Open source is a thankless job and I think we've lost the plot on how we treat maintainers (github.com)
from sanitation@lemmy.today to programming@programming.dev on 02 Jul 10:17
https://lemmy.today/post/55821410

I saw an issue today on a fairly popular project (better-auth, see the link to the issue attached). No repro, no context, just a wall of caps and profanity ending in “fuck you”. The maintainers ship this for free. People run production businesses on top of it, for free. And the thanks is someone raging into a text box because a minor bump cost them an afternoon.

I maintain and contribute to a few projects myself, so this hits a nerve a bit. Something people don’t see from the outside: it’s not enough to know how to build the thing. You also have to know how to defuse a thread where someone’s insulting you and not fire back, even though most of us aren’t paid for any of it, let alone the work of staying civil while being told to get fucked.

I’m not pretending breaking changes don’t cause real pain (that’s what the issue is about). But I keep coming back to a boundary question: if you’re not paying for it, do you actually get to demand anything? (Obviously yes, but we still need some boundaries)

#programming

threaded - newest

bitfucker@programming.dev on 02 Jul 10:44 next collapse

Naah, I don’t really demand anything if the author breaks something on update. I just asked if the breaking changes are intentional and if there’s a workaround. Failing that, I revert and look for other libraries or roll my own. To me Open Source is always about making something you love without any obligation. Not even to follow semver.

WhatAmLemmy@lemmy.world on 02 Jul 13:36 collapse

That view of open source only applies for non-profits and hobbyists, releasing code that solves their problems altruistically.

Corporations, startups, and VC’s abuse open source by using it as a means to gain goodwill and trust until they are funded or profitable, then they perform a bait and switch or other parasitic practices; they deserve the hate, and can eat shit and die.

Also, if you’re not gonna follow semver don’t use semver. Just use YYYY-MM-DD or whatever. Quite simple really.

Regarding this project; anyone who chooses to use new (thus untrustworthy) foss libraries in prod without version pinning and thorough integration testing is an idiot.

Feathercrown@lemmy.world on 02 Jul 17:36 collapse

Yeah, choosing to establish the semver social contract and then break it is not great

devaly@ani.social on 02 Jul 11:40 next collapse

This guy has a public identity and even has some very starred repos. I wonder if he gave so much as a thought regarding his whole company seeing his disgusting attitude.

manxu@piefed.social on 02 Jul 12:32 next collapse

I was surprised to find out that he actually stuck with his original issue text and defended it later on. I understand being frustrated and all, but an apology about the tone was definitely in order.

olenkoVD@lemmy.dbzer0.com on 02 Jul 13:18 collapse

this is the Next.JS dev

Marija@programming.dev on 02 Jul 12:44 next collapse

Optimocracy depends on respecting maintainers.

kibiz0r@midwest.social on 02 Jul 13:19 next collapse

Complains about improper release management.

Apparently not using lockfiles for prod.

This is not a serious developer.

Kissaki@programming.dev on 02 Jul 14:09 collapse

What makes you think it’s a lockfile issue? If they sighted a patch upgrade then updated the lockfiles but then noticed a breaking change, then lockfiles are irrelevant.

If it’s actually like they claim, I understand the frustration. (Not that I know this project in particular or how it gets integrated.) Without clear versioning and/or changelogs/release notes managing upgrades is cumbersome, sometimes impossible.

In some cases I’ve had to ask for clarification in PRs because release notes were not clear, PR was not clear, and resolved ticket was also not clear on the thing or solution.

Apparently they had issues before, so maybe they could have expected “patch may not be patch-only”.

kibiz0r@midwest.social on 02 Jul 15:49 collapse

It’s the combination of “breaking changes on minor releases” and “disregard for … production environments”.

Can you stop releasing breaking changes on minor releases? It’s absolutely infuriating that you guys keep doing this over and over again with complete disregard for people downstream using this package in production environments.

By the time you’re deploying to production, you should already have your versions locked in, so semver does not factor into resolving dependencies for production deployments at all.

I can understand it being annoying for development processes. Like, if you have a dependabot-style tool that tests against new releases and submits PRs for them, that can definitely be a waste of time and attention if it fails frequently on patch-level updates.

But in between that “eager testing” step and a production rollout, there needs to be a moment where a human reviews the updates and signs off on updating the lockfile.

And at that moment, reading the changelog, it really doesn’t matter if it says “1.0.1: breaking changes!” or “2.0.0: breaking changes!”, because you need to be looking at the substance of the update.

The only way semver violations burn you in a prod env is if you’re YOLOing new versions out there, either by forgoing a lockfile or by merging lockfile updates without review.

mycodesucks@lemmy.world on 02 Jul 13:25 next collapse

I thought the proper way to treat maintainers was to shamelessly and immediately volunteer other people’s labor for endless forks every time something we don’t like happens?

obelisk_complex@piefed.ca on 02 Jul 13:31 next collapse

Guy keeps talking about their “customers” and they don’t charge a dime. I’m not sure that word means what he thinks it means. They have users, and that’s exactly what he’s acting like.

Kissaki@programming.dev on 02 Jul 14:00 next collapse

The first version included a ‘Fuck you’ but they edited it away.

Kissaki@programming.dev on 02 Jul 14:01 next collapse

I don’t think there’s a particular need to defuse into a productive discussion. Something like that, with no repro or respect - lock and close, with a comment on why/that onproductive and disrespectful/what it could have been.

Tone should always be respectful. Something like this should have been a respectful, open suggestion, explaining the issues no clear semver causes.

If they don’t respond to your needs - you can accept it or leave/fork.

thisisbutaname@discuss.tchncs.de on 02 Jul 14:57 next collapse

From the license:

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

It’s the necessary tradeoff of free/open source software. You get something for free and with permission to do (almost) anything with it, but you get no warranties.

If this user had simply pointed out the issue it’d have been totally fine, the dev(s) might have missed it and it’d be helpful to let them know. The entitlement shown here is not OK in any way, regardless of the validity of the point made.

tgcoldrockn@lemmy.world on 02 Jul 16:10 next collapse

Coming from /all, not a programmer, user of multiple FOSS, … thank you thank you thank you! I’m grateful I’ve been able to leave subscription ecosystems without a loss of important tool sets.

CoryCoolguy@lemmy.myserv.one on 02 Jul 16:27 next collapse

“Sorry about that. We will issue a full refund.”

Feathercrown@lemmy.world on 02 Jul 17:22 collapse

I don’t think it’s valid to simultaneously present open-source as a legitimate alternative for paid software, while also saying you can’t have expectations of the software or trust its guarantees (ie. semver) because it’s just a volunteer project. If you’re presenting your OSS in the serious space of choices for its niche, it will (and should be!) held to a high standard. If it can’t be, then don’t present it as a real alternative. I’ve noticed this (mostly-unintentional) conflation between serious OSS competitors and hobby projects in almost every discussion on this topic I’ve seen.