zlacker

[return to "Open Source is Not About You"]
1. newcro+it[view] [source] 2018-11-27 06:18:48
>>jashke+(OP)
Though Rich is right, it pains me to read this because it is indicative of some disputes in the clojure community. I might be mistaken, but it seems that Rich is reacting to Chas Emericks' twitter post (https://twitter.com/cemerick/status/1067111260611850240). In his comments he has stated: "Finally, from a practical perspective, my core-level contributions always came from some source of pressing need in an actual, present, needs-to-work project. If I know a problem isn't going to be triaged for months and solved for years, then I'm out."

So this is not some grieving random person from crowd - Chas is a person whose libraries and contributions I value tremendously and he certainly made LOTS of contributions to clojure OSS landscape for free and out of his good will as well. So ultimately this feels like your parents are arguing (which is never a good thing) - you like them both and you just want the arguing to stop and you just want everybody to live together in harmony. But here you go, Chas has moved away from clojure now. And I have to say I am very sorry to see him go.

◧◩
2. banana+UK[view] [source] 2018-11-27 10:09:46
>>newcro+it
As someone not in the know, Rich's post seems like an extremely aggressive and arrogant piece. When you put it in context, it does make more sense.
◧◩◪
3. bsder+1O[view] [source] 2018-11-27 10:48:36
>>banana+UK
It could easily have applied to dominic and the earlier npm fiasco, though.

People are getting a bit entitled as to what an open source maintainer has to do for them.

◧◩◪◨
4. Novash+fW[view] [source] 2018-11-27 12:25:39
>>bsder+1O
It's exactly how video game audiences are.

But honestly the stakes are higher than video games. If you go around advertising your package, get people to depend on it, then compromise them later, that's malpractice on your part. That isn't how society runs so it's rather obvious when people get mad that there's a landscape full of anarchy when it should look more like modern civilization.

Like it or not, npm and the node community has not prioritized its reputation. And the mechanisms that keeps bad operators out of npm open source rely on a relatively small company considering the actual business livelihood that relies on npm integrity. It means the community is okay with continuing to use npm, and that means that the community doesn't have a healthy way to maintain itself and build trust. It's going to rot, I think (and hope). It's just going to be a bunch of tribal nomads moving from project to project until someone social engineers a compromise and they're off to find another huge dependency graph again.

At the very least, Clojure is telling people what it's about upfront.

Other package managers are not immune to this, btw. npm is just often the whipping boy.

◧◩◪◨⬒
5. bsder+0l2[view] [source] 2018-11-27 21:43:43
>>Novash+fW
> If you go around advertising your package, get people to depend on it, then compromise them later, that's malpractice on your part.

I'm not sure how much he advertised it.

This is part of the problem I have with things like npm, cargo, etc.

They defaults are set to try to suck up your work and get you to make it public.

Consequently, semi-useful things get loose probably long before people intended them to and probably long before people realize how much work they just signed up for.

[go to top]