Mastodawn

Björkus "No time_t to Die" Dorkus Sep 4, 2023

When someone decides to make up entire bungles of horse shit in their "explanation" and "apology" ( https://archive.ph/Utaz1 ) about the weird shit they did.

I want off this fucking ride.

"Postpone to 2024"? Present at a "tier 2 conference"? My reasoning is contained directly in my blog post ( https://thephd.dev/i-am-no-longer-speaking-at-rustconf-2023#-huh ). If you're going to fucking lie about me at least try and be fucking accurate about it:

“It is also deeply confusing and ultimately insulting for them not to contact me beforehand and simply ask me if I would disclaimer my work to make it clear that they did not explicitly endorse this direction. Multiple times before the RustConf schedule and program was released, I made it obscenely clear that there was not going going to be an RFC for the work I was talking about (“Pre-RFC” is the exact wording I used when talking to individuals involved with Rust Project Leadership), that this might bias folks, and whether or not it would be okay to do this. Individuals in contact with me both inside and outside RustConf leadership made it abundantly clearly that this topic was perfectly fine. Furthermore, they had already met to discuss my work before hand, so at no point should anyone be confused about what my intentions and goals are.”
That someone would try to use game-of-telephone bullshit to make it seem like I deserved to have my keynote outright removed (which was the ACTUAL SUGGESTION given to RustConf, and they changed it to a DOWNGRADE to prevent bigger fallout from Triplett and Tolnay's CLEAR oversteps and, apparently, outright lies here!), or that I was in agreement with such a removal, when I literally took the required time to make a proper assessment of the situation and respond like an ADULT, is some WILD nonsense!

Is this a common Rust Project occurrence? Do people just do this ALL THE TIME? WHAT IS GOING ON OVER THERE?!

Edit: added some fucking alt-text because I'm so fucking annoyed at this bullshit.

Luna D Dragon Sep 4, 2023

@thephd in case someone hasn't said it yet, the gist was updated and Tolnay claims that he just "forgot" or "misremembered"

Björkus "No time_t to Die" Dorkus Sep 4, 2023

@lunarequest Forgot or misremembered a conversation he wasn't there for, consulted no existing resources, and then just tooootally dropped that in his footnotes without linking to the very public information around the subject?

Yeah.

I'm buying it, for sure.

Luna D Dragon Sep 4, 2023

@thephd I'm very much in the camp that he should be removed from working on rust lang. if possible even from projects like serde as well. Wish i could do more than saying this.

actioninja Sep 4, 2023

@lunarequest @thephd
Serde is effectively owned by dtolnay, he is the top dog maintainer and direct commits to master. I don't see ousting him from lang happening, but getting him out of serde is practically impossible.
You would need to make a new serialization library, but it's currently impossible to provide what Serde does without taking the same approach of requiring the types to implement it because no remote derives and the orphan rule. It would suck to split the ecosystem, and Serde already has the network effect.
And of course, the project that would have allowed this to change was cancelled after a controversy involving pressure from backchannels to kneecap their work.
What a coincidence.
🫠

scunneen (he/him) 🚋

@actioninja @lunarequest @thephd Can't someone just fork Serde? It is open source, isn't it?

@scunneen and fork all the projects that use it… it’s not so simple.

scunneen (he/him) 🚋Sep 4, 2023

@blinkygal Well considering that this guy apparently pushed changes to it which broke stuff without any warning, I'd think everyone using it would be looking for an alternative

@scunneen Folks were starting to, but he removed those changes since it was just a ploy to motivate an rfc he was about to publish, apparently. I am not saying it’s not possible, just that forking a library is far from a complete solution.

scunneen (he/him) 🚋Sep 4, 2023

@blinkygal Yeah, you'd need to convince a huge number of people to go along with it and some people would have to take on the burden of maintaining the fork. I'm just a college student so I'm sure there are even more challenges I don't understand. I don't know much about Rust and it does seem this guy made some valuable contributions. But based on the crap he pulled on @ThePHD and willingness to temporarily break stuff as a stunt, he sounds like he could become a millstone around Rust's neck.

RAOF Sep 4, 2023

@blinkygal @scunneen there is actually a third option: remove his upload rights to crates.io for serde, and give them to someone else (or, frankly, to a team; serde is core enough).

No action required from the downstreams, and the team can organise their fork however they choose.

RAOF Sep 4, 2023

@blinkygal @scunneen this actually seems like a not-unreasonable solution to me. It seems dtolnay has scuppered both an excellent, significantly advanced, compile-time reflection project the foundation(?) was paying for and now driven off an extremely qualified candidate for the Rust specification work.

