They haven’t particularly made a comment on the situation so much as acknowledged it’s happening. They seem to be going with the story that they had nothing to do with it and this is news to them. Hope to hear more from them soon so we can find out more about the situation, how and why this happened, etc.

(The sceptical tone isn’t because of disbelief of Collin, it’s because we don’t know enough about the situation to be able to say Collin is or isn’t telling the truth here.)

  • eveninghere@beehaw.org
    link
    fedilink
    arrow-up
    3
    arrow-down
    6
    ·
    8 months ago

    Yes. I simply think I already wrote what I needed to. The answer to your question is there. I guess it takes time to see my point.

    • ReversalHatchery@beehaw.org
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      8 months ago

      You only said 2 things:

      • we shouldn’t rely on free software made by free labor, and we need to say goodbye to some 60-70% or more of the software we use
      • important software shouldn’t reuse code already made, they should reinvent the wheel and in the process introduce unique vulnerabilities and spend orders of magnitude more time doing that

      None of these make sense in my opinion

      • eveninghere@beehaw.org
        link
        fedilink
        arrow-up
        2
        ·
        8 months ago

        I was talking about third party dependencies, which you missed. It’s fair to say that was my poor writing, but my point still stands.

      • abbenm
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        8 months ago

        we shouldn’t rely on free software made by free labor, and we need to say goodbye to some 60-70% or more of the software we use

        Again I’m just reading along, and as a person who cares about, you know, the principle of charity, I don’t see how you can possibly think that’s the most charitable interpretation of what they said. I took them to mean we should do what we can to ensure these projects have financial resources to continue, not that we should “say goodbye” to them.

        And here’s the crazy thing: I’m not even saying I agree. I just think it’s possible to address a face value version of what they’re talking about without taking unnecessary cheap shots.

        • Christian
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          8 months ago

          But being charitable to the person you’re responding to, they twice said explicitly that they didn’t understand what was being said and asked for elaboration and both times got a reply that more or less suggested that they didn’t understand because they’re illiterate. At some point the reaction becomes understandable.

          edit: different poster from the first two, but I think they were sympathizing with the other person

          • abbenm
            link
            fedilink
            arrow-up
            1
            ·
            8 months ago

            That’s where the not that weird idea comes into play. It’s not that weird to not want to be misrepresented - that’s an entirely different thing from trolling, or strawmanning, or seeking out inflammatory topics on purpose. It’s a natural and understandable reaction, and we shouldn’t respond to it by deciding it’s ok to retaliate with increasingly less fair characterizations of their statements.

        • ReversalHatchery@beehaw.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 months ago

          I took them to mean we should do what we can to ensure these projects have financial resources to continue, not that we should “say goodbye” to them.

          They have said this:

          Something as critical as OpenSSH should be (and possibly is) funded by the users and also NOT use third party libs because it’s dangerous, as this incidence showed.

          Emphasis mine.

          • abbenm
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            8 months ago

            And again, that’s not even within an country mile of being a good faith attempt at charitable interpretation, for several reasons.

            You’re twisting their words into some sort seemingly overnight goodbye to all software relying on third party libs. A more normal way of taking that is envisioning a more gradual progression to some future state of affairs, where to the greatest extent possible we’ve worked to create an ecosystem that meets our needs. An ecosystem that’s build on a secure foundation of known and overseen libraries that conform to the greatest extent possible to the FOSS vision. Ideally you don’t just say goodbye, you work to create ersatz replacements, which there’s a rich tradition of in the FOSS world.

            Your other point was even worse:

            important software shouldn’t reuse code already made, they should reinvent the wheel and in the process introduce unique vulnerabilities

            Somehow, you decided that putting words in their mouth about going out of their way to solve the problem only with worst-case-scenario bad software development practices (e.g. lets go ahead and create unique vulnerabilities and never re-use code) is a reasonable way of reading them, which is completely nuts. FOSS can and does re-use code, and should continue to do so to the extent possible. And like all other software, strive to avoid vulnerabilities with their usual procedures. That’s not really an argument against anything specific to their suggestion so much as its an argument against developing any kind of software at any point in time - new games, new operating systems, re-implementations seeking efficiency and security, etc. These all face the same tradeoffs with efficient code usage and security. Nothing more or less than that is being talked about here.