Saturday 8 September 2018

Ridiculous unusable download URLs for open source projects

I told myself (and everyone I know) that I wouldn't write another blog post until I moved the blog off Google Blogger, but I can't stay silent on this issue.

UPower, the open source power management software used on Linux (and I believe the *BSD family), has recently changed their download URLs. As the lead of Adélie Linux, I personally maintain a significant chunk of "core" desktop experience packages. We consider UPower to be one of those, because it is important to conserve energy whenever possible.

Today I was notified by Repology that UPower was out of date in Adélie. No big deal, I'll just bump it:

>>> upower: Fetching https://upower.freedesktop.org/releases/upower-0.99.8.tar.xz curl: (22) The requested URL returned error: 404 Not Found

"Hmm", I wondered to myself, "maybe this is a git snapshot package someone uploaded". It turns out it wasn't; Debian, Arch, and Fedora are all shipping 0.99.8 now. What gives?

I looked at Debian's packaging first, since they typically have a good hold on stability. I didn't even understand the change, though, so I looked up Exherbo's packaging and was horrified.

Instead of a simple URL, they are now using a GitLab Upload URL which contains an SHA-1 hash in the URL. That means all of our bump scripts can't work any more. Instead of simply typing a single abump command, for every release of UPower I will now have to:

  1. Open their GitLab instance in a Web browser, which isn't even installed on any of the staging computers to minimise security hazards:
  2. Wait for all the JavaScript and miscellaneous crap to load;
  3. Context-click the link for the UPower tarball;
  4. Copy the link;
  5. Connect to our staging system remotely from a computer with a Web browser installed;
  6. Open vim on the APKBUILD file for UPower;
  7. Paste the link into the source= line, replacing what is already there;
  8. And then run abuild checksum manually to update the sha512sum in the file.

WHY!? fd.o people, please, out of respect for us packagers that want to give your software to the people who need it, please use your /releases/ directory again!

Monday 19 February 2018

Poorly-worded codes of conduct

Below is the actual text (minus personally identifying information) that I have sent to the FreeBSD team for consideration.

To: conduct@freebsd.org
From: A. Wilcox
Subject: Violation
Date: Mon, 19 Feb 2018 22:20:21 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

Hello FreeBSD team,


My name:
A. Wilcox
[alt emails redacted]


Names of those involved:
A. Wilcox
IRC nicks: [redacted]


When and where the incident occurred:
2014-2016 on IRC, possibly 2017 in email traffic


Your account of what occurred:
I hugged a great many people.  Some were group hugs of celebration (we
fixed a bug!  *hugs*).  Some were hugs of consolation, like the loss of
a loved one.  Some were hugs to and from those I had not communicated
with in a great number of years.

There may have been some on mailing lists as well.  I am not very sure,
as that is not typically something I do on mailing lists (it is more of
a live / chat thing), but it is possible.  Likely, even, if you include
private traffic between me and some of the regulars that used to hang
out together all the time.


Any extra context:
This CoC is demeaning and insensitive to people like me who have
emotional disabilities and need to give and receive hugs (at least
virtually) to feel better, and has a chilling effect on discussion due
to poorly defined word choices.

For instance: why does it only ban "gratuitous" sexual images, but
typing a hug is an immediate violation?

Are truthful comments between two people that care that maybe they
should live a healthier lifestyle "unwelcome"?  I had a very long and
blunt talk with someone on IRC about their drug use, and they are now
years sober partially due to that "unwelcome" discussion.

In addition, making so many explicit bullet-points invites rule
lawyering, trolling about what is and is not a rule violation, and
leaves so many things up to interpretation as to be unhelpful.

I wish to be banned from this community so I am not tempted to
contribute to it again, as the CoC is almost as toxic as the behaviour
it is trying to prevent.


Is the incident ongoing:
Until the CoC is rewritten; yes.


Any other information you should have:
Yes, better CoCs that are not offensive, insensitive, demoralising, or
demeaning:

* https://www.djangoproject.com/conduct/

* https://www.alpinelinux.org/community/code-of-conduct.html


Sincerely,
--arw

--
A. Wilcox (awilfox)