search

gin-gonic / gin

Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.
https://gin-gonic.com/
MIT License
78.04k stars 7.97k forks source link

[Community Discussion] What's the status of Gin? #3824

Open brandon1024 opened 8 months ago

brandon1024 commented 8 months ago

Description

Gin has developed a massive community of users of the years. According to GitHub, it's used by nearly 180 000 projects on the platform. It's used by some pretty large open source projects, like PhotoPrism, smaller hobby projects and thanks to its permissive licensing it's also well used in proprietary products and solutions. With such a large following, it's important that we secure the future of Gin and continue foster a community driven by good open source principles.

It's no secret that issues and pull requests have been pilling up. Some merge requests have been open for months without comment (https://github.com/gin-gonic/gin/pull/3756 is one such example). Aside from a few small enhancements and fixes, there hasn't been much forward movement since early 2023. What's a little more concerning are security-related issues that have been open for a few weeks (https://github.com/gin-gonic/gin/issues/3814 is one such example). Security patches have been known to take a while to be released (https://github.com/gin-gonic/gin/issues/3777). These are critical issues for those using Gin in a production environment. Migrating to another framework is a pretty significant undertaking, and doing so while a productive system is at risk of attack is that much more concerning.

I'm a little concerned about the maintenance status of Gin. I've noticed a steady decline in activity over the past 6 months and I think it's important that we talk about it openly as a community. Bear in mind that this issue is not an accusation of the project maintainers. I don't want to repeat what Max Woolf went through. This is an open community discussion, and I hope the project maintainers will be involved.

Open Questions

Is the project lacking funding?

It's hard to keep open source projects going when there's little funding behind it. Project maintainers invest their own time (and a pretty considerable amount of it) keeping projects like this going. Burnout in the open source community is a real threat.

Do we need to open a channel for developers to support the project through funding/donations?

Is there a lack of project maintainers?

Are the project maintainers focused on other topics or projects and don't have enough time to keep Gin going? Can we help alleviate the pressure by recruiting more maintainers?

Has the project been superseded or obsoleted?

The next big release of Go features powerful improvements to the net/http package, like URL path parameter matching and improvements to ServeMux. In spite of this, Gin is still quite powerful and offers features that the built-in standard library does not.

Is Gin in the process of being superceded by a new offering? Is it being obsoleted?

Should we document project status?

If the project maintainers are overloaded or no longer interested in keeping Gin going, should we document the project maintenance status in the README?

What are actions that the community can take to keep the project going?

Looking for community input here :smiley:

schulerj89 commented 8 months ago

I share your concerns about the Gin framework's maintenance. As a fellow engineer and user, I hope that it picks back up.

I would love to help wherever I can with documentation, maintaining, etc. Such a great framework.

Ozoniuss commented 8 months ago

I've been using Gin for quite some time now, and I'd be very interested in hearing what the community has to say about this. I've been sharing your concerns lately as well. Of course, I'm also happy to help or contribute with whatever I can.

J-tt commented 7 months ago

At risk of not bringing too much to the conversation, I share a lot of the concerns listed here. Especially given the recent issues the docs site had.

I think it could also be a fair assumption that the recent improvements to the stdlib router could be eroding gins market share.

Regardless, it'd be nice to see a way for the still active community to lend more support, whether financial or in volunteer time.

There is also a noticeable drop of in the code frequency graph: https://github.com/gin-gonic/gin/graphs/code-frequency

udhos commented 7 months ago

For risk management I have been moving projects I am involved with from gin to chi:

https://github.com/go-chi/chi

brandon1024 commented 7 months ago

I've noticed over the past week or so some forward movement on the project. The number of issues and merge requests is starting to go down, and I've noticed some security issues were fixed. Hopefully the momentum continues!

kszafran commented 7 months ago

I've noticed a steady decline in activity over the past 6 months [...]

I have felt this way for way longer than that. I have a PR from 2021 that's addressing a few issues / feature requests that other users have had: https://github.com/gin-gonic/gin/pull/2877. But my PR or my comments in the related threads didn't get much/any attention from the maintainers, which is discouraging to me as a user and an occasional contributor.

I still use gin, although I have copy-pasted and modified parts of it to support the features that I need. But if I have the time, I'd like to replace it with an assortment of smaller, purpose-built libs (some HTTP router, something to bind query/path params to structs, etc.) and I can glue the pieces myself. Despite the fact that new features don't seem to be added nowadays, go.mod already feels bloated. I don't really need TOML, YAML, MessagePack, Protobuf, and 4 different JSON implementations (std lib, goccy/go-json, ugorji/go/codec, bytedance/sonic)...

I'm not going to judge the maintainers, since no one should be expected to work for free on open source. I'm just not inclined to use gin in the future.