Adventure 001 Day 02 Retrospective

[patmaddox]

Day 02 is now completed. Please see #223 for the day 03 retrospective.

[patmaddox]

• I learned about offline wiki editing via @kotp - awesome!
• I want to do more automation of the pull request process :)
• I would like to try exploring other peoples' code and experimenting with it

[kotp]

Rough start, I think.

• There is a "wiki" link on gittr, but the wiki was not the "easy place" to find information.
• There seems to be mutilple links to the rubysteps web page, promising information, not sure if it is "appropriate" because every time I go there it wants a signup on the bottom, but I am already here.
• As we go, things are changing and getting more organized.

[patmaddox]

@kotp I will be on the lookout for rubysteps.com links - those are intended for people who have not signed up for the list emails yet. All the main information should be in the repo...

[patmaddox]

some more things I learned...

• I need to document things better - via @afbroman
• doctest is awesome - via @aniruddhabarapatre
• you can make nested lists in markdown - like for outlines! - via @awochna
• this cool little exercise - via @elmerwu
• people here are really helpful! - via @hardeepkumar
• sometimes even the great ones don't TDD - via @jbrains
• that I may never, ever remember the difference between .. and ... - via @kimptoc
• people want to be happy coding <3 - via @Phonbopit
• programmers will automate tedious work, given the chance - via @r11runner
• I can have an endless list of superpowers :) - via @RobAWilkinson
• there are lots of cool opportunities to analyze this repository - via @XCMer
• people are already tackling their first custom-built Ruby programs - via @zacscodingclub
• there are some seriously incorrect notions about me :) - via @zrasool88

[patmaddox]

@kotp "rough start" but getting better is the story of my life... :)

[reignmaker]

What if somebody put into his folder somekind of malware? When i sync with upstream i'll get that thing on my computer? What should we do with this?

[RobAWilkinson]

Just don't run anyone else's code and you should be fine

[reignmaker]

It is stil dangerous, no?

[patmaddox]

@reignmaker that's a really great point - and something that I've thought about a bit. It's why nothing gets automatically merged... it all requires me to take a look at, and be on the lookout for anything.

There's a trust inherent in open source. Think of how much software you're running where you haven't looked at the code... it's kind of scary.

@RobAWilkinson is right - you don't run code unless you understand it.

So in a scenario where someone uploads malware... first, you shouldn't run something unless you know exactly what it does! So in a sense, you're protected - unless you do something kind of foolish.

Second, we currently have me reviewing all pull requests. The more that people pitch in there, the more protected we are.

Finally, I generally assume that people involved in this project are well-intentioned and want to help others rather than harm them. That's not everyone in the world, of course, but it's a good default for this project.

So we have three levels of responsibility here:

1. Personal. YOU need to look out for yourself. Don't run code without understanding it! If you see something that troubles you, comment on it, or create an issue.
2. Team. The collaborators on this project are a team. We care about one another, and we look out for one another.
3. Social. There are a lot of trouble-makers in the world... but the vast majority of people aren't. The kinds of people who are attracted to this project, want to help people. We can trust people as a default, and be on the lookout for bad actors.

It's possible that this project eventually gets too big for me to handle. That means I'll need to enlist others to help out. That means trusting them... based on my experience with them.

Thanks for bringing this up. It's an important issue that I've thought about, and I'd love to know what others think about it.