For the past eight(8) years Schalk Neethling has been working as a freelance developer under the pseudo of Volume4 and is now the president of Overt Strategy Consulting. During this period he has completed over 300 projects ranging from full web application development to complete branding. As president and lead developer of Overt Strategy Consulting, Schalk Neethling and his team has released a 100% Java standards based content management system called AlliedBridge and business document exchange and review system, called Doc-Central. Schalk Neethling is also actively involved on a daily basis in the open source, web standards and accessibility areas and is a current active member of the Web Standards Group. Schalk is also the co-founder and president of the non-profit The South Web Standards and Accessibility Group, which aims to actively educate and raise awareness of web standards and accessibility to both the developer society as well as business large and small. Schalk also has a long relationship with DZone and is currently zone leader for both the web builder, css.dzone.com, as well as the .NET zone, dotnet.dzone.com, and you can find a lot of his writing there as well as on his blog located at schalkneethling.alliedbridge.com. Schalk is constantly expanding on his knowledge of various aspects of technology and loves to stay in touch with the latest happenings. For Schalk web development and the internet is not just a job, it is a love, a passion and a life style. Schalk has posted 173 posts at DZone. View Full User Profile

Open Source : How Do You Stay Up To Date?

01.10.2009
| 19262 views |
  • submit to reddit

I Love the concepts and beliefs behind Open Source. I use Open Source libraries, applications etc. all the time. One of the things I have always found a challenge though, is knowing when a new release comes to be.

Not only that, is this a simple point release, a major release or a security release. For the most part I want to stay up to date, especially with the libraries I use, when a security release is made. Currently I play the, I hope I have the most stable, most secure version game. However, I always thought that having a single place where I can sign-up to be informed about releases would be awesome.

Do you have a way to do this or, are you subscribing to a multitude of RSS feeds and mailing lists to stay informed? 

Published at DZone with permission of its author, Schalk Neethling.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Comments

Geertjan Wielenga replied on Sun, 2009/01/11 - 10:38am

Maybe DZone could offer a place where open source projects could register themselves and announce when a new release comes out, all within one page for easy searching?

Ahmed Gaber replied on Sun, 2009/01/11 - 11:58am

Although it is very hard to monitor all the opensource releases of applications and libraries, I think it would be more efficient to make a page that monito the most known OpenSource Applications, I myself begin to make index for the tools I use in my work (Web Development) including the JS libraries, Applications (Wordpress, Drupal) and so,

if somebody like to share me my Index, I'm available

I'm with Geertjan, that DZone could provide a page for opensource projects.

Varun Nischal replied on Sun, 2009/01/11 - 12:41pm

At first glance, it looks such a small post and I was amazed that it was published over here, seriously I had not even looked at the content, just a quick view made the first impression..

However, I read it once in surprise and could understand what its all about.. Its infact an interesting post which can have a awesome brainstorming over the comments section..

Well, I have been glued to NetBeans since 6.0 release, so being an OSS newbie at that time I used to look at every possible link I came across and it made me addictive.. I had problems managing time when I had so much to learn.. After living the hard way, I started using Firefox (2.0.x those times) and added several feeds in the browser, it looked like the easiest way to get info, still how many links one can add..

I think there's a way out, but needs lot of patience to do it, if one can develop a web application where user adds RSS feeds of projects and/or communities of his choice, prefix them with interesting words (like applying label in GMail) before they are fed to your email account.. Automate, Sit, Relax and Enjoy!

Wait, there's twitterfeed.com which does that and feeds them to twitter account.. So, you can then burn the twitter account feeds to Feedburner (then subscribe through email), or subscribe through Google Reader, or maybe subscribe to it on browser...

Update: Have a look- http://www.techcrunch.com/2009/01/02/a-much-cleaner-way-to-get-those-twitter-messages-to-your-email/

What say?

Shawn Hartsock replied on Sun, 2009/01/11 - 2:00pm in response to: Varun Nischal

I wonder why freshmeat.net didn't work for this?

Perhaps we could take the freshmeat.net idea and add an API that project owners could post against in their build and release process? It might be nice to create a site that would operate on top of this and allow you to tag and search project and assign them alerts. You might even work it into a federated model so that no one site controlled it allowing the system to be democratic.

