Really seems like you need to respect the author’s wishes here, but the tension between author and community can get complicated with FOSS. Open source is a contract with your audience that the code can be used freely. Authors gain their audience because of that contract, so there’s some obligation for them to respect that. That said, respect flows both ways, and I’ve had FOSS code get repackaged to steal credit which feels like just as much of a violation. (That’s not the issue here but it touches on the same challenge.)
There’s no silver bullet. Sometimes things just don’t work out right and you need to fork or make an alternative. I’d personally lean towards making an alternative in this case, if it’s possible.
The author’s contractual wishes are specified there. It’s fine for an author to have additional, non-contractual wishes. (Legally, it’s equally fine for someone to follow or not follow those additional wishes.)
Unless your non-contractual wishes are directly contradictory to your contractually stated wishes, and you actively harass the maintainers of a project that very politely choose to decline your non-contractual wishes.
To be fair, you should not have used "legally" in the sentence above. So there's the license, there's the author's wish, and there's the other party's wish, and both wishes are equally valid, they don't have to agree at all, what matters is the license.
I can’t comment on the legal issues but AFAIK you can change licenses with future releases, not retroactively, so while you might be right, software requires support and losing future releases is often close to losing the software entirely.
On the non-legal side, there’s still a much broader issue of being good members of a community. We do, in fact, live in a society.
"As the author of the package that is being re-packaged here. I'm against it being repacked into here.
While licensing wise I cannot stop you, I do hope you can honor my request.
Thank you for considering respecting the author's wishes."
It seems more like a matter of respect than a matter of law.
The Nix maintainers asked very nicely whether there was a specific reason and whether they could work with the author to solved it. The author just said "no, just don't include my stuff", which he technically didn't have the right to say after releasing the code as FOSS.
You can't demand respect from the Nix folks after disrespecting them by telling them to do something "just because".
Honestly, I think the best solution in this case is to fork his repo from a version still under the MIT license and work with home-automation to replace their dependency.
> this is a case of two FOSS communities with irreconcilable differences
If the HA community's stance goes on to be made official (for now it's informal forum posts, albeit from senior maintainers), I would argue this is then a case of one FOSS community (Nix) having irreconcilable differences with the community of a proprietary software project falsely advertised as FOSS.
If you follow the thread all the way down (and elsewhere, e.g. HA & Fedora communities), you'll see that the author does not seem to truly hold to his own statement that he "cannot stop [them]", and proceeds to attempt to bully them into compliance (despite many efforts by them to come to a compromise that may suit him)
While I don't disagree with you, the problem the author is saying is that end users don't realize that, and contact the author directly even when they are using an out-of-date package from a distribution, and the author doesn't have an immediate way to determine whether the problem is with their code at the version they released, or an older packaged version.
While it's technically true that a free software author owes nothing to any of their users, it's a legitimate problem that there's no good way to selectively offer help and support to those getting the software directly but not to those getting it from a package.
It used to be that distro users did indeed open bugs against their distro, and then the distro package maintainer would triage them and forward them upstream as necessary.
I don't know when precisely that stopped happening. Perhaps when OSS became more commonly hosted on sites like GitHub that have more easily-approachable issue trackers, users became more savvy about talking to upstream directly.
The project could have pinned the version and downloaded from pypi rather than repackaging.
This isn’t a situation of “can do” it was “is it nice to do.”
And the author mentioned that he’s changing the license to prevent it so it no longer becomes possible legally.
I typically don’t like authors demanding stuff outside their license, but this started as a simple technical/community request to not do something dumb and escalated.
That is not quite right. NixOS can download files from the internet during build time for example to get the source code and you can even disable downloading things form the cache. It would be technically possible to download files at runtime but that does not align well with the reproducible goal and would also require some hacky patching.
As the author says, that can be fixed with a relicensing.
Just because you're legally entitled to be a pain doesn't mean this leads to good things. If the source owner has a polite request, honoring that is usually the best course of action, independent of what the law says. (Ask people who thought image hotlinking was OK even against requests, and how goatse looked on their page)
"It's legal" doesn't mean that it's decent behavior.
He's complaining about a support burden, and near as I can tell, his repository has literally zero issues on his GitHub issue tracker as of this writing, so the corpus of nixos users who have submitted issues is exactly, well, zero.
I'm not exactly sure who's being a "pain" in this case outside of the potential future concern that someone might wrongly blame him for package failures via nixos which is packaging it as an upstream dependency of home-automation.
I think I'd be more concerned about the latter's users!
