Half that shit is for normgroids
I've never used redhat and i never will. there once was a guy in radare2, who works at redhat. He left the project in 2019, everything he did was awful, we're still stumbling over shitty code that he committed, that is causing problems today. I won't use a distro from a company who hired this guy.
or the xscreensaver thing, where debian decided to patch away a warning, that told the user that the installed version of xscreensaver is very old and that they should update
debian shipping outdated packages has proven to be harmful for devs and a security risk for it's users
@condret
> debian maintainers have the hybris to patch packages, because they believer they know better than the devs
And that is a good thing, because software developers often assume that you want new features when you only want security updates. Updating is fine and dandy until things start breaking as a result. Backporting security fixes if good, I wish it was still more common, sadly it isn't anymore.
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
and this is why i completly ignore bugreports from debian and ubuntu users. luckily debian-stable stopped packaging r2, but even debian-unstable still does and it's 2 releases behind. That on would be own is ok, if they didn't patch our code. i will not waste my time checking if a bug was caused by a debian maintainer not know what they are doing.
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
That's what you should always be doing, not for Debian, but in general, end users should never report problems upstream, that's what they have their distro's maintainers for — if they decide that it's indeed a problem with software and not their build of it, they report it further upstream 🤷
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
"Hello, I'd like to report a problem: I have this binary that someone else has built for me and it does not work",— WTF is this shit? They won't even be able to tell you how to reproduce the problem even if they tried really hard: they simply don't know what flags the software was built with.
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
> distros should pack our stuff without modifications
No, just no! I probably won't be able to use half of the stuff I use with such an approach: systemd dependency, musl incompatibilities and so on — all of this has to be patched to work well with the distro's base system.
And there is nothing wrong with back-porting security patches — because I don't want those coming bundled with 5 new bugs or incompatibilities.
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
Free software devs are not "licensing out" their stuff — they shouldn't have control over how others use it, nor they should provide support for binaries built with modifications.
End user reports the issue to the package maintainer, who in turn checks if it's a problem with their modifications/configuration or an upstream bug, and acts accordingly — that is how it used to be and I don't see what was wrong with that.
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
Entrusting the upstream developer with security fixes is a horrible idea: you update the package to get a fix for the new exploit only to find out that UI has changed, or config file format — because it was a good idea that happened to coincide with the security fix, and now you have to waste time on fixing your configs — no, thank you! There are exceptions, but in general… Fuck this! It's like building on quicksand.
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@get
How is making my point worse than the usual exchange of such original opinions as:
— Ubuntu bad
— It's only bad if you're unemployed and have all the time in the world on your hands
If notifications annoy you, I can unmention you, but you can fix this yourself as well — by muting the thread 🤷
@Forestofenchantment @Suiseiseki @nyanide @sysrq @enigmatico @condret
distro maintainers don't know what they are doing. for debian at some point they refused so adamantly to update, that we had a "pwn debian r2" challenge, where people could win a price to find the most severe security vuln, so we could pressure debian to update.
debian lost it's justification to exist a decade ago. most opensource software got so stable, that there is no need to hold back patches.
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@sun @Forestofenchantment @m0xee @enigmatico @sysrq @condret @Suiseiseki @nyanide @get you have a macbook, you've freed yourself from having to run linux!
@condret
Don't get me wrong, I'm not defending Debian in particular, like I said, there are exceptions: there are online APIs, there are lazy package maintainers… But I still find the approach of following upstream's footsteps closely fundamentally flawed. For every lazy maintainer there is an out-of-his-mind developer. Remember that time when Element Web got broken in Firefox ESR?
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
And the justification was: there is this new serialiser in JS that I'd like to use, so you guys have to update FF — WTF?! 🤯
They have backtracked on it, but only because this case got a bad publicity.
Software indeed got stable, but feature creep got so much worse, and it's not about free software only — proprietary paid-for software became like that too!
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
"We've changed the APIs so you can no longer use older version of the client, but we've also revamped the UI and you have to learn using our software again — we've also removed a couple of features you might've used while we we're at it, tehe😊"
This being stuck in a permanent feature update loop is the single thing I absolutely loathe about modern tech. Instead of using the software you have to start servicing it.
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
It gets so bad: you can buy a book on some technology/library/programming language published just 2 years ago and it's already part-irrelevant. If security updates would keep getting abused to push features, I expect people to stop updating and we get botnets again.
Providing updates for 2-3 major versions was a good practice — free software devs of course don't have the luxury to do it, but distros can and IMO should!
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
distros should pack our stuff without modifications, otherwise we cannot ensure the api works as intended
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico