[heyadayo]

The thread actually represents a discussion between the most active maintainer (dougwilson) and various employees of IBM who now own and oversee the project, with a few confused third parties chiming in.

It looks like IBM is making some predictable mistakes, which have disillusioned dougwilson to some large extent. Simultaneously they are being fairly inflexible at fixing those mistakes and ultimately forcing abandonment, at least by dougwilson. My prediction:

1) IBM continues with the typical corporate policies which are probably not great for the sort of OSS project that involves independent contributors

2) dougwilson leaves permanently

3) the project sort of wallows a bit

4) IBM puts some resources on it, and claims it all worked out.

As to #4, they'll be sort of correct, assuming the goal was to see resources and progress on express. They'll be wrong if the goal was to properly maintain an open source community around the project.

NOTE: I don't know anything about this, but I've seen this play out many times before. I chimed in here because the other comments in this thread seem to be wildly off topic given the content of the github discussion.

[nailer]

This happened with node-inspector for a while: StrongLoop became the official sponsor, and basic stuff like 'var x = 1; console.log(x)' returning undefined was left unfixed for years while the company simultaneously used it as advertising for how great their node contributions were.

[STRML]

I've been frustrated with their code on a few occasions. We've seen breaking changes in patch versions on strong-remoting, PRs rebased out of patch releases with no explanation (and nobody could figure out why/how), and intentional abuse of npm's optionalDependencies to track users (https://github.com/strongloop/loopback/issues/1079).

This tracking is not only unethical but exceptionally dangerous, as the dependency is fetched over http, and as we know, npm modules essentially have full user access as they can spawn any command via the `postinstall` hook. So a mitm could pose as blip.strongloop.com and own any servers calling out to it.

I've ended up forking every strongloop package we use to trim this tracking abuse. I really shouldn't have to do that.

[creamyhorror]

Here's some history, from what I've read. The original discussion of the transfer of the Express repo's ownership to Strongloop occurred here in June 2014:

https://github.com/strongloop/express/issues/2264

Back then, many in the community were surprised by the sponsorship (sale?) of the project and called for the repo to be transferred to the Expressjs org instead. So the question of ownership has been a long-running issue.

Now the ownership/involvement seems to have passed from Strongloop to their acquirer IBM. We're just seeing Doug/the community reprise the same issue with the new owners.

Doug (and presumably other third-party contributors) naturally won't want to be the main contributors to a project owned by a company, so the IBM guys will probably have to take over development & maintenance no matter what. (Barring them giving the project back to the organisation.) Chance of a fork too.

I guess a shared governance model is needed here, to get all parties aligned again.

[jacquesm]

This is one of the pitfalls of contributing to an open source project, sooner or later (assuming the project gains traction) some company will acquire the project for what for them is peanuts and in the process they'll do what they can to keep the current project the one people will flock to.

That's why we have MariaDB and a whole raft of other projects that are technically closely related to the original and maintained by a number of people that were originally associated with the project but that moved on after an acquisition by forking the project.

Companies as a rule do not like the kind of autonomy that is associated with FOSS.

Maybe this is a solution in this case too, Doug could in theory fork it under a different name and just keep it running (unless his contract prevents him from doing that).

[dougwilson]

I don't have any type of contract around Express; only the interest in providing a stable project to the community.