-
Notifications
You must be signed in to change notification settings - Fork 365
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dotenv
crate is implicitly unmaintained
#1254
Comments
I wonder whether pandemic time should count differently from non-pandemic time... anyway, I see that the maintainer appears to be ZoeyR, who is one of a number of Rustaceans who have vanished from Rust circles after going to work for a certain company (I suggested she wear telemetry gear so we could try to find out what happened to the others, but she just laughed 😉). @est31: are you still in contact with ZoeyR? |
Yes she's still alive and I had recent contact with her. I've sent her a DM on discord, let's see whether she reacts. |
@est31 Any updates from them? |
No reaction, I'm sorry. |
The current guides on this say this:
it also says 90 days for contact attempts, so imo this should wait longer. |
I wouldn't oppose waiting longer if that would be less controversial, but a 90-day period has elapsed since
|
Has anyone tried contacting @sgrif ? They are listed as crates.io owner of the crate and also have write access on github. The dotenv crate has a lot of downloads (>1 million recent!) so it would be good if it were maintained, even if a maintainer change is necessary. Also pinging @VictorKoenders as they have more contact to Zoey than me. |
This comment was marked as off-topic.
This comment was marked as off-topic.
You are not directly involved but you have power to make progress on this issue. I'm very glad that at least you give any response at all, and am hopeful that you will be of help. One day you will probably be in the same shoes as the users here, who want to get fixes merged but they don't get merged because maintainers are unresponsive, e.g. for dotenv-rs/dotenv#72 I just want to avoid the more painful migration of the ecosystem to more maintained forks of the crate. Anyways, I suggest people (edit: ONE person, not everyone) to contact sgrif via twitter DM as they seem to be active there, and because the biggest user of the dotenv crate is diesel, for which sgrif has successfully made a maintainership change. I don't have much of a stake in this either I'm afraid. |
If a person knows a maintainer, it doesn't give them the power to make any progress on the issue. I don't know about others but I wouldn't always want people in a personal circle to ping/ask/discuss about some open source maintainance. I don't see why Victor should be pulled into this issue. |
FTR for "progress" i put the bar pretty low. I meant getting any reply at all even if it is "I don't have the time to do maintenance of this crate at the current moment" or something. Sometimes people genuinely don't notice if you ping them directly on github, don't see e-mails in their inbox, etc. I once had to ping a maintainer of a similarly widely used crate on another repo, and they were actually responsive and even explained to me why they are not merging PRs (i didn't even ask for a why, but ofc i was happy that I got it explained). I suppose they had turned off notifications from the main repo. Such statements are genuinely helpful to assessing whether the community should switch to a more maintained fork or not. If I understand it correctly, rustsec is about to categorize dotenv as unmaintained, at which point, correct me if I'm wrong, it would end up causing warnings for way more people than just the ones in the personal circle of the dotenv maintainers (>500 direct reverse dependencies, but probably only a subset do rustsec db based warnings). If there is the chance that the maintainers still want to maintain it or give it to others, then it should be considered first. Ghosting creates this uncomfortable limbo state that is not very helpful to users at all. Also I want to point out that Victor and Zoey have common open source projects (see bincode). Anyways this is my last message in this thread, I don't want to get involved in this any further. I'm here because I was pinged myself (see above), and thought I could be of help. I wish the affected users good luck, I'm out. |
Marking any crate with millions of downloads as unmaintained is going to be quite noisy, and in that regard if anything I'd prefer people be overcommunicative with maintainers and adjacent when doing due diligence on a particular crate's status. Likewise someone who is a crates.io owner for a particular crate is definitely not "random people" and I have marked comments to that effect off topic. Keep discussion in this thread on the topic of determining |
scary |
@Hezuikn you are not being helpful. Also, for the record, the claim you quoted was wrong, she actually is still in Rust circles, just moved to different ones. |
Do we have alternatives / forks ? There is a fork now called dotenv-rs/dotenv#79 dotenv-rs/dotenv#74 (comment) However dotenvy hasn't had a release since March - repo was updated 9 days ago. So that we don't have another situation like this - Would it be helpful to have more than one maintainer for it or have a backup plan ? Note: I would be slightly hesistant to proceed with unmaintained when the crate says it is intended to be used only in test / dev env - nonetheless there are associated monorepo crates which don't mention this and are used elsewhere Cheers |
i am ready to help maintain it if needed and form a team to increase the bus factor if either the old maintainers or the envy ones are interested |
@Dylan-DPC I'm the maintainer of dotenvy. Thank you for your interest on this topic. I've invited you to the repo. |
thanks i got it |
This reply is based on my comment on #1359.
Release v0.15.2 was put out today.
@Dylan-DPC was added to the repo on Aug 14. I'm still kicking but I appreciate your thoughts of contingency ;)
As stated on the README, dotenvy is convenient for dev environments. This does not mean that it is not intended for prod. I created the dotenvy fork because I noticed that dotenv-rs was inactive. Happy to help improve dotenv on Rust ~ |
As of May 21st, 2022, https://github.com/dotenv-rs/dotenv 's latest version is 0.15.0, which was published on October 22nd, 2019. And the latest commit is 3c1a77bc95821777e5ceb996c5e0b082f2a3ea38, which was pushed on Jun 27th, 2020.
On Dec 24th, 2021, someone asked the project status on Current maintenance state · Issue #74 · dotenv-rs/dotenv but there's no response from the maintainers.
I'm not sure how long "prolonged period" refers to, but this crate is a candidate for an "unmaintained" crate, I think. At least we should monitor how things are going there.
The text was updated successfully, but these errors were encountered: