Hi Jan, On 14/03/2022 19:43, Jan Holesovsky wrote:
Hi Paolo,Paolo Vecchi píše v Po 14. 03. 2022 v 17:07 +0100:I have to agree with you that the process seems to be too cumbersome and it would very likely lead to the end of the project, so may as well delete it, or to forks that will never come back.Interestingly when I've read the de-atticization part of the attic proposal, I had the feeling it goes well with your proposal that when a commercial entity wants to contribute a project, they have to go through extra scrutiny? What has changed, please?
Nothing has changed at all.As already explained also to Allotropia in regards to their WASM project I asked if they could officially present their project to TDF in a page or 2 where they also state what part of the project hosted at TDF will be made available for free to the community in full respect of our statutes and mission to lead by example and show that commercial contributors are very welcome, we don't want to complicate things but the relationship should be clear from the beginning to protect each others interests.
That's the same thing that should have happened with LOOL to clarify what type of relationship was there between TDF and the commercial contributor but the commercial contributor decided to clarify it in its own way.
As plenty of time has passed by since LOOL has been forked I would even propose to just re-open the repository and let the community decide if they are actually interested in contributing to it. With my developer hat on (ie. not Board, not Collabora), I'd like to point out that you should consider the implications of potential or real security issues. How do you want to force the community to fix those? [I mean, who will be the actual people actually fixing those?] What if the re-opened repo gets a CVE?
A bit of a shame that LOOL's repository was blocked when we had a bug bounty going on as maybe it would have discovered other security issues but yes we are all aware that there are CVE present in there and it would be up to those that start working on it to look at them and fix them.
We may discover that the community is actually interested in contributing to a LOOL which is unlikely to reach features parity with other similar products but that is good enough for some use cases where basic features and a lightweight component is needed.Still with my developer hat on, I think you underestimate the complexity of the Online editing problem; the programming was just completely different 25 years ago (I think you said you used to be a developer then?).
I used to be a developer and stopped about 25 years ago as I fancied taking on new challenges.
It's true that through the 80s and 90s software development was different but I can assure you that there were levels of complexity that aren't that different from today's systems and the tolerance for errors were probably a lot narrower.
The problems that the Online has to sort out are complex; like extremely complex; like nobody-25-years-ago-could-imagine-how-much complex: Lots of asynchronous communication, performance implications (on many levels - in C++, in C++/JS combination, in JS, on the network), limitations of JavaScript, limitations of various browsers, and more. And solving these problems is painful, there are no good tools to debug the C++ / JavaScript combination, developers who love C++ hate JS & the other way around, etc.
I bet there are quite a few older developers that would tell you that 25/30 years ago we could imagine those level of complexities as in substance nothing much has changed. I would go as far as saying that you have a lot more tools and information that we had back then and that it was probably much more difficult to handle communication and code optimisation, when we had to deal with X.25 networks, modems and a few MB of RAM, than it is now.
So, yes, I do fully understand what you are talking about.
In other words, from the development point of view, there is no "basic features and a lightweight component" possible for the approach that COOL / LOOL is using.
Maybe a small number of passionate and capable developers will be able to fix the CVEs and bring LOOL to a state where it could work well with the features left since the fork for those that don't need new fancy features.
The point is that we don't know until we open the repository and let people know that is available with all the relevant warnings.
If no one will take on the challenge within 12 months then we will know that there is no even point to put it in an "attic".
All the best, Kendy
Ciao Paolo -- Paolo Vecchi - Member of the Board of Directors The Document Foundation, Kurfürstendamm 188, 10707 Berlin, DE Gemeinnützige rechtsfähige Stiftung des bürgerlichen Rechts Legal details: https://www.documentfoundation.org/imprint
OpenPGP_signature
Description: OpenPGP digital signature
