The Xz backdoor and a near miss on the F-Droid app store show how the entitled attitude of some people in the open source community can be used to push malicious or insecure code.
what? The community finds issues like the XZ one, and the devs say they won’t be able to fix it because they have less important things to work on instead.
Its not bullying the devs to point out to them the massive GDPR violations of their software and to give them hell for sweeping it under the rug and literally say they won’t do anything to fix it.
Its not bullying the devs to point out to them the massive GDPR violations of their software and to give them hell for sweeping it under the rug and literally say they won’t do anything to fix it.
It is. The data is in the DB and filesystem and can be manually removed. Having a button that does it is a convenience. It’s the instance operator who will be in trouble if they don’t. The code is provided with a license that literally says
THERE IS NO WARRANTY FOR THE PROGRAM
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES
You are using it and/or hosting it at your own peril.
And the devs said this
So there is no legal nor moral responsibility to implement any features that you personally want. However you are free to:
Implement the feature yourself
Pay someone else to implement it
Stop using Lemmy and use one of countless alternative platforms instead
Then the fediverse erupted and made blog posts, toots, @'ed the devs directly, etc.
Also Open Source Maintainers Owe You Nothing. Interalise that. They owe use fucking nothing - except maybe the respect we show them and if none is shown, they don’t owe any respect back.
what? The community finds issues like the XZ one, and the devs say they won’t be able to fix it because they have less important things to work on instead.
Its not bullying the devs to point out to them the massive GDPR violations of their software and to give them hell for sweeping it under the rug and literally say they won’t do anything to fix it.
I believe this is the article you refer to
https://wedistribute.org/2024/03/lemmy-image-problem/
Its pretty spot-on.
It is. The data is in the DB and filesystem and can be manually removed. Having a button that does it is a convenience. It’s the instance operator who will be in trouble if they don’t. The code is provided with a license that literally says
You are using it and/or hosting it at your own peril.
And the devs said this
Then the fediverse erupted and made blog posts, toots, @'ed the devs directly, etc.
Also Open Source Maintainers Owe You Nothing. Interalise that. They owe use fucking nothing - except maybe the respect we show them and if none is shown, they don’t owe any respect back.
Anti Commercial AI thingy
CC BY-NC-SA 4.0
This is literally the same argument that reddit took.
This argument would be no use to reddit since they are the “instance operator” in that case.