The former will remain exceedingly polite, up to and including the part where they tell you to go f yourself.
The latter are the ones you can actually depend on in a crisis, because they won't be busy playing social games to cover their own behind.
I'd argue that if someone is seen as a giant douche because they won't automatically cater to someone's sensibilities, that's a sign of a real douche, who is so used to being marketed to and "handled", that fair, reciprocal treatment is experienced as rudeness.
That is the gap between the kind of culture open source used to have, and what some want to turn it into today, and which is often incorrectly dismissed as a lack of civility.
Civility is that which allowed civilization to form, not what passes for it once others have already done the work. If that is a problem, it's because it's been manufactured into one on purpose.
I'm out of the loop and didn't get this sense at all. His points seemed fair enough to me. There's way too much entitlement evident amongst people who use, and sometimes even contribute, to OSS[1]. It gets frustrating, and Rich has explained why.
[1] I've never been an maintainer of a popular OSS project, and don't want to be, but a few years ago I was a custodian for a relatively popular free (as in beer, not as in speech) tool, and we'd often get emails from users acting like we owed them something.
Uh-oh. I hadn't been aware of this. Do you have a link, please? (Quick google didn't help much.)
This is false dichotomy. Overwhelming majority of people care about both. When your tone and delivery is insulting or diminishing them, they see it and react to that too - those who don't tend to end up bullied and disrespected.
Also people who dont care about tone and delivery quite often backstab. Just like they dont care about others while there is no crises, they care even less when crisis is there.
https://github.com/dominictarr/event-stream/issues/116
Edit: it attempts to steal crypto-currency; it doesn't mine it.
The dev isn't responsible for the giant mound of stupid that is npm but we all have to take the world as we find it or fix it.
In the context of the world as it is projects deps having deps having deps where the practical protection against a developers machine getting pwned and eventually millions of users getting pwned is more or less developers checking to ascertain that a given library is bob who works for google and not lame hacker number 2388 its poorly considered to hand over libraries to people you have no reason to suppose are trustworthy. A reasonable person could suppose that might not end well for a multitude of projects where 182 deps of deps of deps aren't vetted again per point release because in practical fact its impractical to do so while it is very practical for individual authors to not transfer control of names and publish info about their authorship.
Unlike never updating or expecting individual orgs to vet 182 deps written by anon people with every bump so a reasonable person ought to do their best to make the workflow that might have some hope of working work.
If you didn't want ANY responsibility whatsoever you could have not published it globally.
Anyone who imagines that responsibility is merely transcriptional that it only attaches when money changes hands has literally missed the majority of human civilization including the more recent parts where people that give away free food are still expected to wash their hands, get food handlers cards, practice food safety, pass inspections etc. You aren't required to provide a vegan or kosher option or even make good food but you can't behave maliciously or negligently.
Given how projects are actually used by virtually everyone authors actions appear negligent. Given the hypothetical bad actually already happened it appears that judgement is irrefutable.
You are your brothers keeper whether you want to be or not. Software isn't special it works like every other civilized endeavor. Wash your hands and don't scratch your ass please.
"You put at risk millions of people, and making something for free, but public, means you are responsible for the package."
"There is a huge difference between not maintaining a repo/package, vs giving it away to a hacker (which actually takes more effort than doing nothing), then denying all responsibility to fix it when it affects millions of innocent people."
Where do these people get off?