OSS maintenance, what does it means?
I'm maintaining (and developing!) a few Apache projects:
- Apache MINA: A Java NIO framework
- Apache LDAP API : A LDAP Java API
- Apache Directory Server: A LDAP server in Java
- Apache Directory Studio : A LDAP browser based on Eclipse
- Apache Mavibot : A MVCC database in Java
Those are quite old projects (Apache Directory Server was created in 2004, and incubated in 2005). 20 years old actually!
What does it means in term of effort?
The language
All those projects are written in Java, and it was started using Java 4 (actually, the reason Alex Karasulu started to develop the LDAP server back in 2003 is that it supported NIO, which allowed an unlimited number of connections, something that was quite a limitation with Java 3 blocking IO when it comes to manage thousands of concurrent connections.
We are now supporting Java 8 to 21, which means Java 4, 5, 6 and 7 are not anymore supported.
The question is: why do we still support Java 8? Back in 2023, around 30% of Java users were running their applications based on this version. This sounds insane, but you have to keep in mind that when it works, don't even try to fix it. Also the recent Java release policy has make it so that releases are way more frequent, otherwise we would be around version 10 or 11 today.
Also there are not so many new features since Java 8 that worth the effort. I mean Java 8 already has lambda, and the added features aren't that critical, up to Java 21, which introduced Virtual Threads.
Last, not least, Oracle has changed its policy so that it was not anymore free to use Java in production (they reverted back since then).
So we are good to go with older version of the language.
Are we?
Dependencies
When it comes with dependencies, the language version matters. For instance, if you depend on SpringFramework, then suddenly you can't migrate to the latest maintained version, 6.X. It requires java 17 :/
So now we are at a cross road, where some dependencies are evolving faster than we can cope with. What can we do?
First of all, check if the dependency is really that necessary. Regarding SpringFramework, it is used in two MINA modules, one containing some examples, the other one is based on a defunct container project (Apache Geronimo Xbean).
The question is to keep this dependency (and being incapable of updating the dependency) or removing it from the code base (and breaking the API contract).
The thing is that some very old versions of what we maintain are still being used as of 2024. Here is a snapshot of the MINA download statistics for last month. 5% are for a 12 years old version (2.0.7, released in November, 17, 2012!).
Mina download statistics |
So we are kind of stuck, and expecting users to upgrade to a more recent version is putting a lot of burden on them.
The other problem with dependencies is that even if we don't include them in the release packages, we may use some for tests. I'm thinking about mock libraries, for instance. Making a choice a decade ago stuck you for a very long time, unless you are willing to migrate potentially thousands of tests.
For instance, I have spent 3 months migrating all the MINA and Directory projects to Junit 5 last year. Not the best usage of my precious time :/
The very same with Log 4J which is stuck in an old version (1.X). Migrating to Log4J 2.X would require a massive effort.
What about projects versions?
We maintain more than one version of each project:
- Apache MINA is supported in three versions, 2.0.X, 2.1.X and 2.2.X
- Apache LDAP API is supported in two versions, 1.0.X and 2.1.X
This requires a lot of effort, with some backportings, releases, documentation, including migration howtos.
Is it necessary?
Yes, and no. yes, because when you are committed with a given version, migrating can really be a burden. The API change, the updated dependencies, all are going into your path.
So as a maintainer, you are going to make a choice at some point: when to deprecate a version and tell the users they *must* migrate.
OTOH, a feature addition or an API change are not that frequent in decades old projects, so switching to a new version is not that frequent either.
The development environment
Projects are getting older, developers are leaving, and you are still around and in charge. This is a volunteer organization, nobody forces you but still: you have to deal with all those external evolution.
For instance, your projects were using SVN, and it's migrating to Git. Load of effort on you side !
Your favorite IDE is also evolving, and some developers are using an IDE you don't like or you do'nt want to spend days to learn. That's also something to deal with.
What about the build tools? We migrated from Maven 1 (yuk) to Maven 2 (slightly less worse) to Maven 3. Some were pushing to switch to Gradle. Still, you have to learn how to use each of those versions, and each of those tools.
GitHub was a big revolution, and nowadays almost all the tickets are submitted through a PR, while we are still using Jira. That means we have to regularly check both environment, and move PR from GitHub to Jira for a better followup: more work!
Did I mention the web site? In the course of 20 years, we moved from a static web site, to a generated one based on Confluence, then to the (now defunct) ASF CMS system, and lastly to Hugo. Again lots of work!
Is it worth it?
Yes! Because thousands of developers around the world are using those projects. Because it's rewarding. Fixing bugs is always an immediate satisfaction.
Bottom line, maintainers are dedicated persons who like keeping a clean place. And I'm proud of being one of them!