![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
mtbcMy earlier observation, which I'd mentioned here, that it seems odd for OpenBSD to make a big thing about security yet encourage people to use their binary package repository which does not receive prompt security fixes, seems to have caused its founder to double down on positively flying off the handle and to rant about people demanding things and whatnot. (Apparently the word
I doubt OpenBSD has the resources to keep the binary package repository up to date with frequent builds, though Void Linux seems to have no trouble with this; I'd be quite content if they simply encouraged people to watch the mailing list for word of security vulnerabilities and to build from source from the ports repository as indicated by alerts, but I don't want to trigger anything by suggesting such. Personally I shall simply risk trusting M:Tier's binary package repository though I will certainly not suggest that the OpenBSD FAQ reference them.
More generally I wonder at the frequency with which I appear to run into what I can only describe as rude assholes who are significant and valuable contributors to open-source software projects, yet largely in other spheres of life I am lucky: for instance, generally in my normal professional life as an employee in computing my colleagues have been great. It saddens me that last week when I contributed to somebody's open-source project and got a
I should add a clarifying aside: I'm happy with people simply being direct about their criticisms, that's different and good. There's no need to spare feelings if people's work or ideas genuinely require some correction. I publicly raised an issue just today regarding a mistake that a member of our management team made and yesterday I thanked another member for catching an omission in some of my work.
The
securityin this context doesn't include
yesterday's bugs.) It's quite peculiar and I kind of pity him; I wonder if he has some diagnosable psychiatric issue. At least the disconnect between the basic point and what he seems to imagine is being claimed speaks of some massive chip on his shoulder that prevents him from engaging logically with reality. This seems incongruous in someone whom I'd be inclined to esteem highly as a software engineer but clearly there's much I don't know. In the meantime I am merely glad to be able to avoid direct engagement, consume his good work, and donate to the OpenBSD foundation which is an entity quite distinct from him. (He observes that he receives very little in donations himself and I can't help but wonder if he's surprised given his temper.)
I doubt OpenBSD has the resources to keep the binary package repository up to date with frequent builds, though Void Linux seems to have no trouble with this; I'd be quite content if they simply encouraged people to watch the mailing list for word of security vulnerabilities and to build from source from the ports repository as indicated by alerts, but I don't want to trigger anything by suggesting such. Personally I shall simply risk trusting M:Tier's binary package repository though I will certainly not suggest that the OpenBSD FAQ reference them.
More generally I wonder at the frequency with which I appear to run into what I can only describe as rude assholes who are significant and valuable contributors to open-source software projects, yet largely in other spheres of life I am lucky: for instance, generally in my normal professional life as an employee in computing my colleagues have been great. It saddens me that last week when I contributed to somebody's open-source project and got a
Thanks for the PR!it was actually a surprise: just a few words, but unusually pleasant. Being an asshole isn't a requirement, it just seems oddly common, and over the years is one of the things that has prevented me from engaging more fully with any of the larger projects. We'll see how Void Linux goes I guess; its founder has been happy to silently merge a small commit of mine so that's something. My current avoidance of anything but smaller online communities is partly about wanting to minimize the possibility of there being the kind of rudeness that I find myself increasingly unwilling to tolerate.
I should add a clarifying aside: I'm happy with people simply being direct about their criticisms, that's different and good. There's no need to spare feelings if people's work or ideas genuinely require some correction. I publicly raised an issue just today regarding a mistake that a member of our management team made and yesterday I thanked another member for catching an omission in some of my work.
The
PRmentioned above references a GitHub pull request. They're the usual means by which I contribute to projects. That appears to be another sore topic among the OpenBSD folks whose preferred approach is to use CVS (yes, really; I'd completely forgotten how to use it!) and to e-mail diffs to a mailing list and then e-mail reminders because the original fell through the cracks! Apparently GitHub is somehow insecurely untrustworthy despite how, e.g., for releases of our software from work we OpenPGP-sign the release commit so anyone can pull our public key from the servers and verify the signature. Am I mistaken in trusting this approach? It's another issue upon which I'm certainly not about to opine in OpenBSD circles anyway, I've already watched others catch that flak.
no subject
Date: 2016-08-22 11:07 pm (UTC)no subject
Date: 2016-08-23 04:45 pm (UTC)Enjoy the B&B!
Free Software needs Free Tools
Date: 2016-08-23 04:46 pm (UTC)