They supposedly can be disabled in settings- but we all know that won’t last. They’re going full Microsoft Skype mode and it’s only a matter of time.
They supposedly can be disabled in settings- but we all know that won’t last. They’re going full Microsoft Skype mode and it’s only a matter of time.
If there is one belief that I’ve held for long is that we Free Software would be in a better situation than it is today if we simply dropped the whole idea “community”, “done by amateurs” and “volunteers in their spare time” and really start treating the whole thing as a professional industry. This whole xz crisis further exacerbated this belief.
Almost everyone takes this work for granted and this is why is not properly valued. We should raise the bar at all levels: someone who wants to contribute in a project needs to show that they can deliver everything, maintainers should not accept “half-baked” proposals because “it is better than nothing”, developers should be more than comfortable sending a quote with a proper rate to someone that requests a feature.
And if those people don’t want to do any of that, then let go see how much the commercial alternative would cost them.
I get the frustration and there’s a lot of free software that is so vital to our modern way of life that it’s crazy that it’s always one dude in Nebraska maintaining it for the last 60 years for free as a hobby.
That said, I think you should consider the great landscape of dependencies and who the competition is.
For example, I’ve open sourced a bunch of things in my life and I have a library used to make testing more ergonomic. I worked very hard on it and I like it. There are other libraries that solve this problem to, I’m biased, but I like mine the best. I like when I can help people write higher quality software with nicer tests.
My “competition” isn’t commercial offerings it’s other free offerings. Now in the grand scheme of things, it doesn’t really matter if anyone ever uses the thing I wrote, but since I wrote it and put it out into the world I get to decide how I want to interact with the wider community of people that use it or might think about using it.
If I take a hardline stance, everyone has to be committed, but the right quality bars, do things the right way, etc. I’m free to do that. The most likely outcomes are two fold. One, I’ll have a very high quality thing to my standard. Two, probably not a lot of people are going to be using it because I’ve made it too hard to participate and they will go off and use an inferior solution. Again, if it solves my problem no big deal. But I might be missing out on someone that, if they had been allowed to participate more easily, could have made my thing better, faster, more secure.
So that’s the bargain. Do you have strict controls and limit your exposure to the good and bad out there in the open source community. Do you have lax controls and expose yourself to all the good and bad. Most maintainers end up shooting for the middle, open enough that good contributors can come and flourish but strict enough to keep bad contributors out. It’s a spectacularly difficult problem though, so I’m always happy to hear how other people think about it.