So @pixelfed still hasn't fully acknowledged nor fixed the security vulnerability from earlier this year, despite multiple people asking for updates over the past ~6 months.
-
@thisismissem @dansup @deadsuperhero all those words are great, and I align with many of them, but I still haven't seen anyone offer a PR for any of his projects.
Honestly, and I'm sorry to say, this is a step up or shut up situation.
"He created too much too quickly" really isn't aligned with any of the values many of us hold in the hopes of growth of the fediverse.
-
@chad @dansup @deadsuperhero he literally chased away all the people who wanted to contribute, like seriously, no other fedi dev had had a letter like this written: https://dansup-open-letter.github.io
Ask dan about how he works sometimes, because last I knew he tended to have thousands of untracked files where he was doing too many changes at once, but not finishing any of them or working in branches such that he could cleanly switch tasks — that's what leads to those massive "do all the things" merges.
If he hadn't chased others away from his projects it'd be a different matter.
-
@thisismissem @dansup @deadsuperhero this conversation has progressed to the point where I think Dan is owed an opportunity to weigh in.
-
@chad @dansup @deadsuperhero his repeated response to issues raised is "fake news" or "misinformation", when what's being said is easily provable. He is the marker of his current situation, and only he can do the work to rectify it.
-
@chad @thisismissem @dansup @deadsuperhero he's been tagged on this entire thread
-
@rey @thisismissem @dansup @deadsuperhero I'm aware. It's also 6am MDT.
-
@chad @thisismissem @dansup @deadsuperhero this thread started three days ago and he has, apparently, already responded to it
-
@rey @chad @dansup @deadsuperhero yes, and the only response has been an accusation of spread misinformation which was easily disproven
-
@thisismissem @rey @dansup @deadsuperhero I feel that given the overall careful discussion here, an accusation of misinformation is a great departure.
-
@thisismissem @chad @dansup @deadsuperhero why do they not create an alternative? This ia suppose to be the power of open source you can fork projects and create new wonderful things
-
@hiphopheaven @thisismissem @dansup @deadsuperhero there's no one stopping anyone from forking Dan's projects.
-
@chad @rey @dansup @deadsuperhero that was *his* accusation. Not mine. I then spent the time to review the changes, and was fully prepared to update as resolved, only, it wasn't & the changes where thousands of lines of unrelated code. I spent quite some time checking.
-
@chad @hiphopheaven @dansup @deadsuperhero it's hard when he'll actively fight against you, iirc, he got extremely mad when pixelfed-glitch was started, and threatened a trademark lawsuit. That probably killed that person's energy to work on it.
He also went after the developer of Vernissage a while back too, when they decided to do their own thing away from pixelfed.
Meanwhile he raises 100k for pixelfed, but it seems like all the energy is going into his other projects.
-
chad@mstdn.ca re: "step up or shut up", thisismissem@hachyderm.io has been (is currently?) a contributor for Pixelfed, and was the person responsible for the discovery, analysis, and responsible disclosure of the 10/10 severity vulnerability from last year.
She also provided best practice recommendations and guidance on remediation, all for free (there was no security fund back then, and Pixelfed has no bug bounty.)
For her to buck responsible disclosure practice (and even then she's being deliberately vague about the technical details) is a sign that someone is being stonewalled.
