[anonzzzies]

It gets abandoned but unlike closed software, if you depend on it enough, you can continue using it forever. For some reason if GitHub says ‘updated 6 years ago’ it is not viable for people, but for many things, especially desktop apps, this doesn’t matter at all; it works fine and if you need updates, you can do them.

The point is you can, while with closed software, you maybe can and sometimes with a lot of trouble.

If the source is open, the file format is also open.

[BoomerMoment]

I agree, provided the software isn't network reliant / accessible.

If the software were to explicitly depend on <vulnerable library> and moving to <patched library> broke it that would be the nail in the coffin for me / make me question whether I want to spend the effort maintaining the project.

[anonzzzies]

Yes, but for desktop software this is usually less of an issue. And at least you could fix it. When people are running ancient closed source software on Windows (Win 95 software apparently runs on Win 11), they don’t even think about the vulnerabilities and if they do, they cannot fix them. If you are so married to a software like the author seems to be, open is your best bet. And the OP is retired (well, at least 2021), so tinker time!