Varun Nischal replied on Sun, 2009/01/11 - 2:06pm in response to: Shawn Hartsock

[quote=hartsock]

I wonder why freshmeat.net didn't work for this?

[/quote]

Actually, I am seeing this for time and I just had a look at http://freshmeat.net/about/ that made me give better understanding of it.. Looks cool, but I think we are still open for many more ideas?

Thanks!

Gilbert Herschberger replied on Sun, 2009/01/11 - 3:00pm

With open source, it is a challenge to stay both up-to-date and up-and-running. Here at gchii.org, we have been running "Package Audit", a project which compares the "current" version of an open source project on Debian GNU/Linux, Fedora Core, JPackage Project, and Maven 2 Repository. The Package Audit database is searchable by Java package, Debian package, RPM package, and more.

Our research shows that the single most important choice today is your choice of distribution method. When you choose a distribution method, you are also choosing which versions are possible. Ad hoc distribution (as in interactively downloading a jar with a browser) is an out-of-band distribution method with the greatest risk. Deb and RPM distribution provides greatest stability.

A clearing house for the latest information on an open source project is useful, but incomplete and possibly inaccurate. We suggest a comprehensive Java package registry, a complete list of every Java package ever written by anyone anywhere, both open source and closed. We suggest that the information should be gathered from an actual distributed jar. One Java package can have many versions and each version can be distributed by many methods. In search results, a Java package registry should provide a link to the actual distributed jar.

Any comprehensive effort for this industry might require the support and cooperation between Apache, Codehaus, Google, IBM, Sourceforge.net, Sun Microsystems and others.

Fabrizio Giudici replied on Sun, 2009/01/11 - 4:11pm

I think that freshmeat.net is good, even though it has some limitations by principle (it doesn't track software that is only for Windows, if I'm not wrong - BTW, this isn't really a problem for me :-)

 

But this doesn't solve the problem about communication :-( Indeed, for 80% of the FLOSS things that I use I often need to post questions, thus I need to subscribe to mailing list and / or RSS feeds. The volume of information that I daily receive about these things is constantly increasing and I fear I'm getting close to the brain overflow :-( For some very common projects (and not so hard questions), the JUG mailing lists are a good "one-list-catches-many-topics" thing, but it only works up to a certain point.

Tushar Joshi replied on Sun, 2009/01/11 - 10:36pm

While maintaining an open source project, how to know whether a library component used in that project has a new release and how to manage all the components used with their latest versions?

I will answer this situation by stating what I will do with the tools and techniques currently available to me in the open source communities.

I search for a announce mailing list for the component library and subscribe to it.  Open source practices announce list to declare all the new releases and news to the users.  When I have 3 sub components in a project I maintain, I add a recurring task in my task list to check the announce lists of the sub components. 

As soon as a new version of the sub component is announced I add a task for the maintainer to verify and submit an enhancement task for the project which can be taken up by a developer. 

If the new version is just a security fix the change can be done easily and can be incorporated in less time, but if there is a major change in the sub component than we have to think about any API changes or better API availibility and also restructuring the architecture of our project if we want the new version to be used in our project.  This becomes a discussion thread in the dev mailing list of our open source project.

with regards
Tushar Joshi, Nagpur

Jeroen Wenting replied on Mon, 2009/01/12 - 8:06am

In my experience over the years it's usually more trouble than it's worth to update open source products (and especially libraries) with every new release.

More often than not existing functionality will change subtly (or not so subtly), or is even removed completely (or otherwise broken where it was fine before).
In extreme cases libraries will change so radically that any code using them will have to be completely rewritten to work with a new version of that library even if it's marked as a minor update (Apache Commons is prone to this).

So what I usually do is fix on the latest stable version at the time I download the library for use, and keep on using that version until there is a business need to update it to a later version (for example we need some functionality that's available only in a new version or was broken in the version we do have but fixed in a later release).

When requiring that same library in another project, I'll usually pick the latest version available for that (unless it needs to work closely with something already using an older version, in which case that's used instead).

