"In the case of Apache OpenOffice, needing to disclose security vulnerabilities for which there is no mitigation in an update has become a serious issue," wrote Hamilton."
"It is also my considered opinion that there is no ready supply of developers who have the capacity, capability, and will to supplement the roughly half-dozen volunteers holding the project together," he wrote.
Apache OpenOffice is the latest incarnation of the open-source office suite, whose predecessor established itself as an alternative to Microsoft Office in the mid-2000s, but which in its current incarnation has struggled to attract new users or developers.
According toArs Technica, many former OpenOffice developers have switched to work on The Document Foundation's LibreOffice. LibreOffice saw 14 version updates last year, compared to a single version update for OpenOffice in October 2015, which moved it to version 4.1.2.
Now it seems recent calls for Apache OpenOffice project leaders to admit defeat and tell users to switch to the more popular LibreOffice, a fork of Apache OpenOffice, may soon be realised.
One recent incident backs up Hamilton's concerns about the project's ability to secure OpenOffice. On July 21st a security advisory was issued, which detailed a bug affecting version 4.1.2 that could be exploited to execute arbitrary code. Since neither a patch nor hotfix was available at the time, OpenOffice recommended workarounds included using LibreOffice or Microsoft Office. A hot fix eventually arrived on August 30.
Hamilton explains that the bug was reported as Apache OpenOffice 4.1.2 "was going out the door" in October last year. While the developers had "figured out a source-code fix" in March, they had hoped to include it within a full maintenance release, moving it to version 4.1.3 However, version 4.1.3 is unlikely to arrive until at least October this year, again due to a lack of developer resources.
Last August Red Hat software engineer, Christian Schaller, called upon Apache Foundation and Apache OpenOffice to redirect visitors to openoffice.org to the LibreOffice website and end the illusion that OpenOffice was still alive.
As noted by ZDNet's Jack Schofield, OpenOffice development was kept afloat by support from Sun Microsystems and IBM, which paid its engineers to develop it for its Lotus Symphony fork. However, Sun's contribution ended after it was acquired by Oracle, which then gave its code and trademarks to the Apache Software Foundation in 2011. IBM, which pulled support in 2014, similarly handed its code to Apache.
Hamilton's plans for retiring OpenOffice would involve preserving the codebase, but preventing new changes, as well shuttering its Twitter and Facebook accounts and all mailing lists.
While retirement is only a proposal at this stage, Hamilton said it would be "remiss of me not to point out that retirement of the project is a serious possibility".
"There are those who fear that discussing retirement can become a self-fulfilling prophecy... My interest is in seeing any retirement happen gracefully," wrote Hamilton, adding that "for contingency plans, no time is a good time, but earlier is always better than later."
But as Ars noted, there are still developers against the idea of shutting OpenOffice. In the Apache OpenOffice mailing list, developer Phillip Rhodes suggested the project should be looking to attract contributors before discussing a retirement plan.