zlacker

[return to "Open letter to the NixOS foundation"]
1. mid-ki+Ql[view] [source] 2024-04-21 19:59:39
>>denysv+(OP)
After reading the executive summary I have no idea what it's about, and no desire to keep reading. Then again, I think I've been burned out on all these open letters to different projects over the years.
◧◩
2. tpmone+iZ[view] [source] 2024-04-22 03:18:10
>>mid-ki+Ql
Reading the rest of the document doesn't feel very illuminating either. As near as I can tell, the guy who made Nix is apparently also involved in a startup/company that also acts as a contributor of Nix and a distributor of some version of it. There's some concerns over a military contractor that uses Nix and sponsored a recent Con, and some potential conflict of interest between the the Nix creator as the head of the Nix project, and that person as an employee of a company allegedly tied to the sponsor.

And then there's a lot of referencing various "bad behaviors", but being honest, those seem the weaker points. Of the two I've looked through the links for, the one about not expanding the commit/PR approval team for CPPNix looks especially like prudent caution in light of what we know about how the xz thing played out recently, and the one regarding a PR that was ignored for "quite a while" reads (as an outsider to all of this) worse for the authors of this open letter. First, if the dates on the PR are correct, "quite a while" apparently means less than 1 day. And while the issue might indeed be something that needs to be reverted the PR author comes across quite hostile to everyone else trying to understand the use case, and there's a LOT of snark about breaking stable behavior. If this is frustration boiling over from repeated prior experiences, I hope the people the letter is aimed at have that context because to someone coming in cold, this is a terrible example.

◧◩◪
3. depr+8r1[view] [source] 2024-04-22 10:14:51
>>tpmone+iZ
The commit bit isn't about security, it's about control. There is no way open source projects can never give out commit bits again due to xz. And xz doesn't have an active team with multiple people in it so it doesn't really make sense to compare them.

Not sure what you are talking about wrt the dates. Why did you ignore the Meson example? And here is another example: https://mastodon.delroth.net/@delroth/112310645064859357 This is a guy who has implicit authority to veto anything. Sometimes he does so, and sometimes he just comments on something perhaps not necessarily intending to veto it but that is what happens anyway.

[go to top]