void-linux / void-packages

The Void source packages collection
https://voidlinux.org
Other
2.59k stars 2.15k forks source link

Better communication #45892

Closed Yorizuka closed 1 year ago

Yorizuka commented 1 year ago

I am not tying to spam and I am not reaching out in bad faith, the text below is from a comment I made on a pull request, but I have a feeling no one is going to read a post on a PR that was merged months ago.

I have lost all trust in the current maintainers of this project. I still like this distribution and really wish I could continue using it without worrying. I want things to improve. The usual disgruntled response is "Yeah, well, I'm gonna go build my own distribution. With blackjack and hookers!", but I don't have the desire, skill or time to maintain a gnu+linux distribution or a repo. Instead I am making my voice known and maybe something positive can happen.

I believe the main issue is one of communication. I think solving communication between users and maintainers would do void a lot of good. I would like to get an opinion from the maintainers on this.

Below this line, is the original post, it describes my frustrations. its from the 44422 PR https://web.archive.org/web/20230903050120/https://github.com/void-linux/void-packages/pull/44422

Every encounter I have had with the maintainers has been a negative one for the last few years. Look I understand opensource work pays nothing and is often a thankless job. But I have interacted with maintainers for other project and it never was this bad. Consistently moves are made with zero attempt to communicate them before they are done. This is not a one-off, this is a pattern, I will list the last 3 times that upsetting actions have been done before communicating them from my memory.

  1. I have attempted to a good user and to give back, on my first contribution I had my Pull request closed with no explanation as to why. (An explanation did come, but it was a day later, after I gave up.) https://web.archive.org/web/20230903041209/https://github.com/void-linux/void-packages/pull/37370 While I still feel it was a bit rude, I forgive this one. (please do not harass any of the people involved)
  2. Another upsetting action the maintainers have done is hijacking an existing packages and shipping a different program under the same name with zero communication about it before they did so. https://web.archive.org/web/20230903034123/https://github.com/void-linux/void-packages/pull/40044 This one alone under other a sightly different context would of had mobs of angry people & is still in principle an unacceptable behavior. The new launcher was not 1 to 1 compatible & gave me quite the scare, for a small amount of time thought my 7 year old world was lost, that was stressful.
  3. This: Most users do not interact with the maintainers of the software they use. There is a silent majority that is not hanging out in the IRC. Given the current popular stance on Crypto, I'm guessing this has more then just technical motivations, I understand not adding new coins, but looking at the Monero wallet, this clearly is a quick and dirty hit job, The Monero wallet was removed, but the debug and development files are still showing up in the search. https://web.archive.org/web/20230903044828/https://voidlinux.org/packages/?arch=x86_64&q=monero

I do not appreciate the maintainers making life style choices for me, Whats next? Are you going to remove TOR, that allows you to access and do bad things. Maybe void should remove everything with encryption, it's what bad people use to hide things. I use to run xbps-install -Suy weekly, keeping my system up to date, Now hesitate to update, every time I do so there is a chance something annoying will be done by the maintainers and that I should go double check.

classabbyamp commented 1 year ago
  1. I have attempted to a good user and to give back, on my first contribution I had my Pull request closed with no explanation as to why. (An explanation did come, but it was a day later, after I gave up.) https://web.archive.org/web/20230903041209/https://github.com/void-linux/void-packages/pull/37370 While I still feel it was a bit rude, I forgive this one. (please do not harass any of the people involved)

this is simply github's interface being bad at showing a manual merge. the PR was applied in commit 1c2891dcea

Yorizuka commented 1 year ago

this is simply github's interface being bad at showing a manual merge. the PR was applied in commit 1c2891d

That is good to know, thank you, I was not aware.

Yorizuka commented 1 year ago

Any how I am not here to cast stones at anyone, I am really looking to try to brainstorm ideas on how to improve communication between users and maintainers.

One idea is to add a mechanism to xbps to deliver a message to all users of a package in a really hard to miss way, without pushing a change to the package. This could then be used to for example invite users of a package to comment or poll on a change, or to at least be aware of it. (like when changing to a different fork)

There is no reason this system has to only apply to a specific package, this mechanism could also be a good way to reach out to all users. This could be nice for when trying to gauge consensus on a topic, a poll with real numbers could help a lot when making choices.

Duncaen commented 1 year ago

Just subscribe to issues of the repository.

Yorizuka commented 1 year ago

Just subscribe to issues of the repository.

That is not a bad suggestion, but I see some flaws that are not a good for maintainer to user communication. Not all users have a github account (or want one), it requires users to be familiar with github to know to do this and it does not provide good granularity.

The reason I suggested adding this to xbps the package manager, is because 100% of void users have it.

Duncaen commented 1 year ago

You are painting a negative picture of how bad maintainers have been. Your issue is that in two instances packages have been removed from the repository.

