28 research outputs found
Why Modern Open Source Projects Fail
Open source is experiencing a renaissance period, due to the appearance of
modern platforms and workflows for developing and maintaining public code. As a
result, developers are creating open source software at speeds never seen
before. Consequently, these projects are also facing unprecedented mortality
rates. To better understand the reasons for the failure of modern open source
projects, this paper describes the results of a survey with the maintainers of
104 popular GitHub systems that have been deprecated. We provide a set of nine
reasons for the failure of these open source projects. We also show that some
maintenance practices -- specifically the adoption of contributing guidelines
and continuous integration -- have an important association with a project
failure or success. Finally, we discuss and reveal the principal strategies
developers have tried to overcome the failure of the studied projects.Comment: Paper accepted at 25th International Symposium on the Foundations of
Software Engineering (FSE), pages 1-11, 201
The Life and Death of Software Ecosystems
Software ecosystems have gained a lot of attention in recent times. Industry
and developers gather around technologies and collaborate to their advancement;
when the boundaries of such an effort go beyond certain amount of projects, we
are witnessing the appearance of Free/Libre and Open Source Software (FLOSS)
ecosystems.
In this chapter, we explore two aspects that contribute to a healthy
ecosystem, related to the attraction (and detraction) and the death of
ecosystems. To function and survive, ecosystems need to attract people, get
them on-boarded and retain them. In Section One we explore possibilities with
provocative research questions for attracting and detracting contributors (and
users): the lifeblood of FLOSS ecosystems. Then in the Section Two, we focus on
the death of systems, exploring some presumed to be dead systems and their
state in the afterlife.Comment: Book Chapte
Promises and Perils of Mining Software Package Ecosystem Data
The use of third-party packages is becoming increasingly popular and has led
to the emergence of large software package ecosystems with a maze of
inter-dependencies. Since the reliance on these ecosystems enables developers
to reduce development effort and increase productivity, it has attracted the
interest of researchers: understanding the infrastructure and dynamics of
package ecosystems has given rise to approaches for better code reuse,
automated updates, and the avoidance of vulnerabilities, to name a few
examples. But the reality of these ecosystems also poses challenges to software
engineering researchers, such as: How do we obtain the complete network of
dependencies along with the corresponding versioning information? What are the
boundaries of these package ecosystems? How do we consistently detect
dependencies that are declared but not used? How do we consistently identify
developers within a package ecosystem? How much of the ecosystem do we need to
understand to analyse a single component? How well do our approaches generalise
across different programming languages and package ecosystems? In this chapter,
we review promises and perils of mining the rich data related to software
package ecosystems available to software engineering researchers.Comment: Submitted as a Book Chapte
Why We Engage in FLOSS: Answers from Core Developers
The maintenance and evolution of Free/Libre Open Source Software (FLOSS)
projects demand the constant attraction of core developers. In this paper, we
report the results of a survey with 52 developers, who recently became core
contributors of popular GitHub projects. We reveal their motivations to assume
a key role in FLOSS projects (e.g., improving the projects because they are
also using it), the project characteristics that most helped in their
engagement process (e.g., a friendly community), and the barriers faced by the
surveyed core developers (e.g., lack of time of the project leaders). We also
compare our results with related studies about others kinds of open source
contributors (casual, one-time, and newcomers).Comment: Accepted at CHASE 2018: 11th International Workshop on Cooperative
and Human Aspects of Software Engineering (8 pages
Catch the Butterfly: Peeking into the Terms and Conflicts among SPDX Licenses
The widespread adoption of third-party libraries (TPLs) in software
development has accelerated the creation of modern software. However, this
convenience comes with potential legal risks. Developers may inadvertently
violate the licenses of TPLs, leading to legal issues. While existing studies
have explored software licenses and potential incompatibilities, these studies
often focus on a limited set of licenses or rely on low-quality license data,
which may affect their conclusions. To address this gap, there is a need for a
high-quality license dataset that encompasses a broad range of mainstream
licenses to help developers navigate the complex landscape of software
licenses, avoid potential legal pitfalls, and guide solutions for managing
license compliance and compatibility in software development. To this end, we
conduct the first work to understand the mainstream software licenses based on
term granularity and obtain a high-quality dataset of 453 SPDX licenses with
well-labeled terms and conflicts. Specifically, we first conduct a differential
analysis of the mainstream platforms to understand the terms and attitudes of
each license. Next, we propose a standardized set of license terms to capture
and label existing mainstream licenses with high quality. Moreover, we include
copyleft conflicts and conclude the three major types of license conflicts
among the 453 SPDX licenses. Based on these, we carry out two empirical studies
to reveal the concerns and threats from the perspectives of both licensors and
licensees. One study provides an in-depth analysis of the similarities,
differences, and conflicts among SPDX licenses, revisits the usage and
conflicts of licenses in the NPM ecosystem, and draws conclusions that differ
from previous work. Our studies reveal some insightful findings and disclose
relevant analytical data, which set the stage for further research.Comment: 10 pages, 6 figures, accepted by SANER202