> As the author says, that can be fixed with a relicensing.
But he cannot retroactively remove MIT license. Changing license will only affect newer versions afterwards.
> If the source owner has a polite request
If this is your definition of polite so be it. I think it's quite unfriendly. Asked for a valid reason he basically says "because I want it".
If he want's them to remove it even though they have the right to use it he should at least explain why (or not publish MIT in the first place). His only argument is that he will get support requests, but he could just ignore them...
There is no obligation: legal, interpersonal, or otherwise.
Only the license terms that the software is released under matter.
Most FOSS licenses include disclaimers like: "THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE."
If you did not pay the author for support, they do not owe you anything.
If they choose to provide support or fix reported bugs, that is their choice.
The NixOS team can use the code regardless of the developer's wishes if the license allows it.
If the developer chooses to not support the software on NixOS or change the license, that is their choice.
FYI that clause is void in civil law (most of Europe), you cannot waive away responsibility.
Additionally, the license is a contract (license don't exist as a separate category like in the US), the "[...] WHETHER IN AN ACTION OF CONTRACT" is particularly misplaced.
> Do you have a reference or, more preferably, casserole to share on this point?
Are you by any chance a Firefox user and you have auto-correct enabled?
I'm guessing that because of "casserole", which is what Firefox corrects to if you accidentally double the 's' in 'caselaw'. Chrome goes for "casual", and Safari goes for "caselaw".
Revoked in the way of changing the license for future releases, he can't retroactively remove the MIT license from previous releases. Revocation isn't the ideal way to frame this.
Yes, he can, because of the way contract law works.
In order for a contract to be valid, and enforceable on both sides, there has to be an offer, acceptance, and consideration. No consideration (payment), no contract, and the open source license reverts to what is known in law as a bare license. Bare licenses can be revoked at any time, at will, by the licensor, regardless of any promises made by the licensor to respect the license in perpetuity. (You can always tell a squatter to leave your property, regardless of how permissive you've been in the past.) This includes revoking the license to software downloaded under an open source license for which the licensee has given no consideration.
I don’t think its as simple as respect the authors wishes. You are participating in a large OS ecosystem as soon as you become a dependency of another project. Most people don’t care about the package in this case and just want the package that is using it.
The author is additionally being intentionally dense and inflammatory. They are unlikely to get their way acting like this instead of trying to find a compromise as others are trying to do.
Dependencies make this such an interesting challenge. What do you do when a library that’s upstream of 1000 packages with 1000 different authors… goes “rogue?” The friction of forking increases with each downstream you have to coordinate
> You are participating in a large OS ecosystem as soon as you become a dependency of another project.
It also seems the author wrote this library specifically to be included in Home assistant (since HA only allows glue code to be included in the core and keep the implementation specific parts in dependencies) and does a lot of HA development. So he knew what he was getting into. It's not like he's library was added by someone else and he will now be overwhelmed by all the additional NixOS users. His requests to not repackage his code because of the support burden seems a little moot to me.
> so there’s some obligation for them to respect that.
There is ZERO obligation for an OSS author. Nothing, zilch. It is NICE to respect requests or help with issues you don't care about, but clearly not required when you are working on something FOR FREE.
> (That’s not the issue here but it touches on the same challenge.)
I don't think so. The "problem" here is that the author doesn't want nixos to repackage his library because he's concerned about a "support burden" imposed, presumably, by nixos users who might get confused and report issues to him instead of the packager. I can vaguely understand where he's coming from, but being as his library in question[1] doesn't even have a single issue submitted, I can't help but feel that the "support burden" is either a consequence of paranoia or an excuse to have his sources pulled from nixos.
Worse, his package is being pulled--if I'm not mistaken--as a dependency of home-automation. So this is a totally different issue than yours.
As the sibling poster said, once you license something under a FOSS license, your intentions are pretty clear. If you don't want that to happen, pick a different (non-free?) license. Saying "this is open source, but I don't want $CLASS_OF_USER using it" no longer makes it open source by definition and thus no longer a free license.
His solution is to release a new version distributed under a license denying repackaging of his code, which is one solution, but that's almost certainly going to cause his package to get forked from an earlier version (under MIT) or dropped from home-automation.
Either way, this issue is going to get resolved, and I suspect it'll be resolved in a way he doesn't like. This should be a warning to anyone distributing under FOSS licenses: If you're squeamish about any vague possibility that someone, somewhere, might--maybe--post an issue on your issue tracker that has something to do with a use case you didn't plan, then you really ought to not distribute it under a FOSS license.
