> Yep, you're definitely not wrong. We see it all the time on GitHub. If a project hasn't gotten a new commit in 2 days then the project is claimed dead.

There is a difference between being dead and not actively maintained. If a popular FLOSS package isn't touched for many moons, do you think it just means it's done?

I wish the underlying platforms would also consider providing a "done" version now and again, instead of bundling bug/security fixes with new problems. You can rarely just write something and call it done on something like Android. Anything other than a simple crud/webview wrapper will usually need to use permissions of some sort to do useful things, and as soon as you start using anything like that, your code is probably obsolete in a day or two.

There's nuance here. Is it not being maintained because it does what it is supposed to do and there aren't any issues with it? Or is there a growing pile of issues being opened with no activity around them?

> There's nuance here. Is it not being maintained because it does what it is supposed to do and there aren't any issues with it?

The day you find a software project still in use that is done is a day worth remembering.

That's what I'd expect if I see a project with no commits in 2 years. Not 2 days.

There's ton of perfectly usable 2-years old software.

I suspect that CVE inflation has poisoned the minds of many developers.

A db driver may have an issue with unsanitized user input when run against SQLite, but you only use it with oracle and sanitize input anyway, but that shows up as a 9.1 critical deployment blocker for corporate employees.

Unexploitable CVEs with inflated ratings make using any open source software a pain in the butt at BigCo.

Old does not mean vulnerable.

> They lack security updates

Very few projects update dependencies that often, and only very big ones are found with security issues that often.

> lack integrations with new platforms

You don't need a new intration _every 2 days_, not to mention that many projects don't need such integrations at all. Moreover some popular and updated projects lack such integrations despite having lot of commits.

> lack support for new HW architectures

This is something that many projects get for free. But also, you don't get a new HW architecture every 2 days.

> lack newer privacy guarantees

What more privacy guarantees do I need from projects that don't communicate with external services or store data at all?

People who are earnestly engaging with their point have assumed “two days” was hyperbole so that they can instead respond to the greater idea, yet you have not: you’re stuck on an unserious detail like it’s the lynchpin of their claim.

Certainly that depends on the nature of the software. For instance, I don't expect some header-only library that does what it's supposed to do to ever need updating.

> Certainly that depends on the nature of the software. For instance, I don't expect some header-only library that does what it's supposed to do to ever need updating.

If it's a headers-only library in a language such as C++, if the project is not dead then the very least anyone would expect from it is being updated to support any of the modern C++ versions.

Also, if the project is actively maintained then there is always a multitude of low-priority issues and features to address.

Being FLOSS also means anyone in the whole world is able to contribute anything. If no one bothers to do so, that is aligned with the fact the project is indeed dead.

> If it's a headers-only library in a language such as C++, if the project is not dead then the very least anyone would expect from it is being updated to support any of the modern C++ versions.

Did I miss a new C++ version released <2 days ago perhaps?

> Did I miss a new C++ version released <2 days ago perhaps?

You certainly are missing something. C++26 was officially released 4 months ago, and support is slowly being rolled out to compilers and packages.

https://en.cppreference.com/w/cpp/compiler_support/26.html

If you somehow believe this kind of work is done in a couple of days, that's a good way to explain to the world how oblivious you are about the topic you are discussing.

> If you somehow believe this kind of work is done in a couple of days, that's a good way to explain to the world how oblivious you are about the topic you are discussing.

And, in turn, you appear to be oblivious to the point - the release cadence of this best-case scenario still means like a decade between updates to the project.

C++26 was released 4months ago; pointless to update it until compilers and deps are updated. So, best case is maybe you'll have complete bug-tested support in the supported compilers in 2030.

If we're looking at 2035-ish for the next release, we're still only looking at 2040 before you update.

You still have to take into account that updating might not even be necessary. It's not like C++ < C++26 suddenly doesn't work.

> And, in turn, you appear to be oblivious to the point - the release cadence of this best-case scenario still means like a decade between updates to the project.

It doesn't seem you are managing to think the issue all the way through. Even if you believe you can claim that release cadence is a factor, C++26 is the latest release in a process that outputs a new version every two years. Therefore, your argument would lead you to agree that there is a greater need for maintenance as there are more releases still evolving.

> C++26 was released 4months ago; pointless to update it until compilers and deps are updated.

This is a silly argument to make. At best you are trying to argue that you somehow believe maintenance needs aren't as urgent. Except urgency is irrelevant to the discussion, and the whole argument is derived from specious reasoning to begin with.

It sounds like you are fully invested in contrarianism and not invested at all in thinking about the issue you are trying to discuss. This is not the best use of anyone's time.

You'd come to correct conclusions if you attacked arguments not people.

Right now you don't stand a chance.

> You'd come to correct conclusions if you attacked arguments not people.

I refuted what arguments you tried to put together by pointing the specious reasoning behind them.

You chose to avoid the issue because you know you can't put together an argument in it's defense. No need to try to come up with an exit, mate.

> I refuted what arguments you tried to put together by pointing the specious reasoning behind them.

You're confusing me with the person at the top of the thread. My response to you was to point you in a subtle way that you are attacking people, not arguments.

Read through your posts - the bulk of your "refutation" is basically calling the other person ignorant.

Ironic, I know.

I think you lost the original context:

> If a project hasn't gotten a new commit in 2 days then the project is claimed dead.

You don't need a commit every day to support C++26, and surely not every day for 3 years until the next major version releases.

> If it's a headers-only library in a language such as C++, if the project is not dead then the very least anyone would expect from it is being updated to support any of the modern C++ versions.

C++ versions are backward compatible. You don't need to modify code that works just to use recent languages features that you don't need.

Maybe some of them. There are plenty of old projects that still build and run fine.

TCL/Tk 8.6, AWK, tons of shells, SDL2 versions, OpenMotif releases frozen in time...

As they stated, tons of 'renewed' stuff are snake oil today. They add nothing new.

Snake oil