Is this project dead ?

[sylr]

Hi,

I am currently investigating solutions to crypt certificates, private keys ... etc in git repo and came across this project.

I was considering it until I noticed last commit in master occurred more than 1 year ago and that PR stacking up do not seem to be considered.

@AGWA Can we have a status update about this project ?

Cheers.

[alerque]

Even as a long time and current user of this system I'm starting to get concerned about the future of the project. Obviously the lack of updates or feedback from the developer recently is the primary issue here, however the continuing backlog of PR's and issues suggests that the community is still interested.

@AGWA Would you be open to allowing some help into this project? I have some more upcoming projects that are going to need this and am considering whether to spend some time learning and implementing a different solution or whether I could invest some time and effort into helping this one along. If you are interested in allowing somebody like me to help with issue triage and handling some of the more basic community contributions that might take some of the load off so that any time you do have can be spent on more hard core development tasks.

I'm well aware that anybody including myself could choose to fork and run with this, but my preference for OS projects is to take smaller steps and foster contributions to the original project rather than forging off in some other direction ­— but cases like this it's going to take either you having time to manage community contributions or letting somebody else step in and help pull things together.

[amorriscode]

We just got a new release on the 26th of November so it looks okay to me.

[happycollision]

How about now? :wink:

Fewer updates as time goes on could be more of an indication that a codebase is reaching "peak robustness" I suppose. So that is not necessarily a bad thing. Just hard to tell from the outside.

[alerque]

@happycollision In spite of the concern I had (and sort of still have), I'm still using it in production and it works fine. You have a point about robustness. In this case I do think there are more rough edges that could be filed off, but at some point when a tool only does one basic function and does it properly, it doesn't merit constant tinkering.

[sylr]

@alerque Agreed but it's not a reassuring for users that the maintainer is awol

[alerque]

@sylr I don't think it's fair to say the maintainer is AWOL. They've at least been committing here on Github as recently as a couple weeks ago and there are no known critical security issues or blocking bugs that haven't been addressed.

[esc]

yes/no/maybe?

[esc]

@AGWA are you still around?

[AGWA]

Yes, I'm still around.

[happycollision]

I am so sorry that I inadvertently revived this issue. 🤦‍♂️

[alerque]

@AGWA I think we can probably close this issue. Two years and a release later, plus confirmation that nobody is dead, pretty much sets the stage. I don't think there is anything left to answer. Nobody can predict what turn of events life might play on your or others, but it seems like the status quo is pretty established for the time being — a slow trickle of maintenance releases. Fair enough?

[sylr]

@alerque I beg to differ, @AGWA showed that he is still around but did not said anything about the state of this project.

Last commit is more than one year ago and lot of PR are still unanswered.

I am not blaming @AGWA if he does not want to maintain it anymore I'm totally fine with it but he needs to state it so that users know what they can expect.

[wederchr]

Have to agree with @sylr. Happy to hear that @AGWA is alive but I would still like to know what the state/ plan for this project is. There are a lot of open PRs as well as unanswered issues and the last commit was made over a year ago.

[natanverdes]

Hello @AGWA . I think the community wants to solve a lot of problems that this project have. We should close or merge the Merge Requests. Please open the project to some well-known developers of this project. Thank you and regards

[alerque]

Time to ping on this. The number of PRs piling up that appear to solve a lot of problems but aren't getting reviewed (whether to be rejected, modified, or cleaned up and accepted) is concerning. If you're not willing to open this up at least a little to a few trusted maintainers it might be time to start a community fork. I understand your concerns about it getting out of hand, but as a very long time user the lack of progress fixing known issues is starting to seriously grate again. Thoughts?

My suggestion would be to appoint at least 2, maybe 3 people from the community who have same track record in FOSS projects as maintainers, then setup the repository so that the master branch is protected and at least 1 PR review approval is required to merge. That would make it so that a minimum of 2 folks (1 contributor + 1 maintainer or 2 maintainers) would have to agree on solutions to merge anything. That would also help get the issue list cleaned up with some triage.

[fasibio]

Two years later... same situation, same question ?