I will maintain ownership of the repository, but I won’t pass it down to anyone else. First, because I feel it’s not up to me to decide who to pass the project down to, and second, because there is no one else to pass the project to.
“But I want and can maintain it, can I take it over?” Let me put it plain and simple: No! I don’t know you, I don’t trust you! Fork it and carry on!
second, because there is no one else to pass the project to.
If I ever maintain a FOSS Project this one will be one of the things I need to figure out along the way, surely there’s someone trustworthy out there, surely
This could be a simple answer as : I don’t wanna cause inconveniences to my users to a more complexe one such as… umm, ideological reasons… I don’t want to see a project I started get archived or taken down…
Let them prove themselves.
It’s a requirement…
to me finding mainteners is part of what makes a FOSS project successful
Pass on to someone trusted, that ideally has been part of the project for a long time, or even the start.
Have a fork that is officially endorsed.
Depending on the software, different approaches may be appropriate. For something like this with VPN, I would want the fork to be vetted by the community before trusting it. If the original owner endorsed one, id probably update to it quickly but keep an eye on the community.
If it was something with less security risk, id probably move quicker if features were added I like. With something like this, with higher risk, id be assessing forks and alternatives equally.
I vaguely remember some money calculating-related project guy who received a PR that heavily optimized and updated the project. Since he was very busy and no longer really wanted to maintain the project, rather than reviewing and merging the commit, he gave the contributor complete access to the repo for them to maintain the project at their own discretion. The project was unpopular back then—when he looked back a few years later, he was surprised to discover that the project had racked up several thousands of stars.
Bravo
If I ever maintain a FOSS Project this one will be one of the things I need to figure out along the way, surely there’s someone trustworthy out there, surely
But why take a chance? It’s easy for anybody who’s truly interested to fork it, and if you’re calling it a day it’s all the same to you.
The problem with endorsing someone else is that they inherit all the clout without having put their time in. Let them prove themselves.
This could be a simple answer as : I don’t wanna cause inconveniences to my users to a more complexe one such as… umm, ideological reasons… I don’t want to see a project I started get archived or taken down…
It’s a requirement…
to me finding mainteners is part of what makes a FOSS project successful
As I see it, there are 3 options.
Allow forks and let community sort itself.
Pass on to someone trusted, that ideally has been part of the project for a long time, or even the start.
Have a fork that is officially endorsed.
Depending on the software, different approaches may be appropriate. For something like this with VPN, I would want the fork to be vetted by the community before trusting it. If the original owner endorsed one, id probably update to it quickly but keep an eye on the community.
If it was something with less security risk, id probably move quicker if features were added I like. With something like this, with higher risk, id be assessing forks and alternatives equally.
Lesson learned from the whole XZ thing. Anything related to security does run the risk of nation state actors abusing trust. Makes it hard to do right
Indeed, or buying-off other maintainers and making them turn against you 👀, it’s crazy world we live in and everything goes
Maybe he learned from what happened to uBO before the “Origin” label was needed.
I don’t see a problem in forking, except for issues regarding logistics
I vaguely remember some money calculating-related project guy who received a PR that heavily optimized and updated the project. Since he was very busy and no longer really wanted to maintain the project, rather than reviewing and merging the commit, he gave the contributor complete access to the repo for them to maintain the project at their own discretion. The project was unpopular back then—when he looked back a few years later, he was surprised to discover that the project had racked up several thousands of stars.