Some of the NixOS people tried asking (in, admittedly, a somewhat escalatory and inflammatory way) on the HA forums: the HA founder closed (and hid) the thread, so I don't think they (or Nabu Casa) really care if their deps are OSS or not.
It's worth pointing out that for the time being, all of frenck's packages are still MIT, so there's no current danger. It's totally reasonable (IMO) to request things as a OSS developer that aren't technically license requirements, but equally there's not much you can do if the answer to that is "no" and the use is in the scope of the license.
I've seen a similar situation when Ansible were resolving issues with Jinja2 but Ansible contributors simply helped the Jinja contributors to resolve the issue. It wasn't like all the burden was put on the jinja project.
Now those are two very active projects but what I mean is that no one is forcing the author of the repackaged code to support anyone he does not have time to support. If they want support they can ask the nixos project maintainers for it.
It still takes effort to sort support requests into those he wants to handle and those he doesn't. If he thinks that the manner in which is work is being used is going to bury him with requests, whether he takes them or not, it makes sense to try to avoid the situation altogether.
I don't think there's a way to actually do that with an open source project though.
I think he’s so focused on time management (from his about page), that he is catastrophizing about the future. He also clearly wants the fame from having a library in Home Automation, but doesn’t want to provide any support.
He is a paid Home Assistant core developer. (Hired by the company the project's founder created to generate sustainable income for developing the project by offering optional value-add services).
This library was written specifically to be used in Home Assistant, as per project policy the code that interfaces with devices needs to live in a separate python package. So there is no real fame to be had from this particular package.
He surely sees this repackaging as a source of potential headaches. If the nix folks could convince him that the package would never contain modified code (no no untested/unsupportable modifications), and further that the home-assistant package in nix would always use exactly the version specified upstream (so no version mismatch concerns), he would likely be less opposed.
Unfortunately the latter is very much not true right now.
I mean, if it's written 100% for HA out of the gate as part of his employment by NC, why wouldn't it just live under a namespace for HA instead of a personal namespace. Using a personal namespace is about building a personal brand at that point.
> If the nix folks could convince him that the package would never contain modified code (no no untested/unsupportable modifications), and further that the home-assistant package in nix would always use exactly the version specified upstream (so no version mismatch concerns), he would likely be less opposed.
They did everything possible to try to convince him but he had his ears closed and refused to listen.
> Unfortunately the latter is very much not true right now.
Seems like an author that doesn't understand the spirit of FOSS. The nixos team was clearly allowed to use it and include it when asking for some technical merits as to why, and even offering many alternative options to appease the author the author seemed to just childishly stamp their feet and say, "because I said so". Eventually the author took the position of "taking my ball and going home". Why is a person like this even engaged in FOSS if they don't have a desire to share or even engage in a reasoned discussion?
He doesn’t understand the letter of OSS either. Limiting who can distribute a project means it no longer meets the Open Source Definition and is therefore not OSS.
And later he states "Unfortunately, you are wrong there. I will explicitly and publicly list parties that are allowed distribution in the license and allow for requesting distribution requests."
The "fine article" always contains the correct bits.
In that context he was talking about for future releases of the project, if the others in that thread forked the project right this minute, it would still be MIT.
He later says he will relicense it so only specific projects can use his code. I think that would likely invalidate their own licenses, so I'm not sure how that would work.
It's being added as a dependency to home assistant, a popular package, so they are pretty much between a rock and a hard place. Ultimately, if the author of the code doesn't want it redistributed by distributions, I assume home assistant will have to remove it from upstream. It might be good for someone to raise the flag with home assistant since this is apparently becoming a point of contention with two different distros now.
This is unfortunate, but I suppose it joins the growing list of open source things that I have to avoid because I don't want to support behavior that's hostile/antithetical to the health of the open source ecosystem. It's a damn shame, but nothing new.
This is a subdependency of a larger project (homeassistant) so doing so would involve nix maintaining an entirely separate fork of homeassistant, which is a completely unviable ask.
The author's conduct in that thread is certainly not what I'd call "acting as the bigger person".
If they were serious about their request they'd be looking into having the homeassistant guys removing it, or PRing to homeassistant. Or changing the license to make it closed source.
From looking at the ambee repo the license appears to still be MIT; can't see any relicensing anywhere.
(And actually, as has been mentioned elsewhere, it seems like it wouldn't be possible for him to relicense in reality as the package is explicitly developed for homeassistant and as such would need to comply with homeassistant's licensing to be included as a dependency of it)
What you're describing would be to comply with what are effectively shadow terms in an apparent open source license, which is not something that should be tolerated as it makes a farce of the whole purpose of licenses.