I never liked the constant upgrade/update race. When you rely on a number of external libraries and products simply keeping them up to date can become a fulltime job, when it's simply not worth bothering about at all.

Scott Miller replied on Mon, 2009/01/12 - 10:39am

I wrote a utility for the very purpose: www.app2date.com.  Helps me keep up to date the new library releases...free to use on personal PC.

T SnowWolf Wagner replied on Mon, 2009/01/12 - 2:49pm

This has been a problem for us. Our solution was to set up an Ivy (ant.apache.org/ivy) repository. We have a developer that maintains the repository with the current libraries. this also allows us to actually do some testing and code scanning on the libraries be fore they are approved for use by our developers. Futher, all of our developers know that if the library is in the repository it meets a few standards:

  1. the source actually complies
  2. the source matches the release
  3. we have a copy of the source with the release
  4. the code has been checked for trojans
  5. All of the dependancies are in the repository and have also meet our standards

 

 

Peter Karussell replied on Mon, 2009/01/12 - 6:00pm

My combination does not solve all the mentioned problem, but could be used to solve it:

Maven and NetBeans! Just add one dependency to the pom.xml file and hit CTRl+SPACE between the <version></version> of e.g.

<dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring</artifactId>
            <version>|HERE|</version>
</dependency>

This way you can find out the latest version. And this way you can simply rollback the changes in the case the new version does not work for you.

Limitations:

  1. no alerting system - maybe NetBeans will provide this in 7.0 ;-)
  2. only mavenized projects can benefit

T SnowWolf Wagner replied on Tue, 2009/01/13 - 9:03am in response to: Peter Karussell

We tried Maven and Mave 2, but the advantage to Ivy over Mavan is that when I put in a dependancy in Ivy it not only walks the full dependancy tree for that product, but also tells me what versions were used and what ones were overrode. This way I only need to put in srping-orm 2.5 and I get hibernate 3.0.5ga and all of its dependancies.

Slava Imeshev replied on Tue, 2009/01/13 - 3:02pm in response to: Shawn Hartsock

[quote=hartsock]

I wonder why freshmeat.net didn't work for this?

 [/quote]

Me too. I guess the author atomatically assumed that this was a new problem.

[quote=hartsock]

Perhaps we could take the freshmeat.net idea and add an API that project owners could post against in their build and release process?

[/quote]

 Freshmeat already has such an API :) It's XML-RPC http://freshmeat.net/faq/view/49/

 

Hope this helps.

Regards,

Slava Imeshev

Cacheonix - Distributed Java Cache

Jeroen Wenting replied on Wed, 2009/01/14 - 4:33am

"Me too. I guess the author atomatically assumed that this was a new problem."

Or more likely he realises that FM doesn't track everything, and most people will depend on things it doesn't track...

And of course even if you use FM and it does track everything you want it to you still have to make use of the information that provides, determine which updates to pass up, what to do to incorporate the ones you are going to adopt, etc..

Jim LoVerde replied on Thu, 2009/01/22 - 7:25pm

Actually, you can get a report of any dependency updates for a maven project using the versions plugin:

mvn versions:display-dependency-updates 

Just another one of the many obscure but powerful features offered by maven.  You could even use this plugin to automatically update your pom with the latest versions.

Jim LoVerde replied on Thu, 2009/01/22 - 7:30pm in response to: T SnowWolf Wagner

Maven will walk the dependency tree.  And it can tell you what versions were used and which ones were overridden.  Just use the dependency plugin:

 mvn dependency:analyze-dep-mgt

 mvn dependency:analyze 

 mvn dependency:tree 

 http://maven.apache.org/plugins/maven-dependency-plugin/usage.html

 

Jeroen Wenting replied on Mon, 2009/01/26 - 6:40am

yes, Maven can do that.

What it won't do is collate and analyse reports from all projects in your organisation and give a full overview of what's used where.
It also won't automatically update every library used anywhere when new versions are made available (which is a good thing) or notify you of such updates (not that I care) which is what the original article was all about.

Carla Brian replied on Wed, 2012/04/04 - 9:07pm

This is really nice to have a open source projects here. At least people would be updated with some software or any plugins. - Paul Perito

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.