Open Source Accountability

[thenengah]

Any advice when open source maintainers neglect popular projects.

The point here is that we depend on open source and as a result need maintenance. I can see how some of you would say switch to pm2 or something newer, but it would be a lot simpler for us just to get our SCA scan passing.

https://github.com/foreversd/forever/issues/1106

[gus_massa]

There is no accountability. From the license (MIT) https://github.com/foreversd/forever/blob/master/LICENSE#L13...

> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, [...]

You can fork it, if you wish. You can maintain a public fork and even accept patches from the community, or not accept patches, or only maintain a private fork and not share it with anyone.

Also, it looks like it's in a semi-zombie state. They even encourage to use other programs:

> A simple CLI tool for ensuring that a given script runs continuously (i.e. forever). Note that this project currently fully depends on the community for implementing fixes and new features. For new installations we encourage you to use pm2 or nodemon

[detaro]

If you consider 4 days of no reaction "neglect" you seriously need to reconsider your expectation towards people you aren't paying for a SLA. Issues like yours are the perfect example for how not to behave and why some maintainers hate companies using their projects. "Oh no we have to fix something ourselves temporarily, how rude, lets get on HN and shame you for neglecting your work"

[arkitaip]

"I can see how some of you would say switch to pm2 or something newer"

I was more thinking you should pay the devs to patch this if it is so mission critical for your business. Also, accountability is a funny word when it comes to code that is completely free.