The Xz backdoor and a near miss on the F-Droid app store show how the entitled attitude of some people in the open source community can be used to push malicious or insecure code.
This is why I dislike people badgering the Lemmy devs for whatever they feel is currently important to them. “Ermagerd, it’s GDPR violation!!!1!!!1!!111”. Or people flaming the developer(s) of Mastodon for not implementing quoting “Twitter has it, so you must implement it for people coming from Twitter!”. And so on and so forth.
We should all be doing what we can to help opensource developers and that also means calling out shitty behavior from its users or external contributors towards maintainers. Maintainers aren’t messiahs and just humans too, so them being cunts isn’t nice either (obviously), but I have much more understanding for their behavior sometimes. Especially when hundreds of entitled keyboard warriors attack maintainers and write blog articles about them (like wedistribute.org) demanding stuff be done their way.
Maintainers also need better tools and features from giants like github to shutdown annoying users on their projects. Github’s “social” features need a lot of work. It’s not possible to have moderators (human or automatic provided by the platform) for projects for example. Instead maintainers have to read all the bullshit demands people have expressed with no filter.
When the maintainer of actix stepped down due to harrassment by rust purists (he used the unsafe keyword) and there was an outpour of support, it felt so ridiculously fake. It had been going on for a while and there were reddit threads, blog posts, tweets, and other cries on social media by the purists that amounted to harrassment, but only when the maintainer stepped down did people affected react.
I’m by far no angel, but at least my claim to fame isn’t abusing maintainers enough for them to quit.
what? The community finds issues like the XZ one, and the devs say they won’t be able to fix it because they have less important things to work on instead.
Its not bullying the devs to point out to them the massive GDPR violations of their software and to give them hell for sweeping it under the rug and literally say they won’t do anything to fix it.
Its not bullying the devs to point out to them the massive GDPR violations of their software and to give them hell for sweeping it under the rug and literally say they won’t do anything to fix it.
It is. The data is in the DB and filesystem and can be manually removed. Having a button that does it is a convenience. It’s the instance operator who will be in trouble if they don’t. The code is provided with a license that literally says
THERE IS NO WARRANTY FOR THE PROGRAM
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES
You are using it and/or hosting it at your own peril.
And the devs said this
So there is no legal nor moral responsibility to implement any features that you personally want. However you are free to:
Implement the feature yourself
Pay someone else to implement it
Stop using Lemmy and use one of countless alternative platforms instead
Then the fediverse erupted and made blog posts, toots, @'ed the devs directly, etc.
Also Open Source Maintainers Owe You Nothing. Interalise that. They owe use fucking nothing - except maybe the respect we show them and if none is shown, they don’t owe any respect back.
At least with Lemmy and Kbin, if you have a feature you want to have implemented you always have the option to fork and host your own instance. Maybe not ideal for everyone, but the option is there.
This has happened to Kbin with the fork Mbin due to inactivity from the main Kbin maintainer. It’s not ideal that a project goes stale, but life happens and we must respect that.
This is why I dislike people badgering the Lemmy devs for whatever they feel is currently important to them. “Ermagerd, it’s GDPR violation!!!1!!!1!!111”. Or people flaming the developer(s) of Mastodon for not implementing quoting “Twitter has it, so you must implement it for people coming from Twitter!”. And so on and so forth.
We should all be doing what we can to help opensource developers and that also means calling out shitty behavior from its users or external contributors towards maintainers. Maintainers aren’t messiahs and just humans too, so them being cunts isn’t nice either (obviously), but I have much more understanding for their behavior sometimes. Especially when hundreds of entitled keyboard warriors attack maintainers and write blog articles about them (like wedistribute.org) demanding stuff be done their way.
Maintainers also need better tools and features from giants like github to shutdown annoying users on their projects. Github’s “social” features need a lot of work. It’s not possible to have moderators (human or automatic provided by the platform) for projects for example. Instead maintainers have to read all the bullshit demands people have expressed with no filter.
When the maintainer of actix stepped down due to harrassment by rust purists (he used the
unsafe
keyword) and there was an outpour of support, it felt so ridiculously fake. It had been going on for a while and there were reddit threads, blog posts, tweets, and other cries on social media by the purists that amounted to harrassment, but only when the maintainer stepped down did people affected react.I’m by far no angel, but at least my claim to fame isn’t abusing maintainers enough for them to quit.
CC BY-NC-SA 4.0
what? The community finds issues like the XZ one, and the devs say they won’t be able to fix it because they have less important things to work on instead.
Its not bullying the devs to point out to them the massive GDPR violations of their software and to give them hell for sweeping it under the rug and literally say they won’t do anything to fix it.
I believe this is the article you refer to
https://wedistribute.org/2024/03/lemmy-image-problem/
Its pretty spot-on.
It is. The data is in the DB and filesystem and can be manually removed. Having a button that does it is a convenience. It’s the instance operator who will be in trouble if they don’t. The code is provided with a license that literally says
You are using it and/or hosting it at your own peril.
And the devs said this
Then the fediverse erupted and made blog posts, toots, @'ed the devs directly, etc.
Also Open Source Maintainers Owe You Nothing. Interalise that. They owe use fucking nothing - except maybe the respect we show them and if none is shown, they don’t owe any respect back.
Anti Commercial AI thingy
CC BY-NC-SA 4.0
This is literally the same argument that reddit took.
This argument would be no use to reddit since they are the “instance operator” in that case.
At least with Lemmy and Kbin, if you have a feature you want to have implemented you always have the option to fork and host your own instance. Maybe not ideal for everyone, but the option is there.
This has happened to Kbin with the fork Mbin due to inactivity from the main Kbin maintainer. It’s not ideal that a project goes stale, but life happens and we must respect that.