Fair counter, and that's the right stance. The tax I'm pointing at is the implicit social one: feeling like you owe a response. Plenty of publishers get burned out before they figure out your model.
they exist, but they are likely unmaintained, and may have known security issues.
i have a project that suffers from that. the version of a library it is built with is old and unsecure, but the newer supported version has a completely different API that would require me to rewrite the code that uses the library.
i had a second such case where i discovered a fork of the old version of the library which was still maintained. otherwise there too a rewrite would have been required.
In my experience, the most common problem is that a dependency changes. It drops support for something, API changing, etc. If it's 3 dependencies deep, and one of the deps in the middle isn't maintained anymore, well...
Fair counter, and that's the right stance. The tax I'm pointing at is the implicit social one: feeling like you owe a response. Plenty of publishers get burned out before they figure out your model.
they exist, but they are likely unmaintained, and may have known security issues.
i have a project that suffers from that. the version of a library it is built with is old and unsecure, but the newer supported version has a completely different API that would require me to rewrite the code that uses the library.
i had a second such case where i discovered a fork of the old version of the library which was still maintained. otherwise there too a rewrite would have been required.
In my experience, the most common problem is that a dependency changes. It drops support for something, API changing, etc. If it's 3 dependencies deep, and one of the deps in the middle isn't maintained anymore, well...