tags:

views:

56

answers:

2
Q: 

Structure of open source project's repository

I'm in the beginning of starting a small open source project. When cloning the main repository one gets a complete build environment with all the libraries and all the tools needed to make an official installer file, with correct version numbers.

I like the fact that anyone who wants to contribute can clone the repository and get started with anything they want. But I'm thinking this makes it to easy for Evil People to create malicious installers and release into the wild.

How should it be structured? What do you recommend including in the repository, versus keeping on the build server only?

A: 

Leaving out your support libraries and build tools makes it a huge pain for:

  • anybody who just wants to try out the software, perhaps on a platform for which you haven't provided an installer, or from a newer version that you've already released

  • anybody who wants to contribute or hack on your project.

These are the people that you need to pull out all the stops to cater to in a project that won't have a marketing department pimping it out and won't have a full-time paid team developing new features and fixing bugs (aka, personal/open-source/hobby projects).

Nobody is going to play around with or hack on your project if its a huge pain in the ass to even get it to build, and they'll just move on to the next thing. Somebody who, for whatever reason, has an interest in spoofing your software with malicious intentions, is already going to be putting in much more effort than it would take to hunt down a few other packages to put an installer together, so you're deterring the wrong subset of users for no appreciable gain. (Consider it a form of security through obscurity. Which never works.)

Focus on making your repository accessible to users and other developers.

As an aside, people who are downloading and building software should be in the habit of checking the code anyways, or at the very least deciding whether or not they trust the distributor before installing and running stuff locally.

Matt Enright  2010-06-17 21:33:17
A: 

What you seem to be looking for is a directory layout. You tagged your question language-agnostic, but it does depend on the language(s)/framework/build tool you want to use. To give you some examples

It won't stop Evil People do evil things, but it will help your potential contributors.

Adam Schmideg  2010-07-18 22:08:39

related questions

How to transition to Functional Programming
List of the top Programming "shows"
How to contribute code back to an Open Source project?
What is Test Driven Development (TDD)?
pass by reference or pass by value?
Could you recommend a good free project hosting website?
Writing A "Conway's Game of Life" Program
Learning to write a compiler
How can I modify .xfdl files? (Update #1)
Followup: "Sorting" colors by distinctiveness
Followup: Finding an accurate "distance" between colors
Windows Help files - what are the options?
A little diversion into floating point (im)precision, part 1
Internationalization in your projects
Efficiently get sorted sums of a sorted list
Format string to title case
GUI Programming APIs
Using combinations of sets as test data
What books would you recommend for a beginning Software Developer?
The Definitive Guide To Website Authentication
What is your solution to the FizzBuzz problem?
Generate list of all possible permutations of a string
When to use unsigned values over signed ones?
Function for creating color wheels
Fastest way to get value of pi