Most active commenters
  • Alex3917(3)
  • jstarfish(3)
  • jacquesm(3)

←back to thread

“I'm basically giving myself a permanent vacation from being BDFL”

(mail.python.org)
2024 points randlet | 18 comments | 12 Jul 18 15:22 UTC | HN request time: 3.194s | source | bottom
Show context
bla2 ◴[12 Jul 18 16:02 UTC] No.17515883[source]
> I don't ever want to have to fight so hard for a PEP and find that so many people despise my decisions.

Leading a large open source project must be terrible in this age of constant outrage :-(

replies(9): >>17515955 #>>17515972 #>>17516193 #>>17516427 #>>17516776 #>>17516884 #>>17517282 #>>17517716 #>>17517821 #
sjm-lbm ◴[12 Jul 18 16:09 UTC] No.17515955[source]
It's PHP and not Python, but every time I read something like this from a major open source figure, I always think of this old PHP mailing list thread:

https://bugs.php.net/bug.php?id=50696

replies(8): >>17516108 #>>17516130 #>>17516216 #>>17516240 #>>17516461 #>>17516708 #>>17516836 #>>17517666 #
Y_Y ◴[12 Jul 18 16:24 UTC] No.17516108[source]
That's a good read. I feel like the "customer is always right" mentality does quite a bit of harm to OSS support.

Also reminds me of that dev (who I can't seem to search up) who had their email printed as part of a open-source software license in a car manual and would get ridiculous email from people who had car trouble.

replies(6): >>17516199 #>>17516206 #>>17516230 #>>17516371 #>>17516964 #>>17517308 #
1. Alex3917 ◴[12 Jul 18 17:48 UTC] No.17516964[source]
> "customer is always right" mentality does quite a bit of harm to OSS support.

It goes both ways. All too often people promote their new library on HN and Reddit, wait until a bunch of people are using it as a dependency, and then abandon it without even telling anyone whether or not it’s abandoned.

replies(2): >>17517068 #>>17517252 #
2. jstarfish ◴[12 Jul 18 18:00 UTC] No.17517068[source]
Not using toy libraries for production systems is a lesson every young developer learns early on in their career.
replies(3): >>17517183 #>>17517245 #>>17517678 #
3. jacquesm ◴[12 Jul 18 18:15 UTC] No.17517183[source]
Fortunately every young developer is also schooled extensively in telling toy libraries apart from serious ones.
replies(3): >>17517708 #>>17517858 #>>17519660 #
4. passiveincomelg ◴[12 Jul 18 18:22 UTC] No.17517245[source]
In what parallel universe are you and how do I find the next wormhole to get there? :)
replies(1): >>17517728 #
5. cf498 ◴[12 Jul 18 18:22 UTC] No.17517252[source]
There is a fundamental difference between the extreme of stuff like GnuPGP, OpenSSL and other extreme of stuff someone created over the weekend and was nice enough to make available

I dont want to know, how much of core infrastructure is resting on the shoulder of overworked and burned out BDFL. This isnt a ego complex in most cases, but the knowledge that without someone with their commitment working at the project it will crumble.

6. Alex3917 ◴[12 Jul 18 19:12 UTC] No.17517678[source]
If you put something out there and no one uses it then fine. But once it has hundreds of commits and issues and over 1,000 stars on GitHub, then I think you have some responsibility to people using the thing you’ve created -- if you’ve been actively promoting it as something everyone should use.
replies(2): >>17517913 #>>17518331 #
7. janoc ◴[12 Jul 18 19:15 UTC] No.17517708{3}[source]
And why isn't the young developer being mentored by someone more senior before introducing a new dependency into a business critical system?

Why is what amounts to a clear project management failure the problem of some open source developer who has published their personal pet project?

If dependencies aren't reviewed before being used, how does such organization handle software license compliance (whether OSS or proprietary), for example?

A clear cut case of trying to shift blame for own failings onto an unpaid volunteer that has helped to save the commercial developer time and money, IMO.

replies(2): >>17517787 #>>17518188 #
8. janoc ◴[12 Jul 18 19:17 UTC] No.17517728{3}[source]
Well, that people don't do such things is not really the fault (nor problem) of the developer of that toy library, IMO.

Nobody else but you alone can ensure that your project is managed and developed properly.

9. jacquesm ◴[12 Jul 18 19:24 UTC] No.17517787{4}[source]
> And why isn't the young developer being mentored by someone more senior before introducing a new dependency into a business critical system?

