Is this project still active?

[agilezebra]

There are 3 PRs open for 6 months plus. We'd really like to use this project in production in our organisation but it difficult to do so comfortably if it's effectively abandoned.

[jgehrcke]

We use the project in production.

I have not followed the issues very recently. Do you think there is a currently known issue that is absolutely critical such as a security bug?

[jgehrcke]

There seems to be this fork: https://github.com/cdbattags/lua-resty-jwt/

@cdbattags what's the plan? :)

[jgehrcke]

I see: https://github.com/SkyLothar/lua-resty-jwt/pull/79#issuecomment-392791349

[cdbattags]

Hi folks! We’ve fully forked this and the fork is now even live on LuaRocks with the same name.

If you're using LuaRocks as a package manager then you're probably already using the fork in prod!

Otherwise, feel free to submit PRs on my branch and update to latest if you'd like to run latest version of OpenResty! Woo!

[jgehrcke]

@cdbattags so you have no plan trying to get your latest goodies into SkyLothar/lua-resty-jwt -- no?

What I would really love to see, be it here or in your repo, is a decent changelog :).

[cdbattags]

Nope, this maintainer is a-wall and until they come back and until we agree on a clear path forward all PRs should basically flow into my fork now!

As long as we as a group agree agree of course! The major part about a fork is getting it into the package managers (OPM and LuaRocks) but since this is done there's no reason to still attempt to get my changes into this repo.

Changelog easy to add for the latest version on mine but it's also very easy to sift through the tags.

The latest changes are really simple OpenSSL FFI stuffs to get OpenResty/NGINX 13+ working.

[cdbattags]

I'll look through the latest PRs here this weekend and see if we can get them in mine but @agilezebra it would be great if you could open a PR to mine as well to preserve the commit authorship 😉

[zandbelt]

As the author of lua-resty-openidc, a package that depends on lua-resty-jwt, I support this fork and IMHO it should be the new master because of the unhealthy state of the old repo.

[jgehrcke]

Thanks for all the feedback! That helps making decisions.

[jgehrcke]

One thought: there should be an attribution to the original author in the important places (in the README, maybe in the OPM/luarocks package descriptions).