改变 Ladybird 的开发方式
Changing how we develop Ladybird

原始链接: https://ladybird.org/posts/changing-how-we-develop-ladybird/

Ladybird 项目正在转向闭源贡献模式,仅限项目维护者提交代码。公开的合并请求(pull requests)将不再被接受,目前所有未关闭的请求都将被关闭。 这一决定源于开源开发环境的变化,特别是人工智能工具的兴起。此前,代码贡献是衡量信任和投入的可靠指标。然而,由于 AI 现在可以快速生成复杂的代码,这些提交已无法再提供同样的诚信保证。随着 Ladybird 接近首次 Alpha 版本发布,团队必须优先考虑安全性和架构完整性;他们认为,只有直接负责维护浏览器的人,才应引入可能影响用户安全的代码变更。 虽然 Ladybird 仍保持开源,并将继续欢迎社区通过错误报告、安全反馈和设计讨论提供意见,但将不再维持正式的外部代码提交流程。维护者强调,随着浏览器为投入实际使用做准备,这一转变对于确保他们能对浏览器承担全部责任是必要的。

Ladybird 浏览器项目宣布将不再接受公开的合并请求(Pull Requests),转而采用封闭式开发模式,代码更改仅由项目维护者负责。 维护者认为,人工智能生成的“垃圾内容”(即由随意贡献者提交的低质量或被误解的代码)激增,已经破坏了开源的社会契约。此前,一份实质性的补丁是投入和“诚意”的象征;而在 AI 时代,这一信号已不复存在。审核不可信的代码已成为一种难以承受的负担,并威胁到了运行不可信网络内容的浏览器引擎的安全性。 该公告在 Hacker News 上引发了激烈的讨论: * **支持者:** 认为这是保护项目质量、防止维护者倦怠,并确保只有致力于长期负责代码的人才能处理安全敏感的浏览器组件的必要举措。 * **批评者:** 担心这标志着协作式开源文化的终结。批评者认为,将公众贡献拒之门外,阻碍了培养未来维护者的“学徒制”模式,实际上是将开源项目变成了“源代码可见”的企业软件,并可能为未来更改许可证(“抽地毯”式变动)铺平道路。 对于这究竟是一种务实的生存策略,还是公开、精英式协作的终结,社区内部仍存在分歧。
相关文章

原文

Today we’re changing how code enters the Ladybird project.

We will no longer accept public pull requests. From now on, code changes to the Ladybird codebase will only be introduced by project maintainers.

Ladybird is moving into a new phase. As we work toward our first alpha release, the project needs a tighter development process, a clearer security model, and a smaller set of people responsible for the code that enters the browser.

This is not a change we make lightly. Many valuable contributions have come from outside the maintainer group over the years, and we are grateful for them. Many of us also came up through open source by sending patches to projects we cared about.

For decades, code contributions have been how open source projects learned who to trust. People would show up, do the work, take responsibility for their changes, and stick around. Over time, trust emerged from the work itself.

AI tools have changed the economics of this very quickly. We use them ourselves every day, but a pull request no longer tells us as much as it used to about the person submitting it. A substantial patch used to imply substantial effort, and that effort was a reasonable proxy for good faith. That assumption no longer holds.

For a browser, this matters. A browser runs untrusted input from the entire internet on the user’s machine, and one well-disguised vulnerability is all an attacker needs. We have already seen patient, well-resourced campaigns in open source to earn maintainer trust and abuse it. What has changed is how much faster and cheaper it has become to produce work that looks like a serious contribution.

At the same time, every change that enters Ladybird becomes our responsibility. It has to fit the architecture, survive future refactoring, interact correctly with the rest of the browser, and be understood by the people maintaining it.

Whether code was typed by hand is beside the point. What matters is who is responsible for it once it enters the browser. Ladybird is becoming a browser for real users. The people introducing changes to it must be the people who decide those changes belong in the project, and who will answer for the consequences.

As part of this change, we will close all currently open public pull requests. We are grateful for the work people put into them, but keeping the existing queue open would keep that contribution path open in practice. There is no perfect time to make this change, so we are making it now. Going forward, pull requests will only be available to project maintainers.

There will not be a separate process for submitting patches by other means. We do not want to create a shadow contribution system through issues, comments, email, or forks. External code can of course exist under the terms of the license, but we will not treat forks or patch dumps as a review queue for upstream Ladybird.

Ladybird remains open source. The source code will continue to be publicly available under an open source license. Outside involvement still matters: clear bug reports, reductions, website testing, standards discussion, design discussion, security reports, and technical feedback all help move the project forward.

This is the right change for Ladybird now. We are preparing to ship a browser to real users, and our development process has to match that responsibility.

联系我们 contact @ memedata.com