External Risk which could affect Leshan Project

[sbernard31]

I tried to create a wiki page which lists all known external Risks/Challenges for the project. External means that Leshan project itself has little or no control on it.

I created this issue to discuss about the page itself in a general manner.
If you want to talk about 1 particular point (e.g. begin to discuss about how to address that point) maybe better to create a dedicated issue.

By the way in the page, I used Challenge wording ... I don't know if risk is better or if there is a more appropriate word ?

[sbernard31]

@JaroslawLegierski, @mgdlkundera, @cyril2maq maybe this could interest you ?

[JaroslawLegierski]

Super analysis - Thank You. I was aware of the issues with OSCORE but lacked knowledge regarding the status of Californium and others libraries 😕 .

[sbernard31]

(After some discussion with main java-coap maintainer, I updated the page with more pro about java-coap and mbedtls binding)

[boaks]

Just for those, who want to get their own impressions about contributions:

java-coap

leshan

californium

For me, all three looks very similar; mainly one person does the job ;-).

So, cross the fingers, that I'm the only one, who needs to reduce the time.

[sbernard31]

For me, all three looks very similar; mainly one person does the job ;-).

Leshan is a bit out of scope here as this is about external risk.
Potential lack of contributor/committer for Leshan is an internal issue and there is effort made to involved new contributors.

For java-coap, according to main committer there are few guys who work on it but yes as often there is one committer more active than other.

And if you look at last year contribution you can see a bit more differences :

• java-coap
• leshan
• californium

Anyway, one big difference is that, for now, Leshan and java-coap main committers do that in their paid time and companies which paid them include the component in their platform.

So, cross the fingers, that I'm the only one, who needs to reduce the time.

I can not tell the future, I just tried to identify potential risk based on several hints and see if we can mitigate it.

[boaks]

I guess, for quite a lot of users it doesn't make a too big difference, if a risk is external or internal to a project.

For Californium it's not a risk, your point is fact.
For the other project it's only a risk, but I guess, everyone who has concerns about that, knows the situation in her/his own company. Even with Top Priority: Connectivity (see page 17), quite a lot of companies don't invest in it. For me that causes to "reduce things to a sustainable core", we will see, how that affects the IoT landscape.

Let's see, what the future brings.

[jvermillard]

Maybe it's time to put in place some actions to attract contributors and/or funding?

[sbernard31]

For Californium it's not a risk, your point is fact.

In the present, it's a fact. but for the future this is just a hint. Nothing sure, maybe unexpectedly in 1 year, a company will be involved in the project bringing new active contributor or your will be hire again to work on it. 🤷

Maybe it's time to put in place some actions to attract contributors and/or funding?

Is it about Leshan or Californium ?
If this is about Californium maybe better to create a dedicated issue.
If this is about Leshan, ideas are welcome 🙂 (but also maybe in another issue 🤔)

[jvermillard]

Is it about Leshan or Californium ?

I mean Leshan, I created issues for Cf in the past