Some critical assumptions:

- a more senior dev is available

- has time

- understand the system well enough to judge the impact

- is actually a better developer than the junior (in spite of being older / in the game longer)

> Why is what amounts to a clear project management failure the problem of some open source developer who has published their personal pet project?

It isn't, that was the point.

> If dependencies aren't reviewed before being used, how does such organization handle software license compliance (whether OSS or proprietary), for example?

Some critical assumptions:

- organizations keep a close eye on developers incorporating code under various licenses

- the people keeping an eye on that are qualified to make the calls

- the resources to keep an eye on this are available

> A clear cut case of trying to shift blame for own failings onto an unpaid volunteer that has helped to save the commercial developer time and money, IMO.

Sure. But that doesn't mean these things don't happen just about everywhere, many times per day.

It is rare to find a company where all of the assumptions labelled above are true all the time. And that's where the problem lies.

It's a clear case of there being no difference between theory and practice in theory but in practice there is, and rather a lot of it. Everybody knows in theory how software should be developed, but in practice hardly anybody actually does it that way. They're either out of time, options or qualifications (or all three) and they will do the job anyway.

That doesn't excuse it, but it does help you to understand it.

10. gaius ◴[12 Jul 18 19:33 UTC] No.17517858{3}[source]
Then explain nodejs and MongoDB existing in production systems?

Or did you forget the /s...

replies(1): >>17517882 #
11. jacquesm ◴[12 Jul 18 19:35 UTC] No.17517882{4}[source]
> Or did you forget the /s...

Yep. It's been a long day after a particularly long week. I will take a break from HN, too much on my mind. Thanks for the reminder.

replies(1): >>17518713 #
12. titanix2 ◴[12 Jul 18 19:37 UTC] No.17517913{3}[source]
No they aren’t. The code is open source anyway so if the dependency is important enough for your project, fork it. Or pay for support.
13. rhizome ◴[12 Jul 18 20:08 UTC] No.17518188{4}[source]
And why isn't the young developer being mentored by someone more senior before introducing a new dependency into a business critical system?

Because they're already the senior. CEO said it shouldn't be that hard, and besides, they only wanted to pay $40K/yr.

14. jstarfish ◴[12 Jul 18 20:27 UTC] No.17518331{3}[source]
It's a free product, not a child support obligation. Even if you do walk away, it's open source and can be maintained by anybody interested in stepping up. This is the price of adoption, not guaranteed updates for life from the creator.

But I get where you're coming from. It's even worse on Steam, where developers will actually collect money during the "early access" phase and then walk away once a (closed-source) tech demo is half-complete.

replies(1): >>17518396 #
15. Alex3917 ◴[12 Jul 18 20:38 UTC] No.17518396{4}[source]
> This is the price of adoption, not guaranteed updates for life from the creator.

I’m not saying anyone should be obligated to do free work. This issue is that most people don’t feel comfortable publishing a public fork without the blessing of the creator, or at least knowing the creator no longer intends to work on the project in the near future. So you end up with these situations where there are thousands of people running production systems with unmerged security patches because the creator can’t be bothered to spend 30 seconds to write a one sentence reply to an email.

Short of being in a coma, I consider that toxic behavior.

And just to be clear I’m taking about situations where there are lots of open PRs but no signs of life for months or years on end, not situations where the creator just went on vacation for a few weeks.

replies(1): >>17519628 #
16. gaius ◴[12 Jul 18 21:20 UTC] No.17518713{5}[source]
Have a great weekend, catch you on the flipside
17. lstodd ◴[13 Jul 18 00:07 UTC] No.17519628{5}[source]
eww, that's called entitlement.

no one promised you anything. you merged some code into your project. now deal with the consequences. be responsible for your work.

18. jstarfish ◴[13 Jul 18 00:18 UTC] No.17519660{3}[source]
By definition, they aren't though-- for the truly green, that extensive schooling comes from `npm/pip/gem install`ing random packages with implementations they don't understand or can't account for, then having to deal with the fallout in whatever form it chooses to manifest itself. Could be a maintainability nightmare, or it could be losing your job.

My advice to mentees is that if installing a package to achieve x saves (a significant amount of) time/money that outweighs the risks to self/company or has value added by means of product maturity or domain expertise, then by all means do not roll your own crypto, web framework, db connector or machine learning library. But if one is going to introduce dependencies on things as trivial as leftpad or someone's Show HN single-pass weekend hackathon proof-of-concept, they will soon learn why we don't bring toys to work.