What do I mean by final software? I haven’t put much thought on a definition but, if I had, it would be around the idea of software that it is finished, that its utility and usability doesn’t changed over time, you can go back to it an build it at any time, and it is as good or bad as it was when it reached its final state.
I have been thinking about how non-final SpaceBeans is, even if I have decided that is feature complete and that I won’t add more functionality, I can’t stop updating it because its dependencies are non-final and there will be bug fixes and security updates.
SpaceBeans is a Gemini server built using Scala –and a small number of dependencies–, the Java way of building software means that the end product is a ‘JAR’ file that includes all dependencies; so it is my responsibility as project maintainer to have those updated. If I stop updating the project –updating dependencies eventually leads to API changes that require changes in my code–, it is possible the software can’t be used because security.
This wouldn’t happen if the end product was a package for example for Debian –ideally included in the distribution itself–, so it would be the maintainers of this fantastic operating system who would do the work of keeping the dependencies –and my software, by porting fixes– free of security issues. I think this is a much better model.
I would say this is something I kind of get on my games for 8-bit systems. The machines I target are final –their spec won’t change–, and thanks to open source, you can always get the compilers and tools I used to build the software when I worked on it, and build it as it was build at that time. And the resulting binary is final.
In the case of SpaceBeans, it is mainly down to the dependencies. If your project is small and focused enough, I believe you can get to that final state where no more features are needed and there aren’t any more known bugs –and it could be even bug free, I guess–, as long as your dependencies don’t change. Because a third party like Debian makes it happen, or because you have little or no dependencies, or your software has a limited attack surface so security doesn’t really matter.
Recently I read in Mastodon about slow software, which sounds similar to some of the ideas behind permacomputing. I’m not sure if any of them deserve a movement, but some of their proposals are very interesting and worth learning about.