Filippo Valsorda
When I talk about professionalizing open source maintenance, and about the Geomys Standard of Care, this is what it is about.
The solution is neither gatekeeping nor blanket legal liability nor making demands of volunteers. The solution is relying on, and funding, professionals.
Rich Felker
@filippo Holy shit, WTF? Maintainer just handing over control/keys to a rando who volunteers to maintain it, putting everyone who trusted them in danger?? If you don't want to maintain it, delete your keys, tell users that, and let them make a choice to switch to a new maintainer's fork.
Rich Felker
@filippo I disagree strongly with "professionals" being the solution tho. It's completely reasonable to use a program someone makes as a hobby or labor of love.
The crime here is Google making an automated-update system users are pressured or forced into where ownership of the project can be transfered and updates pushed to users by the new owner.
Rich Felker
@filippo A responsible walled garden app store policy would include in its developer ToS a clause that you cannot transfer ownership without long-term advance notice to users which has to be submitted to the app store, displayed to the user as a prominent warning, and disable further updates unless the user opts in to continuing with the new owner.
Attempt to transfer secretly without following this procedure should result in termination of developer account, and removal (along with marking as malware) of any versions published after the transfer.
Rich Felker
@filippo They won't do this, and the reason they won't is that the "freedom" to transfer ownership of anything without the permission of anyone affected by it is a CORE TENET OF CAPITALISM and part of what makes their whole platform valuable.
The vast majority of parties publishing junk in the walled garden app stores are doing it with the intent to build a big userbase then cash out selling it to someone who's going to use it to do harm to said userbase.
Rich Felker
@pozorvlak @filippo There is really no such urgency for the vast, vast majority of things. It can still go through the same type of procedure marking that ownership is transferring in the app store and switching updates to manual.
Pozorvlak
@dalias @filippo you need a procedure for transferring ownership in the event of the sudden death or incapacitation of the original maintainer.
Rich Felker
@pozorvlak @filippo No, the vast majority actually cannot. Any app that's only dealing with local data has no attack surface. An app that's just a frontend to a particular cloud service and that isn't e2ee has no attack surface except from the cloud service provider (usually the same as the app provider). Only things like browsers, email clients, e2ee chat, etc. have *any urgency whatsoever* to get updates.
Pozorvlak
@dalias @filippo on the contrary, nearly any app can need security updates applied in a hurry.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.