Wednesday, March 13, 2013

All roads lead to Rome

I'm a Fedora Packager. I (amongst others) take care about Eclipse in the Linux world. And one symptom of that care is prodding everyone else to update or drop dependencies. So, if your project suddenly gets a number of bugs open:
  • 398103: adopt latest jsoup
  • 402882: relax requirement on lucene
  • 398102: adopt latest jdom
  • 398100: adopt latest org.apache.commons.lang
  • and so on and so on...
you may be sure it's me. Let's just say that I believe that broad cooperation between open source projects is a must, and staying too long with an outdated dependency is harmful for both, consumer and producer.

Today, I tried to address a bug opened not that long ago:
  • 398084: Adopt rome 1.0
"ROME is a set of RSS and Atom Utilities for Java that is open source under the Apache 2.0 license." to quote their webpage and explain a bit what is this library for.

The said news is that ROME is effectively dead. The last comment from the project author is more than one year old. Project webpage offers 'Related searches'. The source repository does not contain a single tag. Their mailing lists contains spam traffic.

In a normal situation I'd just look for a replacement, but this case is different. There is NO replacement. It looks like a technology shift killed it. There's no need for a new version of RSS or Atom, so project matured and died.

Unmaintained library is a pain. It's a security hole. And will, sooner or later, damage the consumer.  But what to do, if there is no alternative? Hope for the best?