Abandon Ware
Philippe Coval <purl.org/rzr> #OpenFest2020 2020-11-08
$ whois Phil Coval
- Software Engineer from Rennes, France
- OpenSource Contributor, Mozilla Rep (IoT)
- Involved in industry's OSS:
- Tizen (Intel), Yocto, IoTivity (Samsung)
- Contact: https://purl.org/rzr
- Presentations, Videos, Social…
- Currently available for cooperation
- Link me from Fediverse:
Software is never finished
Software will be abandoned
- Abandonware is a product
- typically software,
- ignored by its owner and manufacturer,
- and for which no support is available
- Open source products include permission
- to use the source code
- FLOSS without community is just software
Challenges
- Code isn't like wine,
- it does not get better over time
- Upstream is not users' contractor
- Software needs users & developers !
- Community interdependence
Lifespan of OSS
- Author(s) publish code
- Users use code (free riders)
- Community improves code
- Developers add features, fixes
- Or fade away…
- Ship and forget (next hype)
- Lack of interest, funding
- AFK or worse situations
- Sustainability challenge
AFK
Strategies
- OSS Users might stay, and make patches
- not merged upstream
- many downstream forks
- that might be also abandoned too
(Cyber) Insecurity:
- Vulnerabilities in code
- AND/OR its dependencies
- AND/OR dependencies' dependencies…
- Fix CVE with patches?
- Any side effects ?
- in un-audited (closed) code ?
- Any side effects ?
- Minimal maintenance is desirable
- for each link of chain
(Cyber) Negligence:
Best effort cooperation
- Co-maintenance for orphaned project
- by trusty FLOSS community
- "Current" Open Infrastructure/ Development:
Trust
- Should be bi-directional
- Web Of Trust (PGP)
- Commitment to trustworthy org
- eg: Debian keyring
- Best effort again, support welcome
- Example:
Procedure Flows
- Track patches: URL in commit messages:
- Origin:, Forwarded: Relate-to:
- Forward patches to upstream first
- Rebase on upstream ASAP
- Setup CI/CD
CI/CD, DevOps, AI?
- Automate (eg: GitHub actions)
- Code is scanned by bots:
- issues reported, patches proposed
- Changes announced to social channels
- Others: namespaces:
- JS lib published to NPM:
- "@abandonware" repository
- JS lib published to NPM:
- Next? : AI or Collective Intelligence ?
Entry door
- Procedures (WIP) & Examples:
- Feedback welcome:
"bluetooth-hci-socket"
"@abandonware/ bluetooth-hci-socket"
Help welcome
- Identify orphaned projects
- Join reviewers, testers, mentors
- Relationship to up/down/stream
- Improve CI/CD (more OS, toolchains etc)
- Feedback, Support, Funding
- Adopt orphaned packages
- for better maintenance ?
Summary
- Software will be unmaintained
- Users might need legacy software
- Security matters
- Need Trust, Procedures and automation
- Software need community
- Abandonware is place for best effort:
- Identification, adoption and more?
Ethics matters
- Today, We're in a Pre-Cooperation age
- Every one has responsability for sustainability
- Inspirations:
Resources
Q&A Thanks
- Thanks #OpenFest2020 !
- Mozilla/WebThingsIo, Leon
- https://github.com/rzr/rzr-presentations
- License: CC-BY-SA-4.0 ~RzR 2020
- Copyrights belong to their respective owners
Upcoming
More
Video playback
More
Playlist