Joan, my tone again made you unhappy. I feel it from your response, and I’m really sorry.
Anyway, the argument stands. Leaking CouchDB instance IPs to half-dozen places, and trusting that places because ‘what can go wrong, they are good guys’ is at least a strange attitude. And I still think that a newsfeed on subdomain should have its own favicon. Yes, it should. > Why didn't you bring this up sooner? I did, 2 month ago. > The absolute best way you could *HELP* address this is to code a fix. I have another CouchDB admin panel to maintain, sorry. And anyway, I think the button/iframe should be removed in favor of direct link to newsfeed at the bottom of left panel. ermouth чт, 27 авг. 2020 г. в 22:12, Joan Touzet <woh...@apache.org>: > This email stuck with me overnight, and I want to address why. ermouth, > your attitude in this email was poor, and I'd like to give you the > opportunity to revise it. > > On 2020-08-26 6:45 p.m., ermouth wrote: > >> The blog is controlled by the CouchDB PMC. No one outside of the PMC or > > who they authorize has access to it. > > > > This is about wordpress server where the blog lives. > > Why didn't you bring this up sooner? Why wait until now? This doesn't > give anyone the chance to address your concerns, and furthermore, comes > across as arguing in bad faith. > > > The server is > > maintained so impressively, > > Actually, it is. It's hosted at wordpress.org. I would expect them to do > the absolute best job of hosting WordPress, wouldn't you? > > > that shows default wordpress favicon for years > > Because it's run at wordpress.com. So what? I don't actually know if we > can customize the favicon there, but honestly, given they provide the > service to us for free, I have zero objections to them using the favicon > as a teeny tiny bit of advertising for another open source project. > > How is the presence or absence of a favicon any indication of whether or > not the server is being managed well? This is arguing in bad faith. > > > and responds with x-hacker header, promoting jobs aggregator. > > For the company that provides us with free blog hosting. > > The same thing is over at docs.couchdb.org for readthedocs.org, and no > one's ever complained about that - arguably, that site gets more clicks > than the blog does. > > > It implies an > > obvious question about how reliable is the server in terms of injections > > and logs protection. > > Now that you know the above, do you still want to make this argument? > > > Also the blog pings gravatar, not good. > > For its own content, yes. And I get that you don't want to leak the IP > address of standalone CouchDBs - that is a valid concern, to which two > options have been proposed. The absolute best way you could *HELP* > address this is to code a fix. > > > If you don't want to display it, don't click on it, and the iframe won't > > > > This is not how things are protected, and I know that you know about it. > > This isn't how you treat people who run the community you claim to > participate in. Nor is this the first time you've acted this way towards > *volunteer developers*. > > Kindly choose your words more carefully, and think ahead about how to > make a meaningful contribution here. Complaining endlessly is not > earning you any merit, and the tone you've taken actually does you a > disservice. If you push this attitude any farther, you're liable to end > up in people's killfiles / junk mail folders...or worse. > > -Joan "PMC hat on" Touzet >
