334
submitted 8 months ago by communism@lemmy.ml to c/linux@lemmy.ml

They haven't particularly made a comment on the situation so much as acknowledged it's happening. They seem to be going with the story that they had nothing to do with it and this is news to them. Hope to hear more from them soon so we can find out more about the situation, how and why this happened, etc.

(The sceptical tone isn't because of disbelief of Collin, it's because we don't know enough about the situation to be able to say Collin is or isn't telling the truth here.)

you are viewing a single comment's thread
view the rest of the comments
[-] spacedogroy@feddit.uk 83 points 8 months ago

I think if you read through this and take it at face value, there is a pretty clear picture of what happened: https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/

[-] Thorned_Rose@kbin.social 74 points 8 months ago

”Finding a co-maintainer or passing the projects completely to someone else has been in my mind a long time but it’s not a trivial thing to do. For example, someone would need to have the skills, time, and enough long-term interest specifically for this.” - https://www.mail-archive.com/xz-devel@tukaani.org/msg00571.html

As someone who runs a charity almost completely solo because of a lack of volunteers, I feel this so much in my bones. It's one thing to say, "Hey folks, I can't run this on my own, I need help" but it's another to find people who actually have the level of skill, committent, passion and integrity to contribute in a meaningful way. I can get people putting their hands up but I've lost count of the number of people who have then turned around and said, "Oh, actually I realise now I don't have time for this" or start in great and then just ghost me. It also takes more of my own time and energy, on top of what I'm already doing' to onboard and train people and it sucks so hard when I do that and then people disappear shortly after - I constantly have to question whether the time it takes to do that will be worth it vs just continuing the struggle by myself.

When you get consumers being arrogant and demanding, getting angry at you for taking too long to respond to their messages or not work fast enough.... it's soul crushing. Way too many people take volunteer work for granted or assume you're getting paid for your time and can therefore treat you like a working-class pleb or are plain just fucking rude and entitled. :( APPRECIATE YOUR VOLUNTEERS FOLKS! We need more volunteers, and appreciation. Many hands makes light work.

[-] eveninghere@beehaw.org 14 points 8 months ago* (last edited 8 months ago)

Hell... As a researcher maintaining one technology on my own, I feel this. This is another reason one shouldn't do things for free. There needs to be an incentive. And professionalism in the community. Sadly, both are hard to find...

[-] Thorned_Rose@kbin.social 2 points 8 months ago* (last edited 8 months ago)

Actually being paid is one of the biggest reasons for a lack in volunteers (the other is people working more than they used to). So many volunteers have been replaced with paid workers. Many charities aren't volunteer run organisations anymore but run more like not-for-profit businesses. As a result it's harder to get funding and donations. And people are less interested in volunteering unless they can be paid for it.

It's a vicious cycle and I'm watching more and more local, community organisations get eaten up by massive, centralised non-profits; and more and more local volunteer organisatns struggling to get off the ground. 😞

[-] haui_lemmy@lemmy.giftedmc.com 29 points 8 months ago

Damn. The amount of unpaid work for something so crucial to todays communication is staggering. I always make sure to pass parts if the donations I receive (not a lot) upstream.

I have the horrible feeling that very few people who use FOSS software and could actually donate some money at least dont do this. Do we have any numbers for this?

[-] eveninghere@beehaw.org 2 points 8 months ago

I am starting to believe that we shouldn't rely on this type of labor product in the first place. Something as critical as OpenSSH should be (and possibly is) funded by the users and also NOT use third party libs because it's dangerous, as this incidence showed. FOSS is free not as in beer.

[-] haui_lemmy@lemmy.giftedmc.com 8 points 8 months ago

I‘m not sure what you‘re suggesting. Every piece of FOSS software is made by someone and the a lot of it builds on top of some upstream thing. Otherwise everyone would have to rebuild from scratch and FOSS would break down. Or am I missing your point?

Also, you cant make every 16 yr old user pay for a foss product. Companies must be made to pay for foss and downstream teams must be made to send parts of their income upstream, no matter if they make enough.

[-] digdilem@lemmy.ml 4 points 8 months ago

Good luck with that.

Commercial and closed source software is no safer, and may even be using the same foss third-party libs under the hood that you're trying to avoid. Just because foss licences generally require you to disclose you're using them, it doesn't mean that's what actually happens.

And even if, by some miracle, they have a unique codebase - how secure is that? Even if an attacker can't reach the source, they can still locate exploits and develop successful attacks against it.

At its core, all software relies upon trust. I don't know the answer to this, and we'll be here again soon enough.

[-] eveninghere@beehaw.org 2 points 8 months ago* (last edited 8 months ago)

I'm not saying that they should go closed source.

Your part on using foss third-party libs also makes no sense because my theoretical assumption is that they're not used.

Your argument bent my logic for the sake of making it weaker. Please counter my argument without altering it, and I indeed admit it's imperfect. But this particular lineage of comments is not constructive at all.

[-] BCsven@lemmy.ca 1 points 8 months ago* (last edited 8 months ago)

A side note. Proprietary closed source software totally uses opensource components. They may or may not disclose it, and they have to offer up what they used, however they are often making the disclosure a fine print item. We support a large proprietary software, we see the memos come through about what bug fixes or opensource library has an issue or vulner. The customers can aign up for this also, but I bet 99% of them don't sign up. And if they were polled on if the software if it was open/closed I'm sure they would say closed only

[-] digdilem@lemmy.ml 1 points 8 months ago

In what way did I bend your logic? I found your logic quite twisted to start with, and don't think I did alter it further.

Also - not constructive? But you're the one that's being negative. I'm merely trying to point out that you'll have a very hard job not relying on foss as it stands today. Where we go from here is a much bigger question, but we've all got very used to having free software and, as I said, even if we all start paying huge amounts of money for the alternative, that doesn't mean it'll be safer. In fact, I rather suspect it'll be less safe, as issues like this then have a commercial interest in not disclosing security problems. (As evidenced already in numerous commercial security exploits that were known and hidden)

[-] abbenm@lemmy.ml 2 points 8 months ago

In what way did I bend your logic?

Well for starters, the person above was pretty explicitly NOT advocating for reliance on third party libs, and perhaps more importantly, they were not in any way suggesting reliance on closed source software. In essence, diametrically the opposite of everything you were talking about.

I think your confusion came in their phrasing of not relying on "labor product." I took them to mean, not relying on people committing their free labor to sustain FOSS. I think you must have read that as not supporting FOSS.

Also - not constructive? But you’re the one that’s being negative.

I think they are right. You took the exact opposite of what they said and "corrected" them for it, which is irritating as hell. And now you're doubling down, which is worse. I would be irritated too!

[-] eveninghere@beehaw.org 1 points 8 months ago* (last edited 8 months ago)

Learn to read. Or learn logic. I'm just sincerely suggesting you to do those because I don't have the opinion you think I have.

[-] digdilem@lemmy.ml 12 points 8 months ago

Reading that made me sad, angry and scared. Great article, but terrifying.

[-] Theharpyeagle@lemmy.world 7 points 8 months ago

That's a heartbreaking read, and I can't imagine how it feels now to know that someone who finally helped lighten the load may be involved with such an egregious breach of trust and safety.

I think this is why I can't get behind Linus-style takedowns, even if the prospective maintainer has made bad a mistake. Entitled consumers make things hard enough already with direct access to the developers, they don't need any help getting burned out.

this post was submitted on 30 Mar 2024
334 points (98.5% liked)

Linux

48376 readers
1019 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS