Just want to say thanks for stepping up. Overall I think your plan to focus on CI/CD first is excellent, and the rest of it all makes sense to me as well. Here are some thoughts/questions in no particular order

Have you had any communication with the original maintainer(s)? Will you plan to update the website eventually?

One thing that was never clear to me about this project is the financial relationship between the sponsors and the project. Do you plan to start collecting donations? Currently the donations page still points to the previous maintainer I think.

My other big suggestion would be an overall security audit / threat model. This app pulls in hundreds of dependencies of varying levels of maturity and quality. It would be great to quantify the risk to end users a bit. Maybe there's a way to ensure modules that aren't used don't pull in their requirements? Just food for thought.

Do you have a plan for reviewing existing PRs? There are some features I'd like to add but I don't want to add to the existing maintenance backlog.

What can we as users / engaged community do to help you out without adding additional project management work to your plate?

Thanks again for making a push to get the project going.

Hey @tabell, I'll do my best to provide some answers.

Have you had any communication with the original maintainer(s)?

Yes. The creator is Chris Cummer, and I have been trying to speak with him every month or two.

Will you plan to update the website eventually?

It depends on what that means. I have already updated the website a few times. Fixed the incorrect year, and merged in a couple of existing PRs. The next release of WTF will include a couple new modules. The website will be updated the same day to include pages for those new modules.

There's also much more work I need to do with the website to simply improve the content, I think there's a broken image or two, etc. I would like to do a much larger website redesign but I'm waiting to see how conversations with the creator Chris, go before I do that.

donations

Correct, current sponsors and the donation link all go to Chris. I don't know if the sponsorships are currently even active anymore. What happens here depends on the decision by Chris. I asked to completely be handed over the project. He initially suggested I become a maintainer, and then we'll see how it goes. While I am just a maintainer and not project owner, I don't feel comfortable touching anything regarding donations, sponsors, the overall website design, etc.

If / when Chris fully hands over the project to me, it's at that point that I will likely setup a donations system that would go to me to fund some of my time, maybe get some stickers, or even fund a dependency of this project, as you've mentioned, we have so many.

My other big suggestion would be an overall security audit / threat model.

This has been on my mind as well. I don't currently have a solution but I've been thinking about it. In my Project Update plan above, I prioritized getting dependency updates in for the first release due to this very problem. We were already falling behind on security updates and I don't want the project to be an actor vector. There's definitely much more to do.

Do you have a plan for reviewing existing PRs?

Now that my plan above is complete, I'm basically attempting to tackle PRs and Issues going by the oldest ones first. Sometimes I will skip this order for the following reasons:

1. bugs - I want to prioritize bug fixes
2. a PR isn't ready or an issue is missing content/information/agreement
3. I might hold back some work because it will be better merged when another piece of related work is complete.

What can we as users / engaged community do to help you out without adding additional project management work to your plate?

Firstly, thank you for asking. This will change as I continue to get comfortable with leading this project. Like most open-source projects though, opening issues when needed, opening PRs if you can, will always help. For existing issues and PRs, providing feedback is useful. For example, for existing Issues:

• if it's a bug, can you reproduce it?
• if its a feature request, do you agree? disagree?
• If the issue mentions a possible solution, do you agree? Do you have an alternate solution?

For existing PRs:

• does the code look good to you? (if you code and understand Go)
• is this the best solution?
• Are you able to test the PR yourself locally and see if it works as intended?

Lastly, you mentioned potential security issues and that's something where we can use help. Getting security minded individuals to take a look at the project:

• Are the dependencies/modules we are using safe?
• are there current security issues due to how WTF code is written?
• where can we remove some privileges that WTF has or dependencies not truly needed to reduce the security footprint of the project?

I have some security experience at the IT level but not so much from the software engineering perspective. Getting help in this area would be greatly valuable for this project.