@delroth What's the point in publishing something publicly on here if you don't care to receive public attention?
Anyway, I got my answer. It's very likely some useless drama again that I'll continue to blissfully ignore.
@delroth Care to explain the context?
"Documented", sure, but the way it looks to me so far is a "dude with authority/responsibility" in a project says something edgy, is labelled a "fascist", his project is then labelled "facist", etc. until anyone who consider using the tech is labelled the same.
Just want to make sure I did not miss anything of importance.
@tilton @zkat Ah fair enough! Yes I hadn't considered that aspect. The situation gets even trickier when people are actually lovely but the sheer amount of attention required by the mass of requests will burn you out, even when each request, in isolation, is legitimate and "kind".
What you describe is, I think, true of any software project with a public bug tracker. My experience is that it's not limited to open source.
@ska Who's strawmanning who?
There is a cost associated with rewrites. That's the point of the FUD big tech spread about non-permissive stuff. It took a decade for Apple (and many, jumping on the bandwagon) to replace GCC.
So what exactly should we stop focusing on because it's secondary, then? OSS dev exploitation by the capital? Or, the discussions that occurred in early 2000s about big tech's licensing FUD? Law will do shit for someone who chose permissive for the wrong reasons.
@ska @zkat This there, is flawed logic.
The situation is simple, really: a license file grants permission for others to use your work, under the terms you state.
Pretending that it doesn't change anything therefore you should use a permissive license is not logic, it's propaganda.
Elasticsearch and Hashicorp are examples of companies that fell for that flawed logic and whined about permissive being permissive.
License as you want it, not because "oh you can trust me bro".
@tilton @zkat Are you talking about "abuse" in the sense that they removed the MIT copyright notice or "abuse" in the sense that you didn't actually mean to permit unlimited use to everyone but did anyway?
When you tell someone, in writting, "you can have all cookies in that jar, just don't remove this label", I really don't expect conversations about abuse when someone says "don't mind if I do".
I might have missed important aspects of the conversation though.
@ocdtrekkie Your threat model is all over the place. If an attacker has access to your DNS records, it's over. All the PKI web of trust is based on DNS records as source of truth for your services' identity.
If you still control your DNS records, the manual way involves people (teams usually) with same superadmin rights, emails, deployment processes, etc. HTTP-01 requires the server to serve random bits on HTTP for a few seconds, without any need for secrets or creds, just a valid DNS record.