this post was submitted on 05 Jul 2024
61 points (94.2% liked)

Open Source

31253 readers
248 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

I’m looking for a way to keep an eye on open source software I’m using, especially if there are detrimental changes. Like for example when there’s an acquisition (Raivo Authenticator) or the project has not been updated in a long time (potentially posing a security risk).

But I don’t want to have to read about every project, just the ones I’m using.

Anyone got any ideas?

top 11 comments
sorted by: hot top controversial new old
[–] [email protected] 35 points 4 months ago* (last edited 4 months ago)

Install your software from the repository of a well-run distribution that has a focus on free software.
If the software is unmaintained or changes its license, the distro's maintainers will drop it and look for a replacement.
It's literally their (unpaid) job.

[–] [email protected] 14 points 4 months ago

I don't think one currently exists, but it would be an interesting project. There are plenty of trackers for CVEs but in terms of project ethics, acquisitions, etc., there's a space for it.

The two main problems I can see are:

  1. How do you define 'negative'? An open source application being acquired is often a bad thing, but not always. An acquisition by FUTO is more likely to be viewed positively than an acquisition by Microsoft, but either can be interpreted positively or negatively depending on the person.

  2. Community involvement is absolutely critical. If I were running a service like this (for example), I would only really be keeping up on the services I use and care about. I would need others to submit info and then verify it.

[–] [email protected] 13 points 4 months ago (1 children)

I think participating in communities which are centered around discussion of open source software is the ideal solution. That could be on Lemmy, Mastodon, GitHub, Reddit, Discord, wherever devs and users congregate (and, whatever platforms you find tolerable). I think the information you are seeking is too varied and in some cases subjective to be captured and parsed by an automated tool. And it would be great if you could help others by posting in those communities about changes that you are unhappy with, so others can make informed decisions.

[–] [email protected] 3 points 4 months ago

Just here to comment on your PFP.

Shimarin FTW.

[–] [email protected] 12 points 4 months ago* (last edited 4 months ago)

I can't imagine any way this is possible without crowdsourced information, and at that point you're just interacting with a community (likely the same one as you already are) through a different interface.

But if such an interface existed, it might've been a cool project.

[–] [email protected] 7 points 4 months ago

I can't remember what it was called but, I seem to remember there was on you could monitor change of ownership on Github-repo's.

[–] [email protected] 2 points 4 months ago

Subscribe to #open-source #enshitification

[–] [email protected] 2 points 4 months ago

I think it's mostly related to LICENSE file. For example Redis and now Valkey. Otherwise some eye-catching issue drama on repo. As long as the license is truely FOSS like GPL v3 then in 99% cases you should be fine.

[–] [email protected] -2 points 4 months ago (1 children)

Define "negative way"... GNOME changes in negative ways in a weekly basis so... Notification DDoS? :P

[–] [email protected] 7 points 4 months ago* (last edited 4 months ago) (1 children)

Bruh I think they're talking about serious stuff like adding spyware, deprecation, suspicious change of owner etc. But your question is valid

[–] [email protected] 1 points 4 months ago

I was thinking that the license is no longer open