I recently read the first half of Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure by Nadia Eghbal as an assignment for my FOSS course, and I really enjoyed it. I plan on finishing the other half of the paper when I find time next week, but for now I have to focus on my schoolwork. Eghbal is a software developer and an advocate and researcher for open source software.
Her paper is all about the influence of open source software and the world's reliance on the tools made by unpaid programmers making a project as a passion or by necessity. It's a great read on the prevalence of FOSS, as well as the benefits and shortcomings that come along the way. I really enjoyed the articles discussion of the lack of organization and contributors as well as the small figures describing different open source tools with short bios of how they were developed and by who. While it is very verbose, I really think that this article was worth the read.
Eghbal posses some really interesting questions about the future of open source software, that she doesn't provide a clear answer to in the sections that I've read thus far. How do we plan on incentivizing more people to contribute and maintain code to help fix the offset between contributors and users? She points out that the large number of people now using open source tools greatly outweighs those contributing to it, leaving the owners of the project with too much work to do. She also asks whether its ethical or logical for open source projects to take large amounts of money from ventures without plans for return on investment, describing a lot of these projects as 'loss leaders'. She paints a bleak picture for projects like OpenSSL and other projects that are soon to run out of funding or have maintainers retire.
I was also required to read an issue thread on npm 5.7.0 as well. The post is very clear on what issues the user had and what they did to cause the issue. npm 5.7.0 was causing file permission changes and the user was simply reporting the issue and telling the team how to reproduce it, but the comment thread was a huge dumpster fire. Apparently people trying to update the the npm package were getting a pre-release that clearly wasn't working. The thread quickly turns into a huge argument over whether or not it was the user's fault for negligence, or the maintainter's fault for not clearly labeling that it was a pre-release (running
npm install would install 5.7.0). People began discussing a topic that Edgal discussed in her paper: that there are only two people maintaining this critical tool used by countless numbers of people. The thread got so bad that the maintainers had to restrict access to the thread. The new repo for npm doesn't even have an issues section to post on, while the old one is sitting at a cool 2000+ issues right now. No wonder they seemed overwhelmed.