RAOF Sep 4, 2023

@blinkygal @scunneen “individuals do not own significant pieces of community infrastructure” seems like a worthwhile norm to begin enforcing.

scunneen (he/him) 🚋Sep 5, 2023

@RAOF @blinkygal Yeah, the whole idea of open source is to give users more control over their computers. If one guy can unilaterally decide to install unvetted binary blobs on your PC, break working stuff, or torpedo a promising idea for a new feature in a way that screws over a very talented developer, that kinda goes against that idea.

Sebastian Lauwers Sep 5, 2023

@scunneen @RAOF @blinkygal this seems rife for abuse. “Individuals can’t be trusted, therefore the iron crate will henceforth be maintained by Amazon.” is not an email I ever want to receive.

scunneen (he/him) 🚋Sep 5, 2023

@teotwaki @RAOF @blinkygal Well personally if I were the Rust Foundation I wouldn't just grab control of the repository, but I would tell him that serde has become too big and too important to be controlled by him alone, or to let anyone post code to it's repository without review, and that he should either transfer final control to a team or have the Foundation create an officially blessed fork named RustSerialize or something.

RAOF Sep 6, 2023

@scunneen @teotwaki @blinkygal Right, the goal is “core infrastructure has, and continues to have, community-acceptable governance and development practices”.

There's lots of moving parts to that - what does “core infrastructure” mean¹, what does “community acceptable governance” mean, and none of these have rigid distinctions. A process to handle this would involve regularly identifying core infrastructure, providing help organising maintenance/governance teams for said infrastructure, and so on.

And, as a last resort, a process for a team to take over publishing of a core infrastructure crate.

RAOF Sep 6, 2023

@scunneen @teotwaki @blinkygal I think this sounds more aggressive now than it would be in practice, because it's come up as a response to something of a crisis where a sole maintainer of core infrastructure has burnt significant trust in both their development practices and their governance practices.

I think it's likely that having a process for core infrastructure would avoid future crises. OSS maintainers, by and large, are not known for turning down help maintaining their libraries!

scunneen (he/him) 🚋Sep 6, 2023

@RAOF @teotwaki @blinkygal Yeah. I think taking away some power from him isn't just a matter of him being punished for his actions, its also a matter of the fact that no person, no matter who or how good they are, should have so much power over a core part of a programming language with millions of users.

Sebastian Lauwers Sep 6, 2023

@scunneen @RAOF @blinkygal I don’t think taking away people’s work from them is something I could ever support, regardless of what that person may have done, or how critical the work may be to anyone.

If they ask or invite the conversation, sure. If you offer the idea and they embrace it fully, sure.

Stripping people of their work because of the success of said work is unacceptable and would lead to infighting and forks up the wazoo. This is how we end with Rust forks, or dead #Rust

Sebastian Lauwers Sep 6, 2023

@scunneen @RAOF @blinkygal the reason why this feels so icky to me is that it occurs to me that this would be real piracy in the digital world. “You are no longer the owner of this work because committee XYZ has deemed it too critical for the greater good”. There might even be a similar line in Animal Farm. “Just be happy you get to keep a plaque as the original author. Maybe in the next release we remove your name from the README.md”.

I’m exaggerating, however I hope my point comes across.

RAOF Sep 6, 2023

@teotwaki @scunneen @blinkygal Wheras I think this actually happens all the time in the wider world - property becomes progressively more regulated - progressively less yours - the more publicly critical it is.

You can do what you want in your own kitchen, but if you want to employ people to work in it and sell food to the public it's now constrained to meet various standards. If you build a big kitchen and make lots of food you're even less free to run your property as you wish, and so on.

I'd also dispute that this is "stripping them of their work"; they still have their work, and at worst could publish it under a different name. What they don't have is the technical lock-in.

Sebastian Lauwers Sep 6, 2023

@RAOF @scunneen @blinkygal But… FOSS is not a commercial venture where I sell food to patrons of my establishment. I decided to start a project to scratch my own itch, or because I felt passionate about it. I decided to share my work openly as I feel this is best for innovation—or whatever other reason. Now others start using my work, and all of a sudden I have to give up the name of the project I created because it was successful? How is that fair in any sense?

Sebastian Lauwers Sep 6, 2023

@RAOF @scunneen @blinkygal Forcing people to republish their own work under a different name is a complete violation of the spirit of every copyleft licence I can think of.

Just because I use a specific _programming language_ does not mean I opted into a specific project structure or organisation. If I want to commit to master without unit tests, so be it; it is my code and my project. If I want to make future contributions proprietary, I can.

If you don’t like it, don’t use my code.

Sebastian Lauwers Sep 6, 2023

@RAOF @scunneen @blinkygal Those are the fundamental tenets of free software. We are free.

Do we need a way to handle the catastrophe that is happening right now? Absolutely. However expropriation (of projects or packages/crates) is not the way, and never will be.

RAOF Sep 6, 2023

@teotwaki @scunneen @blinkygal huh, thank you. I think this crystallised a niggling issue I had with your arguments. I think you've got free software exactly backwards.

