In that case they need to document the process and workflow, and demonstrate the care that was taken.

Quite amusing we have decades of human written code much of it sub standard and yet no one demanded proof till now of Open Source projects having to ‘demonstrate’ anything.

If ya don’t wanna use it, don’t. Simple.

I get what you’re saying and agree with the last sentence. Just wanted to touch on the “why” part.

In the world of exclusively human written software the existence of the artefact itself (code, documentation) served as the proof that there’s someone with half a brain behind it. Now that’s not the case anymore.

The conclusion stays though - it’s OSS, authors/maintainers have no obligation to anyone to do anything. Like it, use it, don’t like it, don’t use it.

As for me, I’ve found that the community and activity proxies are still good.

> As for me, I’ve found that the community and activity proxies are still good.

Definitely still something to look into. A project I'm checking in on from time to time is https://github.com/emdash-cms/emdash/.

It will be interesting to see how the project activity is unfolds? Are people using it in production. How many errors do they find. What do those fixes entail. What happens with the docs over time. Etc.

I haven't had a change to look in depth, but based on a quick glance I'd say that the activity on the project seems like the tempo you'd expect of a similar open source project.

Maybe the principal maintainer can be trusted, but pull requests could do with some of that evidence.

spec-driven development is pretty good at this