It seems like the reason is (paraphrasing) "because I can't meet the resulting burden of support."
which is something I haven't really seen anything in the open source world manage, though that might be because I'm not much of a contributor. What happens if a utility explodes in usage and the author can no longer effectively support it as a result of being buried in overhead?
Are there any mechanisms for limiting how much of one's life an author signs away to their project (without feeling compelled to grow an operation) while still retaining an Open Source designation?
Sometimes when a package gets very popular other people step up to help, or take over. Other times the maintainer has a mental breakdown or just disappears.
> Sometimes when a package gets very popular other people step up to help, or take over. Other times the maintainer has a mental breakdown or just disappears.
It sounds like this author is looking for a third option, one that doesn't involve people management (1) or ghosting (2), and as far as I can tell, no mechanism for this exists that doesn't violate the current tenets of open source.
Correct. There's basically nothing in either the mechanics of open source nor the dominant open-source philosophies that says "We need to be able to throttle use of the software to provide good user experience."
A direct consequence of open source is that the good user experience burden falls to the consumer, not the producer. If someone wants control over the user experience, they want a closed-source model.
> Would you be happier if we forked your upstream source to provide our own, or provided a similar Python package with an identical API that we can use as a drop-in replacement?
Wouldn’t this remove the burden of support from the author? Or it might be that I don’t understand exactly their proposal.
How would they even know to ask upstream for support, rather than the fork? If you use package bar and have a problem, you would have to do a lot of digging to even find original progject foo and ask them for help (which wouldn't even make sense since it's a separate thing)
I guess that depends on how users go about finding projects on github to file issues. If, for example, the user has an issue with this NixOS package (or debian package/any other repackaged example), and they start by just searching "python ambee github" or "Home Assistant ambee github" (seems like a reasonable first attempt to me) they will likely find the upstream near the top of the results.
Now, some users will perform due diligence and maybe find the NixOS issue referenced in OP and look elsewhere, but many will find the project and immediately file an issue there in the upstream, leading to the author's main concern of "I don't have time to support NixOS issues".
Ah I think you might be right with this case where someone will just google that. I am not doing that but prefer to go to the package manager list find there there the project URL.
I was thinking that people will do the same or else how will they know if the github repository returned from search results is truly the one installed?
I am not using NixOS but in general every package manager links to the project homepage let’s say (or name of the project which for example in a GitHub fork is clearly different than the original) which in this case would be the fork.
So for example if this will be the case with a package I use I will report the bug to the fork because the package manager showed me their link.
I will not search for name-like projects or the original one and report there if a fork was distributed to me.
This is why I am confused why a fork is not solving the burden of possible bug reports. Also the fork assumes its own maintenance this is the purpose of the fork.
I lost the blog post I learned this from, but one way to do it is whenever someone opens a PR on a project you don't want to maintain anymore, make them a maintainer!
That way, the project lives on with minimal disruption to its users.
The project is barely a week old so that might explain the lack of issues. Also Homeassistant is a big project with a big community, there are going to be a lot of people getting into edge cases. The Homeassistant project does do a lot of damage control on this because they promote standardised deployments like the Home Assistant OS. But I can't image why a NixOS repackage would add a lot more issues the author doesn't want to deal with.
> Are there any mechanisms for limiting how much of one's life an author signs away to their project (without feeling compelled to grow an operation) while still retaining an Open Source designation?
You don't have to do anything to keep it open source. The source is already open, others can use it, fork it, etc. There is no formal obligation for you as maintainer. However as a maintainer you can feel a moral obligation for whatever reason (pride, guilt, peer pressure, etc).
It's not about popularity. Distributions often ship outdated or modified code, link it against unsupported versions of dependencies, etc. When this causes problems users will contact or blame the author of the code, instead of the distribution which broke it.
I guess I've always struggled with this, because this seems like an extremely easy problem to solve.
In this particular instance, if you think the problem is "nix users are overwhelming me" - then you have a hard and fast requirement of: if you want support fill out this form that includes OS version. If someone lists NixOS as their version you give a canned response linking them back to the Nix github page.
If the issue is just a generic: my package is so huge there is just an unending list of people asking for help. Ignore them? I get as a maintainer you may have a desire to help folks, but nobody is forcing you to. Browse github and respond to the things you feel like responding to, and ignore the rest.
