I'm facing a challenging situation with an open source software project. I've discovered a significant bug related to data loss, but it's not easily visible—nothing crashes, and it can only be demonstrated with synthetic test cases. Previous reports I've made have been dismissed, and I suspect that the developers might ignore this one as well. I'm looking for ways to communicate the seriousness of this bug to either the project maintainers or the end-users, who may not understand its implications. Simply posting on Reddit might not reach the right audience since I feel it might get brushed off. What are some effective strategies to get their attention and prompt action on this?
5 Answers
Just report it through their normal channels. If they show no interest, that's on them. They’re not obligated to fix it just because you reported it.
Honestly, just report the bug through standard channels. If they decide it's not a priority, it might be a sign to consider other projects that better align with your values. Alternatively, you could start your own project if that's an option for you.
You might want to look into 'Responsible Disclosure,' which usually applies to security vulnerabilities, but the concept of presenting your findings safely could work here too. Just be sure to make your communication clear and straightforward; that might help convey the seriousness of the bug.
If you can fix the bug yourself, maybe create a pull request with your changes. If they still don’t merge it, then you could maintain your own version of the project with the fix in place. That's completely valid if the licensing allows it.
I've tracked down the fix, but I have previously been dismissed for minor bugs, so I'm hesitant to submit it as a patch—most users won't build from source anyway.
It really depends on the project and its maintenance style. Many maintainers volunteer and face a lot of unhelpful reports. If you have a working fix, submit a pull request instead of just reporting the bug. If you're not a developer, maybe suggest adding a warning to the documentation if users need to avoid certain scenarios.
Yeah, I get that it's not security-related, but even just emailing them could lead to it getting ignored.