In one instance the packages were later added back because, there was not enough communication between maintainers and contributors and while most of them either agreed with the removal or abstained from it, some stepped up and took over maintenance. This could have been done better by tagging all contributors and maintainers of the relevant packages.

For the minecraft launcher, I don't see any issue at all. The maintainers treated you right and did nothing wrong. They explained why the package was removed and suggested or agreed that an install message would have been good. There is no problem at all and I don't see how you can take this interaction and now turn it into some big issue that helps you to show a pattern of issues.

I deleted my earlier response since it failed to address the whole picture. I don't think there is any issue that has not been addressed already and I definitely don't see a pattern of issues.

Yorizuka commented 1 year ago

With the minecraft launcher the problem is not that it was removed, that would of been the correct choice!

The problem is that I installed "PolyMC" onto my system, I did not install "Prism". An "update" to "PolyMC" quietly replaced one set of software with another. This happened quietly and without any communication. I only found out about this after I executed a program on my computer. How does that not obliterate trust with the package maintainers? sure it was just a minecraft client, but if I can't trust a minecraft client, then how can I trust more sensitive software?

A post install message would of been an improvement, but that is still not great move. If the concern was security then PolyMC should of been removed and not replaced, a new package should of been created for Prism and explicitly installed by the user.

This may seem like "nitpicking", but lets imagine a slightly different scenario where the fork added an anti feature that is really important to some users to not have. Lets imagine "Prism" added extra telemetry. In this theoretical scenario a user who is careful about what they add to there system would of been exposed to a package without ever having a choice in it.

Eloitor commented 1 year ago

If an update removes a package that I use, I would appreciate a post install message telling me so, telling me why and what can I do instead (telling me to manually install an alternative package for example).

Yorizuka commented 1 year ago

With the crypto PR, I am upset that out of the blue void is taking an anti crypto stance & then doing a wide purging of packages it's users depend on, regardless of how well they where maintained or if there was any willing maintainers. There was also zero links to any IRC log, or any summery of the WHAT & WHY for the ""consensus"". The way this was handled feels like there is an alternative non technical motive that is trying to be hidden.

I do not understand why it would be removed.

The PR adds new language to the CONTRIBUTING.md file, clearly saying crypto is not welcome. Unlike the segment about browser forks, there is no maybe, it also includes no explanation as to why, and is worded in a more strict way. Why will a browser fork be generally not accepted and the crypto flat out "are not accepted"?

If there is no intent on being neutral, then please make your political or social stance explicit and clear, if crypto people are not welcome in the void ecosystem then please just tell us that. If crypto in it self is not a problem and its a problem with maintaining packages, then lets work on that, I may be interested in helping with packaging if crypto packaging needs help, but I don't want to bother if that is not welcome.

the bit on crypto: Packages related to cryptocurrencies (wallets, miners, nodes, etc) are not accepted. the bit on browsers: Browser forks, including those based on Chromium and Firefox, are generally not accepted. Such forks require heavy patching, maintenance and hours of build time. https://github.com/0x5c/void-packages/blob/a5af93198436f779e3f9eda4666f06bd1bb75ac8/CONTRIBUTING.md?plain=1#L23

Duncaen commented 1 year ago

If an update removes a package that I use, I would appreciate a post install message telling me so, telling me why and what can I do instead (telling me to manually install an alternative package for example).

The packages are being listed for removal, you still have to actually accept the updates before the package is removed.

A post install message can only be shown by package that are still installed, new messages can't be put in old packages.

If there is something that pulling in the old or the new version, we can put an install message in it, like it was done with pipewire-mediasessions where an install message was added to pipewire.

There are a lot of packages that are being removed all the time, for good reasons.

Without removing them "automatically", users won't be able to update their system or install packages at all if they cause dependency conflicts by depending outdated libraries or packages. The "automatic" (user accepted) removals make it possible to update and remove packages at the same time, without breaking any dependencies. Users would have to manually remove the breaking packages while breaking potentially other currently installed packages that depend on them using xbps-remove --force-revdeps oldpkg so they can then update again withxbps-install -u.

If you really don't like the "automatic" removals, there are two options for you.

  1. ignorepkg=removed-packages and then uninstall the removed-packages meta package and manually remove packages if strictly required due to dependencies.
  2. Hold the removed-packages package and unhold it when required and (twice checked by you) using xbps-pkgdb -m hold removed-packages and xbps-pkgdb -m unhold removed-packages afterwards you can hold again.

If you do that, and you run into any troubles that you can't solve yourself, make sure you mention that you do this and first try to check if that is the cause.

With the crypto PR, I am upset that out of the blue void is taking an anti crypto stance & then doing a wide purging of packages it's users depend on, regardless of how well they where maintained or if there was any willing maintainers.

