Comment by DoreenMichele 2 months ago
Yeah, I think it would take something like bankruptcy of a Fortune 500 company because a critical open source piece shut down.
And I'm not holding my breath that even that would sink in. People are amazingly talented at hearing only what they want to hear to justify doing it like they've always done it.
It doesn't rot? I mean if it stops being maintained and the lack of updates makes it fatally insecure or something, it can become effectively obsolete.
Though I will note I'm agreeing that it's highly unlikely you can put a gun to the heads of corporations and get them to cough up, so I'm not sure what the point is here.
> stops being maintained and the lack of updates makes it fatally insecure or something
which doesn't happen instantly. For example, the end of life of the old java versions (1.5, 7 and 8 etc) - plenty of companies simply just paid a support fee and get support, while others paid to upgrade (or even change stack).
Most open source software, even with lack of updates, does not immediately start failing. The huge amount of time and leeway, even with security issues, is what prevents it from being critical, and prevents OSS from causing a bankruptcy.
> what prevents it from being critical
Well, there's plenty of mission-critical FOSS used by plenty of companies. But you are right in that it doesn't just fail one day, and companies have plenty of time and options for dealing with abandoned FOSS.
(Which is one of the major benefits of FOSS. It's more likely with proprietary software that it can just disappear one day, with little recourse for users.)
> For example, the end of life of the old java versions (1.5, 7 and 8 etc) - plenty of companies simply just paid a support fee and get support, while others paid to upgrade (or even change stack)
And plenty others simply keep using the old 1.8 version because there's no budget to upgrade and there's no budget to 'pay a support fee'. And there's no budget to 'change stack'. Because... there's no budget.
Convincing people you need to upgrade or switch to keep current is often a hard problem, and sometimes has to be done with "you'll get all these new features!". But often "hey, we need some money to upgrade system X" is met with "hrm... it's software! It doesn't rot!".
> paid a support fee and get support
And your point is?
Me: "I think you cannot get corporations to cough up without some ridiculous extreme event like a behemoth dying. And I'm not holding my breath that would really do it."
You: "Your extreme ridiculous scenario is extremely ridiculous and here's why..."
Rinse and repeat.
> if it stops being maintained and the lack of updates makes it fatally insecure or something, it can become effectively obsolete.
Sure, but that won't happen immediately when the maintainer abandons it. It might not happen at all. There's usually going to be plenty of time for a company to switch to an alternative, or even take on maintainership themselves.
> because a critical open source piece shut down.
unless they're using some sort of hosted service for free, this cannot be critical. After all, software doens't rot, and they could continue to use the existing release until a (new) solution is found.
Look at how crowdstrike triggered outage didn't cause bankruptcy - that is more critical than most OSS would be.