>45051284 #

ysofunny ◴[28 Aug 25 12:21 UTC] No.45051284[source]▶

>>45050331 #

software once "perfected" (working well enough long enough) needs NO maintenance. No cleaning. No calibrating/tunning.

updating is a systemic issue, not a per-project matter

replies(8): >>45051346 #>>45051557 #>>45052779 #>>45053610 #>>45053967 #>>45055423 #>>45056222 #>>45057634 #

1. chamomeal ◴[28 Aug 25 15:42 UTC] No.45053610[source]▶

>>45051284 #

Definitely varies with language/runtime/library choice. I have no problem using a clojure library that hasn’t been touched in 5 years. But back when I had a gatsby site (static site generator for react) I would end up in the dependency hell after literally a month of not touching it

↑

Open Source is one person