There was a single person that somewhat objected it in the pull request. And we already accepted that this wasn't good and more maintainers and contributors should have been pinged.

There was also zero links to any IRC log, or any summery of the WHAT & WHY for the ""consensus"". The way this was handled feels like there is an alternative non technical motive that is trying to be hidden.

Nobody linked or showed any logs, because there are no links, the channel is public and everyone is welcomed to join. Nobody here or in the PR afterwards said that the IRC discussion was enough to accept the removal.

Nothing was or is being hidden, it was a public pull request by a contributor that was open for 12 days, then it was merged after some approval. Again, this was reverted and discussed already in the PR that brought it back. If more people would have been pinged/tagged in the PR, this wouldn't have been a problem at all.

I don't see why why have to discuss this at length, nobody disapproved of bringing the packages back when contributors and maintainers wanted to bring them back.

I do not understand why it would be removed.

Literally just because some contributor opened a pull request and there was some chatter on IRC about the packages being outdated and not well maintained or of interest for anymore.

And again it was already reverted, and people accepted that it wasn't sufficient enough without pinging/tagging more maintainers.

If there is no intent on being neutral, then please make your political or social stance explicit and clear, if crypto people are not welcome in the void ecosystem then please just tell us that. If crypto in it self is not a problem and its a problem with maintaining packages, then lets work on that, I may be interested in helping with packaging if crypto packaging needs help, but I don't want to bother if that is not welcome.

Find a web3 based distributions with NFTs and shit, "crypto people" lol.

Its probably generally a good decision to not accept any "new" crypto currency packages anymore, would've been even better if that had been done earlier. If there for some reason actually happens to be something useful and important, then this can always be discussed. This avoids people wasting their time writing packages for things nobody with write access has interest in or is going to merge without having interest.

The wording is what it is, there was simply no big discussion and I don't think the wording is wrong in any way.

Yorizuka commented 1 year ago

I don't see why why have to discuss this at length, nobody disapproved of bringing the packages back when contributors and maintainers wanted to bring them back.

There was a single person that somewhat objected it in the pull request. And we already accepted that this wasn't good and more maintainers and contributors should have been pinged.

Literally just because some contributor opened a pull request and there was some chatter on IRC about the packages being outdated and not well maintained or of interest for anymore.

Nothing was or is being hidden, it was a public pull request by a contributor that was open for 12 days, then it was merged after some approval.

It's awesome that some chatter in a non officially logged IRC chat can create a lot of chaos /s, the communication process failed and it wont be changed magically, this will not be the last time. Also this wonderful new precedent will be used in the future, like how a bad action was used to justify the crypto removal PR. Even if after the fact it was "accepted" that it wasn't good. I gave this one a heart because they provided an example https://github.com/void-linux/void-packages/pull/44422#issuecomment-1659081991

Also the claim in the PR opening comment is false, not all the PRs referenced where dead or tiny unimportant projects. https://github.com/void-linux/void-packages/pull/43702 https://github.com/void-linux/void-packages/pull/44133 I am so glad that was so well inspected before approval. /s

Find a web3 based distributions with NFTs and shit, "crypto people" lol.

See this is what I was fearing, an entire technology will now be marked as irredeemable, because morons and grifters found out and decided to get rich quick and don't even know what it is that they are buying. I also do not like people buying images of apes (as an investment plan? (it's really stupid agreed)), hell even putting it like that is adding to it, they are not buying "images", they are buying an immutable record of a hash of an image as proof that they ""own"" an image. I can't wait for the day crypto prices stabilize (won't be soon sadly), it will make them actually useful as a currency.

As for web3 yes most of it is a dumpster fire, a lot of it is actually a privacy nightmare worse then what we have now. But I also do not want to toss out the baby with the bath water. For example Namecoin & ENS are interesting technologies, they provide a solution that gives you all three properties of Zooko's triangle. The current system of centralized DNS is problematic when it comes to censorship.

Any how thank you for insulting me directly, its so nice lol! Your doing a good job adding to the list of quality interactions with the void package maintainers /s

This avoids people wasting their time writing packages for things nobody with write access has interest in or is going to merge without having interest.

So Void is a not a general purpose operating system and is instead a playpen for only the stuff a few people find interesting?

(note: this post has edits)

Duncaen commented 1 year ago

It's awesome that some chatter in a non officially logged IRC chat can create a lot of chaos /s, the communication process failed and it wont be changed magically, this will not be the last time. Also this wonderful new precedent will be used in the future, like how a bad action was used to justify the crypto removal PR. Even if after the fact it was "accepted" that it wasn't good. I gave this one a heart because they provided an example #44422 (comment)

Also the claim in the PR opening comment is false, not all the PRs referenced where dead or tiny unimportant projects. #43702 #44133 I am so glad that was so well inspected before approval. /s

Nothing is being justified, the communication process is appropriate for 99% of daily changes that are merged. This does not set any precedent, other than that yes changes like that should require more approval.

