←back to thread

189 points udev4096 | 1 comments | | HN request time: 0.208s | source
Show context
mickael-kerjean ◴[] No.42136723[source]
What if instead of publicly blaming an OSS product, you try to get a support contract with some of the engineers behind it? If your company is too cheap for that, maybe a PR would have been nice?

Having very high expectations when using the software without contributing anything else than public shaming on something that clearly state in the license: "Licensor provides the Work ... WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND" shouldn't be ok, this is quite literally how you make open source developer to burn out

replies(7): >>42136837 #>>42136872 #>>42136966 #>>42137033 #>>42137338 #>>42137517 #>>42137650 #
tgsovlerkhgsel ◴[] No.42137517[source]
Regardless of whether it's a project run by a big company or a guy in a shed, a security-critical project not fixing critical vulns for 10 months is an important bit of information when judging whether you should use it.

It doesn't really matter whether it's someone's fault, or wrong, or whatever - what matters for the user is that using the project is likely unsafe. Sharing that information is a public service.

replies(2): >>42138927 #>>42139571 #
hinkley ◴[] No.42138927[source]
The number of software engineers who either don’t understand social contracts or only understand them when it benefits them to do so is frankly appalling.

You said you’re going to do something and now people depend on you having done it. Volunteer organizations fall apart if they can’t trust each other.

replies(2): >>42139573 #>>42142589 #
1. water-data-dude ◴[] No.42142589[source]
This blog post is from another domain, writing, but it’s stuck with me over the years and colored how I see things like open source projects:

https://journal.neilgaiman.com/2009/05/entitlement-issues.ht...