維護開源項目,我太難了

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最近,零日漏洞代理公司Zerodium"},{"type":"link","attrs":{"href":"https:\/\/mobile.twitter.com\/Zerodium\/status\/1399776303918821384","title":"","type":null},"content":[{"type":"text","text":"宣佈"}]},{"type":"text","text":",正在尋找影響 Windows 和 Linux 上Pidgin的零日漏洞。爲獲得其零日漏洞,該公司出價10萬美元。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/de\/de5f9fa60c7efd88e53e579bc58ad768.jpeg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Zerodium官網顯示,Pidgin的零日漏洞收購時間從2021年6月1日到2021年8月31日。該公司"},{"type":"link","attrs":{"href":"https:\/\/t.co\/VL04uBvgUj?amp=1","title":"","type":null},"content":[{"type":"text","text":"寫道"}]},{"type":"text","text":",“我們正在尋找影響Windows和Linux上Pidgin最新版的遠程代碼執行漏洞。這個漏洞應該能在默認安裝下起作用,且除閱讀消息外,無需用戶任何交互。“"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對此,網名叫Gary Kramlich的網友發"},{"type":"link","attrs":{"href":"https:\/\/mobile.twitter.com\/rw_grim\/status\/1399817799657218059","title":"","type":null},"content":[{"type":"text","text":"推文迴應"}]},{"type":"text","text":",“這真實表明了開源軟件悲慘的資金狀況。去年,我全職爲維護Pidgin項目工作,薪水只有2.5萬美元,但是如果你能在我的工作和其他人的無償工作中挖到安全漏洞,你賺取的收入將是我的4倍。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據悉,"},{"type":"link","attrs":{"href":"https:\/\/zh.wikipedia.org\/wiki\/Pidgin","title":"","type":null},"content":[{"type":"text","text":"Pidgin"}]},{"type":"text","text":"是一款免費和開源的多平臺即時通訊客戶端。早在2007年,Pidgin已經有300萬名用戶。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據Tidelift發佈的調查報告顯示,近50%開源項目維護者拿不到任何報酬。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"開源項目維護,太難了"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此前,坐擁百萬用戶的開源項目Babel引起開發者關注。Babel"},{"type":"link","attrs":{"href":"https:\/\/mp.weixin.qq.com\/s\/8ejAmP1su-BijzV_7EUpRQ","title":"","type":null},"content":[{"type":"text","text":"宣佈"}]},{"type":"text","text":",儘管有 Airb nb、Facebook、Salesforce、Gitpod、GatsbyJS、Discord 和 Elastic 等企業的贊助,但由於花錢速度繼續高於獲取捐贈的速度,項目儲備資金目前只夠維持到 2021 年底。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"去年,Redis之父"},{"type":"link","attrs":{"href":"https:\/\/mp.weixin.qq.com\/s\/RuRizLwmDxWq1_TxiX9apQ","title":"","type":null},"content":[{"type":"text","text":"宣佈"}]},{"type":"text","text":"退出開源項目維護,他說:“最近幾年來,我每天的工作內容發生了很大變化。我把大部分精力花在檢查其他開發者提交的 Redis 代碼、改進代碼質量以及提升軟件正確性、速度與安全性方面。但我真的不喜歡這類維護工作。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"更重要的是,這種全年無休的上班生活讓他無法放鬆,從而無法做一些創造性的工作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"甚至對於全球頂級的開源項目Linux,Linux 之父也很擔憂沒人繼續維護內核。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"開源項目維護者的窘境:工作忙,薪水低"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據悉,開源項目維護工作是一項艱鉅的任務。如果說開發者的職責在於修復 bug、新建功能,而審查者的職責在於把控代碼質量,那麼維護者就是要讓開源項目長久穩定地持續下去。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可以想見,正常的開源項目中必然是開發者多於審查者、審查者又多於維護者。維護者相當於一支管弦樂團中的指揮角色。如果開發者沒能修復 bug,維護者需要及時救場;如果代碼未經審查,維護者也得儘快介入。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"另外,對於像 Linux 這樣的大型項目,每週維護者大約需要面對數百項代碼補丁,工作強度可想而知。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"另一方面,大多數開源項目維護者“窮的可伶”。雖然Linus Torvalds和Kroah-Hartman等Linux頂尖維護者的收入確實可觀,但是Tidelift的一項最新調查發現,46%的開源項目維護者根本拿不到任何報酬。即使在擁有報酬的維護者中,也只有26%的比例年均工作收入超過1000美元。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這實在太可怕了!"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據Linux 基金會開源安全基金會(OSSF)與哈佛創新科學實驗室(LISH)最近發佈的 2020 年 FOSS 貢獻者調查報告顯示,開發者參與開源項目的首要原因,在於添加自己需要的功能或者是改進正在使用的功能;第二大原因就是享受學習感、滿足感、創造性以及令人愉悅的工作內容。最後一條,纔是獲取報酬。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但是,不管你是開發者,還是審查者或維護者,這並不代表獲取報酬不重要。ZDNet對此評論,“志願服務的目標在於自我實現,而非無家可歸。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據Tidelift的調查表明,大多數人只是還沒開始留意貢獻工作的無償屬性。在年收益不足 1000 美元的受訪者中,只有 18%表示自己對報酬較爲看重;但每年能拿到 10000 美元以上的維護者中,高達 61%的受訪者開始正視薪酬的重要意義。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Tidelift 公司 CEO 兼聯合創始人 Donald Fischer 表示,“整個世界都依賴於開源組件爲應用程序提供動力,但我們的調查數據顯示,負責建立並維持開源體系良好運行的維護者們並沒能拿到適當的收益。必須開闢出一條更安全、更健康的開源軟件供應鏈發展道路,也必須保證能有更多的志願維護者能因自己做出的卓越貢獻拿到充足的報酬。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在調查當中,近半數受訪者(49%)將“我的工作完全沒有或者沒有得到相應的經濟報償”作爲不想擔任維護者的首要原因,其次則是“會增加我的個人壓力”(45%)以及“感覺不受重視、或者會喫力不討好”(40%)。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"事實上,超過半數(59%)的受訪維護者已經或者正在考慮退出項目維護工作。而維護者同時管理的項目越多,決定中途放棄的可能性就越大——在同時管理10個甚至更多項目的維護者中,有超過三分之二(68%)已經退出或者正考慮退出。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"寫在最後"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當今,開源已經成爲一股潮流,開源文化流行,開源項目層出不窮。但是,我們也看到無數的開源項目逐漸衰落,被人遺棄,被人淡忘。想讓一個開源項目具有長久的生命力,開源項目維護無疑是亟待解決的首要問題。"}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章