I mean this with all due respect, but part of being an adult is knowing when and how to say no.
> Are there any mechanisms for limiting how much of one's life an author signs away to their project (without feeling compelled to grow an operation) while still retaining an Open Source designation?
For distribution repacks specifically, there’s the old device of providing a configuration-time option to change the web and email addresses in the documentation (e.g. GCC does this), but I’m not sure if this will work when Google results for the error message will still point you to the upstream. There’s also the bug report checklist with “I have verified I am running the last development version”, but that comes with its own limitations.
>Are there any mechanisms for limiting how much of one's life an author signs away to their project (without feeling compelled to grow an operation) while still retaining an Open Source designation?
Yeah, it's called setting realistic expectations. If I release something open source, I don't owe you anything. Support, help installing, fixing bugs, spending time implementing your specific feature...
When they offered to fork it completely to avoid the issue and he rejected that, it really just looks bad.
I get being done with something when you've had a bad experience, but the maintainers here went to every effort to accommodate, and did so in a friendly way.
It reads like this guy wanted a fight and an excuse.
I think the correct answer is to just make the fork as proposed and use that instead, it solves the problem and removes the guy from the equation entirely. The fact he rejected it doesn't matter and he can be angry all he wants.
From what I can see in the thread (and I'm not very familiar with the tech so I'm working off of inference here) it looks like the library fetching tool is well equipped to fetch the freshest branch from his repository directly. His responses are very minimal but it sounds like he's objecting to older versions of his library being bundled in and causing breakages on the client side - forking would potentially just make this problem worse from his point of view if his primary concern is the fact that users get out of date code - compared to the concern of code maintenance.
Daniel Stenberg creator of cURL has famously gotten a lot of weird support requests and emails over the years due to his license being shipped with an insane number of different utilities. He has handled them gracefully and with good humor from what I've seen, but not everyone is comfortable with fielding questions from random non-technical users - if that's where this dev is coming from then forking the project would probably let him dodge a lot of the responsibility. I just can't clearly tell due to how terse[1] his replies are.
1. I would say succinct here due to the fact that it lacks the negative connotations of terse, but it also implies a completeness of information which sadly isn't here. Please don't read terse as insulting or negative in any way.
It seems to me he states pretty clearly that his issue is the support burden, not some paternalism over users:
> If users experiencing issues with the ambee library in this package, they will knock on my door. And I'm not willing to support that or accept that burden. Especially as I don't see a good repacking reason in this case.
I absolutely agree that there is a legitimate reason to say "look, I can't handle the support burden from this", but users aren't going to track down the original project to make support requests if you fork it, rename it and point everything to the new one.
(Obviously you might get one or two, but anyone that motivated would probably be making their own package and run into the exact same issue anyway, at some point you can't really blame the package).
The solution is to fork the project and give it a new name & URL so users don't knock on his door - he refused that option too! Kudos to the maintainers for their curtesy - they didn't have to ask him for additional permissions over and above the current licensing agreement - they have the rights to redistribute or fork the project, Frenck is against them exercising either right.
From the profile https://github.com/frenck
He describes himself as "Slightly assholic at first sight. Actually a nice guy that just likes to get stuff done." Very fitting description actually, I wouldn't argue with such a nice guy.
The point about shipping old versions is rather moot in this case however, because the NixOS package was using the version required by the latest version of Home Assistant.
The nixpkgs/NixOS packaging of NixOS uses packages which work with the tests of home-assistant. We cannot respect every version pin and if package have none breaking updates we happily update them. This is especially important to get security fixes in.
I agree. This is kind of bizarre behavior from someone who is such an important contributor to Home Assistant, a large scale open source platform. I can’t imagine most of the leaders in Home Assistant would share this attitude, but maybe I’m wrong.
Unfortunately, the founder of Home Assistant has acted similarly too. When NixOS maintainers raised concerns, he accused them of having "no intention to contribute anything positively." This was despite NixOS maintainers' best efforts to engage in a civil discussion.
To make matters worse, he even used the fact that the NixOS discussion was temporarily locked down due to high tensions and accused NixOS maintainers of attempting to shift the maintenance burden on Home Assistant, which is hardly what all this is about.
It seems like HA has its own plugin distribution model, whereas NixOS is trying to work around that to provide reproducible builds.
Aside from how this issue has been handled, poorly, that seems like a reasonable technical decision for HA to make, particularly given that their main use case is semi-technical user installing on a Raspberry Pi, and in that case is it something they should be forced to support? A fork seems like the right option there?
