second, because there is no one else to pass the project to.
If I ever maintain a FOSS Project this one will be one of the things I need to figure out along the way, surely there’s someone trustworthy out there, surely
This could be a simple answer as : I don’t wanna cause inconveniences to my users to a more complexe one such as… umm, ideological reasons… I don’t want to see a project I started get archived or taken down…
Let them prove themselves.
It’s a requirement…
to me finding mainteners is part of what makes a FOSS project successful
Pass on to someone trusted, that ideally has been part of the project for a long time, or even the start.
Have a fork that is officially endorsed.
Depending on the software, different approaches may be appropriate. For something like this with VPN, I would want the fork to be vetted by the community before trusting it. If the original owner endorsed one, id probably update to it quickly but keep an eye on the community.
If it was something with less security risk, id probably move quicker if features were added I like. With something like this, with higher risk, id be assessing forks and alternatives equally.
If I ever maintain a FOSS Project this one will be one of the things I need to figure out along the way, surely there’s someone trustworthy out there, surely
But why take a chance? It’s easy for anybody who’s truly interested to fork it, and if you’re calling it a day it’s all the same to you.
The problem with endorsing someone else is that they inherit all the clout without having put their time in. Let them prove themselves.
This could be a simple answer as : I don’t wanna cause inconveniences to my users to a more complexe one such as… umm, ideological reasons… I don’t want to see a project I started get archived or taken down…
It’s a requirement…
to me finding mainteners is part of what makes a FOSS project successful
As I see it, there are 3 options.
Allow forks and let community sort itself.
Pass on to someone trusted, that ideally has been part of the project for a long time, or even the start.
Have a fork that is officially endorsed.
Depending on the software, different approaches may be appropriate. For something like this with VPN, I would want the fork to be vetted by the community before trusting it. If the original owner endorsed one, id probably update to it quickly but keep an eye on the community.
If it was something with less security risk, id probably move quicker if features were added I like. With something like this, with higher risk, id be assessing forks and alternatives equally.
Lesson learned from the whole XZ thing. Anything related to security does run the risk of nation state actors abusing trust. Makes it hard to do right
Indeed, or buying-off other maintainers and making them turn against you 👀, it’s crazy world we live in and everything goes