The core spirit of free software licences is a rejection of the ownership of code. Free software licences are all about limiting the rights of authors to generate a commons of code, available to all, owned by no one.

Sebastian Lauwers Sep 6, 2023

@RAOF @scunneen @blinkygal That’s an interesting point, if a bit combative and inflammatory.

I agree that the code is inherently free, and that is the point of free software. However I’m still the owner of the project, no? Call it a maintainer or BDFL or whatever. You don’t get to take my project’s name and run with it. You can take my code and use it elsewhere, but you can’t just decide “now I am contributing to this project regardless of what the project leadership decides”.

RAOF Sep 6, 2023

@teotwaki @scunneen @blinkygal I think the language there is instructive? A maintainer is not an owner - in physical infrastructure, owners very frequently employ maintainers - and “BDFL” is a deliberately over the top title trying to resolve the discomfort of unreasonable power through ironic exaggeration.

But this is somewhat of a digression 😀

Sebastian Lauwers Sep 6, 2023

@RAOF @scunneen @blinkygal You’re arguing semantics and constructing strawmen instead of answering the question, though. Do you think it reasonable to take over a project’s name because you disagree with its governance?

Say you want to contribute to iron but they reject your PR, so you decide to fork out. Do you maintain the same name? Should neovim have kept the name vim? Should LibreSSL have kept the name OpenSSL? Should LibreOffice have kept the name OpenOffice?

scunneen (he/him) 🚋Sep 6, 2023

@teotwaki @RAOF @blinkygal Well, I wouldn't be proposing stripping people completely of control of their work, only that they shouldn't have absolute power over it, so they can't push out new features that break important stuff without warning. I want to prevent things like node.js 's LeftPad debacle, when a single disgruntled contributor was able to break the build processes of tons of libraries that depended on his package.

scunneen (he/him) 🚋Sep 6, 2023

@teotwaki @RAOF @blinkygal I think Perhaps you could define "core" packages as packages that Rust Project's own packages depend on. Then you could simply say that the Rust Project won't use any package as a dependancy if there is a person who has the power to make arbitrary changes to the code without running them by anyone else. This would require the Rust Project to either convince serde to change its governance structure, or fork serde

Sebastian Lauwers Sep 6, 2023

@scunneen @RAOF @blinkygal Yes! This is a much more reasonable approach. Propose a project gets “adopted” into Rust, with all the governance and procedures that entails to safeguard quality.

If the project refuses, which is their right, then a decision can be made to fork it in order to bring it under the Rust project umbrella. Or an alternative can be developed.

RAOF Sep 6, 2023

@teotwaki @scunneen @blinkygal This is basically my proposal, but without the additional, technical, step to prevent the fork being a break-the-world event for the ecosystem.

Sebastian Lauwers Sep 6, 2023

@RAOF @scunneen @blinkygal But if that arguably hostile takeover of a crate name is part of the official language processes… why would I want to contribute to that language?

As a company, I now risk the language breaking my flow because I refused to relinquish control over critical infrastructure for me.

Could you dive deeper in that aspect?

@teotwaki @RAOF @scunneen @blinkygal In my opinion, when you publish your crate on crates.io, the centralized registry of #Rust, then you are selling goods to the public (your example with food above). If you want this project to be your pet project that you can brake harming others, then the central registry should act and protect the public.

A person or company can just have their own registry or just use Git in Crago.toml if they don't care about harming public users.

Sebastian Lauwers Sep 6, 2023

@mo8it @RAOF @scunneen @blinkygal So you’re arguing for the crate registry as being the gate or “point of admission”. A sort of “you must be this high to enter this ride”, but instead “you must agree to the following code of conduct/governance in case you become critical infrastructure”. Okay, that could be fair.

Would it be possible to make this a flag? Maybe even in Cargo.toml? community_governance = true|false with different effects?

Sebastian Lauwers Sep 6, 2023

@mo8it @RAOF @scunneen @blinkygal That way when you select a dependency you know whether it has “reasonable” governance options if that is what you feel strongly about, and we still keep the crate infrastructure open and usable?

@teotwaki @RAOF @scunneen @blinkygal No need for an extra flag (I get the irony). Just point to a Git repository. Well, that actually wouldn't be enough because public Git instances might also take your repo down if your code is harmful. Well, I guess, the best option for full freedom would be to host your own Git server. But wait, there is the ISP?

What I want to say is: The internet requires regulation. I can't just harm others and call it freedom.

Happy to be corrected.

Sebastian Lauwers Sep 6, 2023

@mo8it @RAOF @scunneen @blinkygal I believe you’re talking about something else. You’re talking about actively taking down nefarious packages, which I have no issue with. The others are talking about taking over ownership/stewardship of a project because they disagree with the way it is being built/managed/maintained.