Is it still actively maintained?

[meglio]

The website says Jobber is stable, but there are 59 open issues in Github, some of them looking like bug reports.

So my question is, whether this is production ready and still maintained? Please advise.

[dshearer]

Sadly, not really.

…

On Aug 21, 2021, at 7:18 AM, Anton A. ***@***.***> wrote:  The website says Jobber is stable, but there are 59 open issues in Github, some of them looking like bug reports. So my question is, whether this is production ready and still maintained? Please advise. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[meglio]

Could you please update the README and say so?

[dshearer]

Done :'(

[meglio]

Many thanks, we'll save time of others trying to understand the same thing.

[dargmuesli]

Hey there, I'd like to fix at least #330 and #325. Would it be possible to add me as a maintainer, maybe temporarily?

[dargmuesli]

I'd also be open for becoming a permanent maintainer to take care of urgent fixes, in case critical issues come up @dshearer ✌️
I wouldn't work through those 60 issues, at least not right away, but I'd be there to review and merge pull requests. What do you think about that?

[dshearer]

Interesting. Let me give it some thought.

…

On Sep 7, 2021, at 8:58 PM, Jonas Thelemann ***@***.***> wrote:  I'd also be open for becoming a permanent maintainer to take care of urgent fixes, in case critical issues come up @dshearer ✌️ I wouldn't work through those 60 issues, at least not right away, but I'd be there to review and merge pull requests. What do you think about that? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[dargmuesli]

@dshearer Have you come to a conclusion yet? 🙈 I'd be there to oversee the community's contributions :)

[dirtyharrycallahan]

Beware of supply chain attacks. There have been quiet a few cases where the repository owner gives control or transfers their repository only to see bad actors inject malware into the project. If someone really wants to maintain it they can fork the project.

[dargmuesli]

Ouch, but valid point. As valid as the possibility that the repo's original author could attack the supplychain themself anytime. That's what sha-pins and audits of dependency versions on the dependent's side are for.