On 9/14/19 1:06 PM, Alec Warner wrote: > > - There appears to be some expectation that consensus is required on > the ML; this has (IMHO) never been true. The 'decider' for what to do > isn't the mailing list (by GLEP, it's the council). So this idea that > you can object on the ML and stop a thing isn't really something I'd be > counting on. Sometimes you convince the OP, and sometimes you don't. I > don't think you need to walk away sad when the latter happens. >
I'm not going to cry about it or anything. I'm trying to explain my point of view. I regularly spend hours fixing little "quality of life" issues in Gentoo. It's not fun, and I wouldn't do it if I didn't think it was possible to make a difference. But things like this give impression that nobody cares, and that any time you spend trying to fix things is wasted: someone's going to be adding new bugs faster than you can fix the old ones. It's like trying to paint a mural that gets spray-painted over every night. Eventually the artist is going to decide that the people who live there deserve to look at the side of an abandoned building all day. I've filed ~100 bugs for minor security issues, like root exploits in config files, user-controlled binaries in /usr/bin, and race conditions in init scripts. But who actually gives a fuck about a race condition in an init script, when there are parts of the tree that get no security updates at all? It takes YEARS to find, report, and fix a single one of these issues. How long does it take to add a new Go package? It starts to feel like a losing battle. And I'm not throwing in the towel yet, but every time I essentially get told "nobody cares," I agree with this nobody person more and more.
