the point of open source is to not own things but a lot of people still feel like they ought to
Conversation
They still own their work but they explicitly allowed people to use it for free for any purpose with a permissive license.
People choosing to use this chose to use a hobbyist project with no claim of being suitable for production use. License explicitly makes it their problem.
1
4
yes you have described the license structure of most open source
the spirit of open source is public ownership, and vandalizing stuff given your privileged position of owner is not in that spirit
1
7
The spirit of open source as a whole is definitely not public ownership / control. There's a small subset of open source software that's public domain software but not owning the copyright over it doesn't mean that someone doesn't own a certain repository developing the software.
1
1
this seems like is / ought
there is nothing, legally or practically, stopping a maintainer from doing this
I don't think that's the spirit of open source; the project can be easily forked and re-hosted but users weren't doing that because they trusted the ecosystem
1
2
Open source is making the source code available for anyone to use for any purpose even if that purpose is mass murdering people. The spirit of open source is devaluing labour so that corporations can build software more cheaply. This person didn't realize that getting into it.
1
It's their own fault they released they software under an open source license but I think most open source maintainers have felt this way at one point or another.
I don't really think they did anything particularly malicious or terrible. It wouldn't pass any basic smoke test.
2
how is intentionally breaking your users' projects not malicious
1
If you blindly update to new versions and deploy without testing, they did you a service by showing you that what you're doing is completely broken even if you do trust your dependencies. They didn't hide a backdoor or trap that triggers later. It just spams nonsense on loading.
1
1
you could say this to justify basically anything, is breaking apps really ok because they should have known better?
yes, they were trying to make a point and not steal data or whatever but it's still damaging even if all it does is break a log ingestor
1
I seriously doubt that they actually harmed anyone. They've been talking about it for over a year in advance:
news.ycombinator.com/item?id=250321
Software is not inherently good and I'm not convinced that breaking an arbitrary set of npm apps with zero testing before deployment is bad.
My sympathy is not really with some Amazon engineers who get paid 200k/year and couldn't even bother to test that their application loaded before deployment.
twitter.com/marak/status/1
I think there's probably only 1 person likely to get hurt from this and it's not their users.
This Tweet is unavailable.
1
1
Perhaps building an industry on the backs of hobbyists who aren't able to earn a living from their work is not a good idea. Seems pretty clear from github.com/sponsors/marak and elsewhere that they tried and failed to get an income from it and aren't doing well.
1
2
Show replies