Comment by geofft
5 years ago
> Th e artifacts of these little meltdowns are exactly the kinds of things your upper management will cite the next time you suggest using FOSS vs. whatever vendor they're about to push down your throat.
Yes, this is what I don't understand - we spent decades fighting the perception that open source could never be as good as proprietary commercial software. Now that we've mostly convinced our bosses, we want to turn around and say, no actually an open source maintainer who writes buggy code, rejects patches, and takes down their project when called on it is doing exactly what he should do?
Of course he has every right to do that, but this shouldn't be (and fortunately isn't) the norm. Defending this outcome as the expected outcome just means that the bosses will quite justifiably say, suppose we use this software and I let you publish patches back, you're telling me to expect that the upstream author will take their code offline? Why should I use this software at all, let alone let you waste your time on patches? I'm gonna buy from Oracle.
>you're telling me to expect that the upstream author will take their code offline
Yes. If a company shuts down, who is to blame when the downloads are no longer available?
No offense, but your build process is lacking if you are affected by a project disappearing from the internet.. You should be bundling all of your libraries with your final artifact.
This is a prime example of relying on the cloud without a continuity plan.
This has nothing to do with build process, this has everything to do with the expectation that a project will continue to exist and put out new releases. All out builds at work, in fact, are offline. We check in tarballs and we don't access the internet. That has nothing to do with whether I can tell my boss in good faith, allow me to submit a patch upstream and it'll be worthwhile to the company and we won't have to carry local patches. Right now I can say that. Why would we want to get rid of that?
> Why should I use this software at all, let alone let you waste your time on patches? I'm gonna buy from Oracle.
With OSS you always have an option to keep your personal copy of the source tree, and you have an option to fork it and maintain it at your own expense. When Oracle closes and discontinues the software you rely upon, you are screwed big time.
Big companies often have code escrow agreements to cover that exact problem.
The advantage of them is pretty theoretical since you don't really want to become responsible for someone else's code drop, but that's not any different with open source.