Engineering Formality and Software Risk in Debian Python Packages
CoRR(2024)
摘要
While free/libre and open source software (FLOSS) is critical to global
computing infrastructure, the maintenance of widely-adopted FLOSS packages is
dependent on volunteer developers who select their own tasks. Risk of failure
due to the misalignment of engineering supply and demand – known as
underproduction – has led to code base decay and subsequent cybersecurity
incidents such as the Heartbleed and Log4Shell vulnerabilities. FLOSS projects
are self-organizing but can often expand into larger, more formal efforts.
Although some prior work suggests that becoming a more formal organization
decreases project risk, other work suggests that formalization may increase the
likelihood of project abandonment. We evaluate the relationship between
underproduction and formality, focusing on formal structure, developer
responsibility, and work process management. We analyze 182 packages written in
Python and made available via the Debian GNU/Linux distribution. We find that
although more formal structures are associated with higher risk of
underproduction, more elevated developer responsibility is associated with less
underproduction, and the relationship between formal work process management
and underproduction is not statistically significant. Our analysis suggests
that a FLOSS organization's transformation into a more formal structure may
face unintended consequences which must be carefully managed.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要