Changing how we develop Ladybird
Changing how we develop Ladybird
改变 Ladybird 的开发方式
Andreas Kling — Fri, 05 Jun 2026 Andreas Kling — 2026年6月5日,周五
Today we’re changing how code enters the Ladybird project. We will no longer accept public pull requests. From now on, code changes to the Ladybird codebase will only be introduced by project maintainers. 今天,我们将改变代码进入 Ladybird 项目的方式。我们将不再接受公开的拉取请求(Pull Requests)。从现在起,Ladybird 代码库的代码变更将仅由项目维护者引入。
Ladybird is moving into a new phase. As we work toward our first alpha release, the project needs a tighter development process, a clearer security model, and a smaller set of people responsible for the code that enters the browser. Ladybird 正在进入一个新的阶段。随着我们向首个 Alpha 版本迈进,项目需要更严谨的开发流程、更清晰的安全模型,以及更精简的负责人员来把控进入浏览器的代码。
This is not a change we make lightly. Many valuable contributions have come from outside the maintainer group over the years, and we are grateful for them. Many of us also came up through open source by sending patches to projects we cared about. 这不是一个轻率的决定。多年来,许多宝贵的贡献来自维护者团队之外,我们对此深表感谢。我们中的许多人也是通过向自己关心的项目提交补丁,才在开源领域成长起来的。
For decades, code contributions have been how open source projects learned who to trust. People would show up, do the work, take responsibility for their changes, and stick around. Over time, trust emerged from the work itself. 几十年来,代码贡献一直是开源项目建立信任的方式。人们参与进来,完成工作,对自己的变更负责,并长期留存。随着时间的推移,信任便从这些工作中自然产生。
AI tools have changed the economics of this very quickly. We use them ourselves every day, but a pull request no longer tells us as much as it used to about the person submitting it. A substantial patch used to imply substantial effort, and that effort was a reasonable proxy for good faith. That assumption no longer holds. AI 工具迅速改变了这一模式的经济性。我们自己每天也在使用这些工具,但拉取请求已无法像过去那样,向我们传达关于提交者足够多的信息。过去,一个实质性的补丁意味着实质性的努力,而这种努力是衡量诚意的一个合理指标。但这一假设已不再成立。
For a browser, this matters. A browser runs untrusted input from the entire internet on the user’s machine, and one well-disguised vulnerability is all an attacker needs. We have already seen patient, well-resourced campaigns in open source to earn maintainer trust and abuse it. What has changed is how much faster and cheaper it has become to produce work that looks like a serious contribution. 对于浏览器而言,这至关重要。浏览器在用户的机器上运行来自整个互联网的不可信输入,攻击者只需要一个伪装良好的漏洞就足够了。我们已经看到开源领域中存在一些耐心且资源充足的行动,旨在获取维护者的信任并加以滥用。现在的变化在于,制造看起来像“严肃贡献”的工作变得更快、更廉价了。
At the same time, every change that enters Ladybird becomes our responsibility. It has to fit the architecture, survive future refactoring, interact correctly with the rest of the browser, and be understood by the people maintaining it. Whether code was typed by hand is beside the point. What matters is who is responsible for it once it enters the browser. 与此同时,进入 Ladybird 的每一项变更都成为了我们的责任。它必须符合架构设计、经得起未来的重构、与浏览器的其他部分正确交互,并能被维护者所理解。代码是否由人工编写并不重要,重要的是一旦代码进入浏览器,谁来为它负责。
Ladybird is becoming a browser for real users. The people introducing changes to it must be the people who decide those changes belong in the project, and who will answer for the consequences. Ladybird 正在成为一款面向真实用户的浏览器。引入变更的人必须是那些决定这些变更属于该项目,并愿意为后果负责的人。
As part of this change, we will close all currently open public pull requests. We are grateful for the work people put into them, but keeping the existing queue open would keep that contribution path open in practice. There is no perfect time to make this change, so we are making it now. 作为此次变更的一部分,我们将关闭所有当前开放的公开拉取请求。我们感谢大家为此付出的努力,但保留现有的队列实际上会维持那种贡献路径。没有完美的时机来做出这种改变,所以我们现在就执行。
Going forward, pull requests will only be available to project maintainers. There will not be a separate process for submitting patches by other means. We do not want to create a shadow contribution system through issues, comments, email, or forks. External code can of course exist under the terms of the license, but we will not treat forks or patch dumps as a review queue for upstream Ladybird. 展望未来,拉取请求将仅对项目维护者开放。我们不会设立通过其他方式提交补丁的独立流程。我们不希望通过 Issue、评论、电子邮件或 Fork 创建一个“影子贡献系统”。外部代码当然可以在许可协议的条款下存在,但我们不会将 Fork 或补丁转储(patch dumps)视为 Ladybird 上游的审查队列。
Ladybird remains open source. The source code will continue to be publicly available under an open source license. Outside involvement still matters: clear bug reports, reductions, website testing, standards discussion, design discussion, security reports, and technical feedback all help move the project forward. This is the right change for Ladybird now. We are preparing to ship a browser to real users, and our development process has to match that responsibility. Ladybird 依然是开源的。源代码将继续在开源许可下公开可用。外部参与依然重要:清晰的错误报告、问题复现(reductions)、网站测试、标准讨论、设计讨论、安全报告和技术反馈,都有助于推动项目向前发展。这是 Ladybird 目前正确的改变。我们正准备向真实用户发布浏览器,我们的开发流程必须与这份责任相匹配。