So @pixelfed still hasn't fully acknowledged nor fixed the security vulnerability from earlier this year, despite multiple people asking for updates over the past ~6 months.
-
@thisismissem @dansup @deadsuperhero this conversation has progressed to the point where I think Dan is owed an opportunity to weigh in.
@chad @thisismissem @dansup @deadsuperhero he's been tagged on this entire thread
-
@chad @thisismissem @dansup @deadsuperhero he's been tagged on this entire thread
@rey @thisismissem @dansup @deadsuperhero I'm aware. It's also 6am MDT.
-
@rey @thisismissem @dansup @deadsuperhero I'm aware. It's also 6am MDT.
@chad @thisismissem @dansup @deadsuperhero this thread started three days ago and he has, apparently, already responded to it
-
@chad @thisismissem @dansup @deadsuperhero this thread started three days ago and he has, apparently, already responded to it
@rey @chad @dansup @deadsuperhero yes, and the only response has been an accusation of spread misinformation which was easily disproven
-
@rey @chad @dansup @deadsuperhero yes, and the only response has been an accusation of spread misinformation which was easily disproven
@thisismissem @rey @dansup @deadsuperhero I feel that given the overall careful discussion here, an accusation of misinformation is a great departure.
-
@chad @dansup @deadsuperhero If he's not actually doing the leading then that's a problem. Where are the people doing PRs? He chased them all off, I can think of at least 3 people that wanted to contribute actively to his projects and he pissed them off by being completely unpredictable to work with.
@thisismissem @chad @dansup @deadsuperhero why do they not create an alternative? This ia suppose to be the power of open source you can fork projects and create new wonderful things
-
@thisismissem @chad @dansup @deadsuperhero why do they not create an alternative? This ia suppose to be the power of open source you can fork projects and create new wonderful things
@hiphopheaven @thisismissem @dansup @deadsuperhero there's no one stopping anyone from forking Dan's projects.
-
@thisismissem @rey @dansup @deadsuperhero I feel that given the overall careful discussion here, an accusation of misinformation is a great departure.
@chad @rey @dansup @deadsuperhero that was *his* accusation. Not mine. I then spent the time to review the changes, and was fully prepared to update as resolved, only, it wasn't & the changes where thousands of lines of unrelated code. I spent quite some time checking.
-
@hiphopheaven @thisismissem @dansup @deadsuperhero there's no one stopping anyone from forking Dan's projects.
@chad @hiphopheaven @dansup @deadsuperhero it's hard when he'll actively fight against you, iirc, he got extremely mad when pixelfed-glitch was started, and threatened a trademark lawsuit. That probably killed that person's energy to work on it.
He also went after the developer of Vernissage a while back too, when they decided to do their own thing away from pixelfed.
Meanwhile he raises 100k for pixelfed, but it seems like all the energy is going into his other projects.
-
@thisismissem @dansup @deadsuperhero all those words are great, and I align with many of them, but I still haven't seen anyone offer a PR for any of his projects.
Honestly, and I'm sorry to say, this is a step up or shut up situation.
"He created too much too quickly" really isn't aligned with any of the values many of us hold in the hopes of growth of the fediverse.
chad@mstdn.ca re: “step up or shut up”, thisismissem@hachyderm.io has been (is currently?) a contributor for Pixelfed, and was the person responsible for the discovery, analysis, and responsible disclosure of the 10/10 severity vulnerability from last year.
She also provided best practice recommendations and guidance on remediation, all for free (there was no security fund back then, and Pixelfed has no bug bounty.)
For her to buck responsible disclosure practice (and even then she’s being deliberately vague about the technical details) is a sign that someone is being stonewalled.
