Closed davidkel closed 6 months ago
jimthematrix
commented
7 months ago @davidkel you are correct to point out that the lifecycle process mainly takes into account developer activities rather than usage. And becoming a dormant project would be the natural next step unless new contributors show up soon. My comment was mainly about what the TOC and Hyperledger staff can do to encourage (new) contributors to step up and keep the project going, given the amount of usage.
davidkel
commented
6 months ago @jimthematrix Thanks Jim and thanks for trying to encourage others to help keep Caliper going. I will point out though that a comment made in the TOC meeting about Caliper "Being a performance tool. Cv probably doesn't really matter.". I assume that it was about security issues ? If so then unfortunately security issues do matter to Caliper and should not be ignored (although I am not aware of any issues being reported it is totally possible to use caliper as an attack vector if vulnerabilities existed). A further comment is a tool that just works is still going to require maintenance to ensure that code rot is avoided and thus it stops working. For example breaks in npm modules as the current released version doesn't lock all packages down (and we have seen many times when stuff breaks due to a 3rd part npm module change :-) ) Another example is that Node 18 breaks the fisco-bcos connector and unless anyone is interested and prepared to commit to fixing it, we should remove it as we cannot run the build on Node 18 to test Caliper. So Caliper may be working now but it cannot be guaranteed in the future.
@jimthematrix That would imply that the lifecycle of a project is tied to preceived usage rather than project health/activity. That doesn't sound right for the hyperledger project lifecycle definition but I haven't looked into it fully. My impression of dormant implies that it isn't being actively maintained which for a minimum would be to ensure code rot isn't occuring, that it still builds and passes tests and that it's kept upto date with security patches both within the code and ensuring any dependent libraries are secure. Unfortunately Caliper currently isn't being actively maintained from that perspective and the need is to get committed contributors to ensure that it can keep going.