@condret
> debian maintainers have the hybris to patch packages, because they believer they know better than the devs
And that is a good thing, because software developers often assume that you want new features when you only want security updates. Updating is fine and dandy until things start breaking as a result. Backporting security fixes if good, I wish it was still more common, sadly it isn't anymore.
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
That's what you should always be doing, not for Debian, but in general, end users should never report problems upstream, that's what they have their distro's maintainers for — if they decide that it's indeed a problem with software and not their build of it, they report it further upstream 🤷
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
"Hello, I'd like to report a problem: I have this binary that someone else has built for me and it does not work",— WTF is this shit? They won't even be able to tell you how to reproduce the problem even if they tried really hard: they simply don't know what flags the software was built with.
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
> distros should pack our stuff without modifications
No, just no! I probably won't be able to use half of the stuff I use with such an approach: systemd dependency, musl incompatibilities and so on — all of this has to be patched to work well with the distro's base system.
And there is nothing wrong with back-porting security patches — because I don't want those coming bundled with 5 new bugs or incompatibilities.
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
Entrusting the upstream developer with security fixes is a horrible idea: you update the package to get a fix for the new exploit only to find out that UI has changed, or config file format — because it was a good idea that happened to coincide with the security fix, and now you have to waste time on fixing your configs — no, thank you! There are exceptions, but in general… Fuck this! It's like building on quicksand.
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@get
How is making my point worse than the usual exchange of such original opinions as:
— Ubuntu bad
— It's only bad if you're unemployed and have all the time in the world on your hands
If notifications annoy you, I can unmention you, but you can fix this yourself as well — by muting the thread 🤷
@Forestofenchantment @Suiseiseki @nyanide @sysrq @enigmatico @condret
@sun @Forestofenchantment @m0xee @enigmatico @sysrq @condret @Suiseiseki @nyanide @get you have a macbook, you've freed yourself from having to run linux!
@condret
Don't get me wrong, I'm not defending Debian in particular, like I said, there are exceptions: there are online APIs, there are lazy package maintainers… But I still find the approach of following upstream's footsteps closely fundamentally flawed. For every lazy maintainer there is an out-of-his-mind developer. Remember that time when Element Web got broken in Firefox ESR?
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
And the justification was: there is this new serialiser in JS that I'd like to use, so you guys have to update FF — WTF?! 🤯
They have backtracked on it, but only because this case got a bad publicity.
Software indeed got stable, but feature creep got so much worse, and it's not about free software only — proprietary paid-for software became like that too!
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
"We've changed the APIs so you can no longer use older version of the client, but we've also revamped the UI and you have to learn using our software again — we've also removed a couple of features you might've used while we we're at it, tehe😊"
This being stuck in a permanent feature update loop is the single thing I absolutely loathe about modern tech. Instead of using the software you have to start servicing it.
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@condret
It gets so bad: you can buy a book on some technology/library/programming language published just 2 years ago and it's already part-irrelevant. If security updates would keep getting abused to push features, I expect people to stop updating and we get botnets again.
Providing updates for 2-3 major versions was a good practice — free software devs of course don't have the luxury to do it, but distros can and IMO should!
@Forestofenchantment @get @Suiseiseki @nyanide @sysrq @enigmatico
@get
Look, thread mute button — it's right there… or are you what they call a tsundere and just want attention? 😏
@Forestofenchantment @Suiseiseki @nyanide @sysrq @enigmatico @condret
@condret
No, it's not what this means. First and foremost, I'm my computer's user, not its serviceman. There is a reasonable amount of effort I'm willing to put into keeping it in shape. If "features" that come with updates bring more trouble than possible security vulnerabilities — fuck updates! Cost-benefit works in exact same way everywhere.
@Forestofenchantment @Suiseiseki @nyanide @sysrq @enigmatico
@condret
This is why I'm no longer using Gentoo — not because it's particularly hard, flexibility is of course cool, but the amount of time and effort you have to put into it is disproportionate as with Gentoo you are taking maintainer's job. I'm not using Debian for other reasons, but distros like that are okay, not having latest versions of software at the cost of lower maintenance is okay.
@Forestofenchantment @Suiseiseki @nyanide @sysrq @enigmatico