Closed v01dXYZ closed 2 years ago
manojmula
commented
2 years ago Hi v01dXYZ,
Even though I have not contributed to opensource , i am closely watching it since two year and i am looking forward to contribute to it. I have felt the same that open-source community has been mistreated and get abused and provide customer service who does not even donate making money out of it.
bvandenbon
commented
2 years ago I try to understand it. However, what it appears to be about:
If you intentionally put bugs in your code, and you know some systems will update automatically and if you have no idea who your victims are, then it's just a random act of terrorism.
Worse, I don't even understand which harm has been done to you. Honestly, as far as I know, you're not a victim of our unfair economy:
There's a number of things that an open-source project can do for a developer:
And those help if you're on a job interview, or if you're trying to sell a commercial product. Isn't that enough?
By contrast, you can't expect companies to just transfer money to you because you sent them a sample of your work. And I also can't believe that recruiters aren't calling you at least once / week.
I'm not a hater, and I can be convinced by logic and reasoning. I have an open mind, and I'm willing to listen.
v01dXYZ
commented
2 years ago Your comment has many points:
The point 1. is a little bit over the top, but I was also a little bit over the top too... But I see your point, the maintainer is doing something for free, and that's the main appeal. And you're right, opensource shall be first and foremost for toy project/hobby. That means we should not consider it as a job, as soon as the project become boring dev (with tickets to solve urgently, integration to thousand of product/API/standards), that's job to me, and I personally won't solve this. And you're right it proves the maitainer didn't set the objectives and the boundaries of the toy project.
I disagree quite strongly with the incentives you suggested, those are not enough to build strong and high quality projects with a lot of boring/menial tasks. I mentioned Celery to talk about a mainstream project that is used by everybody but maintained by a handful of people, I can also talk about OpenSSL or Log4J. At this stage, people involved are clearly creating professional grade software, and it becomes boring old maintenance. Recognition is not enough for this kind of project.
More about, why recognition is not enough: https://aaronstannard.com/sustainable-open-source-software/#oss-burnout-working-for-free-on-things-that-dont-matter-to-you
We agree nevertheless on the fact that generating profits should not be an afterthought. Profits don't come by themselves. They didn't plan well about revenues and also used a too permissive license, so they shall not expect anything but that to happen.
Bottom-line, if you want to do software and be sure your users will give back to your projects, you have to think about it quite smartly or simply use a Free Software License, which is exactly meant for that. If you are a maintainer who is fed up, simply stop working on this project, do something else with your life that is more rewarding.
On the other-hand, the company using this software agreed to take it as-it-is without any guarantees, and the maintainer can do whatever she/he wants (especially if it is this kind of harmless stuff), that's the term of the license. After all, it's you who configured your setup to automatically download the package, without even auditing the changes or testing it on a sandbox system, not the maintainer, so it's your sole responsibility if it breaks your software. Now, if you want guaranties about that, especially legal liabilities and penalties, it's a contract as you may know, and it costs.
So, yes you're right the maintainer is not a victim of our unfair economy, neither are the companies who updated their software without doing basic quality insurance on what they've got from their suppliers. Both are doing exactly what they are allowed with the software, and play by the rules they've agreed to.
A lot of people even the ones using the damn so called open-source libraries are fed up with that free labor. As a maintainer, you've got to provide professional services on your rest time, and as a employee of a company stripmining opensource software, you've got to get into the internals of the tons of open-source dependencies if there is any problem, because guess what the company can't afford to ask for support to the maintainers: "here we use Stackoverflow for the support, please fix this problem by tomorrow morning by sending Github issues..."
Here it is a javascript library, but that's of course everywhere. For exemple, I'm currently dealing with Celery in Python. It is massively used by a lot of companies (as you can see on a lot of job boards) but there is only a handful of maintainers. The original maintainer (Ask Solem) has litteraly pushed thousands of commits. I'm glad she stopped because that was not fair to her.
I really want to tell the haters go to hell with a much stronger language but they will use that against us. We want them to understand the software don't get written/documented/architectured/integrated by itself, because of the Holy Spirit but because we literally devote our time for it.
By flushing the other repo and sabotaging this one, you resolved an arbitrage opportunity (https://en.wikipedia.org/wiki/Arbitrage). That is the right thing to do.
United behind you we stand Marak. No more free lunch/beer, the show's over. Elvis has left the building.
Now, it's time for Resistance.
(BTW Marak you're my hero)