56 research outputs found
The Life and Death of Software Ecosystems
Software ecosystems have gained a lot of attention in recent times. Industry
and developers gather around technologies and collaborate to their advancement;
when the boundaries of such an effort go beyond certain amount of projects, we
are witnessing the appearance of Free/Libre and Open Source Software (FLOSS)
ecosystems.
In this chapter, we explore two aspects that contribute to a healthy
ecosystem, related to the attraction (and detraction) and the death of
ecosystems. To function and survive, ecosystems need to attract people, get
them on-boarded and retain them. In Section One we explore possibilities with
provocative research questions for attracting and detracting contributors (and
users): the lifeblood of FLOSS ecosystems. Then in the Section Two, we focus on
the death of systems, exploring some presumed to be dead systems and their
state in the afterlife.Comment: Book Chapte
In War and Peace: The Impact of World Politics on Software Ecosystems
Reliance on third-party libraries is now commonplace in contemporary software
engineering. Being open source in nature, these libraries should advocate for a
world where the freedoms and opportunities of open source software can be
enjoyed by all. Yet, there is a growing concern related to maintainers using
their influence to make political stances (i.e., referred to as protestware).
In this paper, we reflect on the impact of world politics on software
ecosystems, especially in the context of the ongoing War in Ukraine. We show
three cases where world politics has had an impact on a software ecosystem, and
how these incidents may result in either benign or malignant consequences. We
further point to specific opportunities for research, and conclude with a
research agenda with ten research questions to guide future research
directions.Comment: Accepted to ESEC/FSE as a vision pape
Lessons from the Long Tail: Analysing Unsafe Dependency Updates across Software Ecosystems
A risk in adopting third-party dependencies into an application is their
potential to serve as a doorway for malicious code to be injected (most often
unknowingly). While many initiatives from both industry and research
communities focus on the most critical dependencies (i.e., those most depended
upon within the ecosystem), little is known about whether the rest of the
ecosystem suffers the same fate. Our vision is to promote and establish safer
practises throughout the ecosystem. To motivate our vision, in this paper, we
present preliminary data based on three representative samples from a
population of 88,416 pull requests (PRs) and identify unsafe dependency updates
(i.e., any pull request that risks being unsafe during runtime), which clearly
shows that unsafe dependency updates are not limited to highly impactful
libraries. To draw attention to the long tail, we propose a research agenda
comprising six key research questions that further explore how to safeguard
against these unsafe activities. This includes developing best practises to
address unsafe dependency updates not only in top-tier libraries but throughout
the entire ecosystem
An Exploration of Cross-Patch Collaborations via Patch Linkage in OpenStack
Contemporary development projects benefit from code review as it improves the
quality of a project. Large ecosystems of inter-dependent projects like
OpenStack generate a large number of reviews, which poses new challenges for
collaboration (improving patches, fixing defects). Review tools allow
developers to link between patches, to indicate patch dependency, competing
solutions, or provide broader context. We hypothesize that such patch linkage
may also simulate cross-collaboration.
With a case study of OpenStack, we take a first step to explore
collaborations that occur after a patch linkage was posted between two patches
(i.e., cross-patch collaboration). Our empirical results show that although
patch linkage that requests collaboration is relatively less prevalent, the
probability of collaboration is relatively higher. Interestingly, the results
also show that collaborative contributions via patch linkage are non-trivial,
i.e, contributions can affect the review outcome (such as voting) or even
improve the patch (i.e., revising). This work opens up future directions to
understand barriers and opportunities related to this new kind of
collaboration, that assists with code review and development tasks in large
ecosystems
- …