The Open Source Survey asked a broad array of questions. One that caught my eye was about problems people encounter when working with, or contributing to, open source projects. An incredible 93 percent of people reported being frustrated with “incomplete or confusing documentation”.
That’s hardly a surprise. There are a lot of projects on Github with the sparsest of descriptions, and scant instruction on how to use them. If you aren’t clever enough to figure it out for yourself, tough.
[...] According to the Github Open Source Survey, 60 percent of contributors rarely or never contribute to documentation. And that’s fine.
Documenting software is extremely difficult. People go to university to learn to become technical writers, spending thousands of dollars, and several years of their life. It’s not really reasonable to expect every developer to know how to do it, and do it well.
(Score: 4, Funny) by pkrasimirov on Monday June 05, @10:25AM (2 children)
Good code is self-explanatory, how'bow dah?
(Score: 3, Touché) by turgid on Monday June 05, @10:27AM
Quack.
(Score: 2) by The Mighty Buzzard on Monday June 05, @10:58AM
Surprisingly, this is largely true of Rust code. It's by far the easiest language I've coded in to deal with undocumented or poorly documented code.
(Score: 2, Informative) by Anonymous Coward on Monday June 05, @10:29AM (1 child)
It's not even that they don't know. It's just almost nobody wants to.
(Score: 2) by The Mighty Buzzard on Monday June 05, @10:55AM
Yup. It's pulling teeth to get anyone on staff except audioguy to even document our own setup. Yes, this includes me.
(Score: 2) by FakeBeldin on Monday June 05, @10:54AM
Writing good documentation is like writing a good program.
It seems simple when you start, then it escalates, then you realise you maybe should've planned it out a bit before starting, then you go back to the drawing board, then you salvage what you can of what you have produced so far.
Is it any surprise that someone who went to this process already for one goal is not eager to go through it fully again?
Is it any surprise that they take the easy way out? No, sir, it isn't.
Why does this particularly affect open source software?
Because the challenge of writing a program or fixing a bug can be intellectually rewarding on its own, but writing the proper install guide that is easy to read isn't really. Moreover, buggy programs are also buggy for the creator, but buggy docs might be crystal clear to the creator.
The people who like explaining things find a job or hobby to do so face-to-face. Not by sitting at home, writing for hours and hours and receiving scant positive feedback.
(Score: 2) by ledow on Monday June 05, @11:07AM
Say no more.
I could not find any reasoning or explanation for how it's supposed to be used, only example code that was incomplete.
Literally, there is no documentation (or even function) on how to validate a signed certificate, and the possible results. You have to imagine everything that could be wrong (certificate expired, signing certificate not valid, certificate corrupt, signing certificate doesn't actually sign the other certificate, one has a lower security than required, etc.) and work out how to check and code for it.
Most libraries at least have a few helper functions. With OpenSSL it's copy the incomplete examples (and hence introduce vulnerabilities) or do it yourself.
Literally, I just wanted to generate a certificate, sign it with another, then bundle both with a program that then checks the former is signed by the latter. It ran to hundreds and hundreds of lines of code building on the examples after discovering so many ways to "fool" the examples, and having to rip them apart to understand how they worked, splice them together, add extra checks, etc. And I wasn't even doing anything complicated like trying to do this over-the-wire, just literally from a few certs saved on disk (the idea being I could keep a CA cert for myself, sign a customer's software with it, and have the software check that it was signed and valid (i.e. in-date) before continuing). Not defcon levels of security, by any stretch of the imagination, but it was far more hassle than it was worth and also I could never be sure I'd got everything right.
And there is ZERO useful documentation. Even other people's tutorials were far from useful in such regard (literally copy/paste the example code and use).
Lack of documentation certainly hurts, but it's not a magic cure-all by any means. However, it does show you quite how much design effort, user-interaction, and even end-user use the library gets. Libraries like SDL have everything documented, lots of tutorials and third-party docs available, etc. and examples that cover all kinds of scenarios. That proves that people often code against them directly.
OpenSSL has pretty much nothing. Which to me says that almost nobody codes against it directly, and everyone relies on bigger projects, bigger libraries, or wrappers around it to do what they want. To me, that indicates that such wrappers should be PART OF THE LIBRARY.