Any how thank you for insulting me directly, its so nice lol! Your doing a good job adding to the list of quality interactions with the void package maintainers /s

Awesome another made up bad interaction you can fit your narrative.

So Void is a not a general purpose operating system and is instead a playpen for only the stuff a few people find interesting?

Merging packages that are going to be build on void linux build servers and are in the official repository are merged at the void teams discretion. If they don't get actively maintained anymore, if they need rebuilds due to dependencies, they will fall back on people who are regular contributors. What a shocker, every single open source project and linux distribution works like that.

Yorizuka commented 1 year ago

alright I get it, I have escalated this too far, nothing good will happen, but how else was this intended to be taken, how could this be interpreted in a positive way, if no negative implication was intended? Maybe I am the dense one here, please do explain. I am not trying to place words in your mouth or to make stuff up.

Find a web3 based distributions with NFTs and shit, "crypto people" lol.

Duncaen commented 1 year ago

Yes I made fun of you calling yourself a crypto person.

Yorizuka commented 1 year ago

Well I am a bit of a clown here, I created a issue titled "Better Communication" and I did not do a good job at starting this conversation, my initial post was not written in a way conducive to positive change, its function as more of a vent for negative nonsense, I should of taken a different angle.

Yes I made fun of you calling yourself a crypto person.

That is the best wording I could come up with for people with an interest in cryptocurrency technology. Why should people that hold that interest be ridiculed & lumped in with scammers? Is there a better term you would like to suggest, that is less silly?

Yorizuka commented 1 year ago

I do not think you, or anyone else is getting any value from this interaction, and I am not getting anything good out of this too.

The way the PRs where handled where not good & a structural change could help there. Act then explain/correct if asked later is not a good experience, its a very negative one. The perceived lack of communication do not inspire trust & make it look like that the intent was to make big changes go unnoticed. I now understand I should of not immediately assumed malice, that is on me, I am sorry. I do not wish to craft a fake narrative.

If this issue is un-salvageable, It might be best to close this issue. Even if we close this issue, I still urge that a conversation should be taken to improve the situation. Maybe having it in private between usual members without a nutjob like me will hopefully result in something good.

Opensource is often thankless and this issue will sadly be a example of that, Keep up the wonderful work on Void, hopefully things will improve.

0x5c commented 1 year ago

Also the claim in the PR opening comment is false, not all the PRs referenced where dead or tiny unimportant projects.

As the person who wrote the PR, what claim are you talking about, and where are they contained in the PR's text? Note that no edits were made to the PR

Yorizuka commented 1 year ago

To be transparent, this post https://github.com/void-linux/void-packages/issues/45892#issuecomment-1704742605 was written with anger, I was attributing malice to your PR and was "reading in between the lines", that was wrong of me.

Also the claim in the PR opening comment is false, not all the PRs referenced where dead or tiny unimportant projects.

As the person who wrote the PR, what claim are you talking about, and where are they contained in the PR's text? Note that no edits were made to the PR

I will attempt to explain my thoughts at that moment.

I was viewing the entire PR from an adversarial prospective, I believed the PR never had attempted consensus and that the initial post was simply a cover story to remove stuff that was not liked. To my eyes the inital post was specifically crafted to be vague and hard to counter. I believed the This has been discussed multiple times on IRC, and it seems the general consensus was towards removal was written to create more credibility without anything backing the statement. To anyone who was not in the IRC at that point, there is no way verify. Also this created the question of how many people does it take to count as a "consensus".

So discarding the IRC statement as unverifiable, there was no more text that could explain the justification for what was in my eyes a huge change. Then next was the CONTRIBUTING.md change, The way it was worded made it look like a non reversible project wide change to kill all possible reverts. I interpreted the language as specifically crafted to shoot down all possible conversations, due to omitting words like "generally" signaling that no debate could be had.

Lastly this PR was huge touching all crypto, usually most PR I have looked at touch a few packages. So that read to me as a attempt to do this quickly before people would notice.

To be fair, you did call your branch remove/cryptoshit so honestly I still think of you as an non neutral adversary & am skeptical of anything you say, but attributing pure malice is not a good approach.

(edit: typo fix)

Yorizuka commented 1 year ago

I do not want to blame any individual, adversarial or not I do not think your PR is the problem. The problem is that it was merged.

Also https://github.com/void-linux/void-packages/pull/44778 is not an acceptable compromise, the reviewer should be neutral & this is a joke https://github.com/void-linux/void-packages/pull/44778/files/3c353891313291f29d219a339dfb68db1ff2f44d this should be removed, or at least use soft wording to be a real compromise.

As is, this looks more like damage control at best.