Hacker Neue

Preferences
altairprime parent
On the spectrum of grey areas from “request” to “demand”, we not only have to evaluate the literal words typed but also the context and expectations of open source. As the libxml2 maintainer indicates, they are no longer willing to participate in security bug secrecy and priority. In hindsight, those expectations that most take for granted as necessary must have demanded considerable time and energy from them. They could have said no at any time, but not as easily as turning down a feature request. For asocial-leaning maintainers (hi!) saying no to security processes is no more difficult than refusing any other request — but for the vast majority of maintainers, it will take an effort of courage and will to refuse the ‘demands’ — the social pressures, the contexts and expectations — of security’s best practices, reporting processes, and priority overrides. (Elsethread, the individual making demands in an issue is also a case of ‘demand’ rather than ‘request’, that isn’t much in the in-between grey area at all.)

Psychologically, it hits different when a leecher — someone whose uploads are not greater than some minimum threshold — begins demanding something; what they receive then is not just a free copy of the maintainer’s work to profit from, but also the specialized work of the maintainer to satisfy or reject their request. The cumulative impact of dealing with parasites is distinct from the demotivating effect of profitable leechers who silently download their work and never say anything at all?(and also from the motivating effect of seeing millions of people benefiting from leeching — adoption is often a significant reward). Torrenting has no language for this difference, as in torrenting there is no such problem; so I did some research and chose ‘parasite’ here. I recognize that, scientifically, the animal ‘leech’ tends to be viewed as ‘parasitic’; but there’s a clear difference in connotations, as a torrent leecher is not viewed with – does not view themselves with — the same disgust and loathing as parasites are.

jsnell
> begins demanding something

Yes, those alleged demands by "leechers" are exactly what I've been asking about. From the lack of specifics, it is starting to be pretty obvious that they do not actually exist.

I'm not saying that the maintainer did anything wrong. They don't have to give anyone the time of day, and everyone should be happier now that expectations have been set appropriately.

But why can't we just accept that it is a choice he has the right to make? Why do we need to fabricate villains by making up stories about demands, entitlement, and billions in profit?

altairprime OP
> Why do we need to fabricate villains

Is the behavior of these corporations towards maintainers something that we should evaluate against moral standards — i.e. by considering “are they villains in this story?” — or are they exempt from such moral judgments so long as they complied lawfully with the licensing terms?

I think the former. If I interpret your question correctly, you think the latter? I’m not open to persuasion on this specific viewpoint, so we’re probably at an impasse here.

jsnell
I mean, I've mostly been trying to establish what the specific alleged behavior even is and what the factual basis is for the allegation.

I certainly can't agree with the maximalist interpretation of what you're ascribing to me. There's all kinds of things that are lawful and within the licensing terms but that would still be unacceptable.

But I do not think that mere use of open source software is abuse of the maintainer, even if the use is for profit. Nor is security research or reporting bugs. (But inversely the maintainer has no obligation to those users, no obligation to fix or acknowledge the bugs. The new security disclaimer seems like a great way to change the userbase without having to change the license.)

This item has no comments currently.