Nobody is actually asking them to support anything. And they “refused” a fork (which is pointless as nothing stops one from happening). They seem to want to hold some control over their software that is against the usual rules of the game for OSS.
This and the OP seem to suggest there is something else going on behind the scenes than just abrasive personalities. Do the people who work on Home Assistant have some issue with NixOS?
It's sad to know that Home Assistant is such a project. I should consider alternatives. Partially I can grasp them, but the attitude in reply is really looks bad.
None of the alternatives were something like "rename, so it isn't attached to them any more". I understand their issues, at present they can push new releases via pip, with this many nix users could have very out of date packages.
If I understand you, they offered that very thing in https://github.com/NixOS/nixpkgs/pull/126326#issuecomment-86... and it first wasn't answered, and then was dismissed with "This was already answered. Please don't repack my source in this repository was my request. I don't see how your suggestion is changing that."
That response was what confused me as to the problem with packaging the library, as it seems like that would fix the inundated-with-support-requests issue.
Just because you are legally allowed to do so doesn’t mean that you should. Hopefully you have a similar stance towards Amazon’s behavior in the OSS community.
It's not an issue of legally allowed. It's the very spirit of the community that allows for this. The FOSS community has worked very hard to create a system where permission isn't needed because it's already there, baked into the system. So while yes, some large corporations abuse this, I also don't consider Amazon to be part of the FOSS community, and I definitely consider NixOS to be a part of the FOSS community. To declare that you will go so far as changing the license to prohibit certain persons or projects from using your software is an affront to the FOSS community itself. If the whole FOSS community degraded into "It's free for everyone except you and you and you because I don't like you or maybe you're gonna make my life difficult" then we would have no FOSS at all.
I can understand the author's concern, and NixOS offered to maintain it's own fork to mitigate it, and the author rejected the idea. That tells me that it was more of a temper-tantrum stemming from some other deeper issue than just a concern about support.
He understands it perfectly. That's why he asked nicely at first. Nixos just "request denied" him after rounds of requests and discussion. With that he's roiled up to change the license to exclude Nixos.
He just doesn't want the extra work to support another distro which would include an outdated version of his package.
If you look at his bio on github, it's the epitome of the nice-guy meme.
"Slightly assholic at first sight Actually a nice guy that just likes to get stuff done."
If you have to warn people that you're an asshole and then try to convince people that you're actually a nice guy, then you're probably not a nice guy.
IMO, it's worse than that: frenk does seem to understand the history of FOSS distribution. Most Linux distributions included packaged sources for the software. This is no different. They did not point back to the original repo, not to the source control repo. They had rmps or the equivalent.
The existence of pypi does not mean everyone is forced to link back to it and use it has their own source repo. Frenk insistance that everyone uses pypi and only pypi is just a tantrum not based on reality.
People could use his package from pypi and still have an outdated version. People could use a pinned version from pypi and they would always get an outdated version. People could be using an installed software from long ago and thus have an outdated version.
Thus his concerns are not magically solved by not packaging sources.
Plus, he has an attitude problem, is passive-aggressive, is closed minded and won't discuss. May he have fun with his newly weirdly licensed package,
He strikes me as someone who has been burnt by the packaging issues that have been around in the ecosystem for years.
You're right that the existence of PyPI doesn't mean everyone is forced to link back to it, but damn it would make a lot of stuff a hell of a lot easier if it did. I've been bitten by Debian packages being years out of date, I've seen packages modified by maintainers in ways that are poorly documented and useful for Debian users rather than Python ecosystem participants.
I've managed to work my way out of that now and would never go back to that world if I can help it as the trade of reduced engineering quality (along various axes) for increased "freedom" is not one that I value (personally, or at work). So I can really empathise with this persons position.
I think they handled it poorly, communicated poorly, came to the wrong conclusions, and left the discussion in a bad place, but all of that just screams frustration to me, and I can understand where it comes from.
> I've been bitten by Debian packages being years out of date
I've been bitten far harder by pypi packages trying to download random opaque binaries, miscompiling their own binaries, vendoring and failing to update large packages, having impossible-to-satisfy dependency requirements (relying on pip only ever making a half-assed attempt at satisfying them) and generally making strange assumptions about the target system.
That is indeed also a problem! Essentially it comes down to wrapping sets of dependency management. Thankfully the "engineering" side of Python is fairly good at this in my experience, but I have seen the "data science" side of Python do some of this.
The whole point of nix is to decrease the chances of being burnt by dependency management. This is why packages don't rely on _just installing packages via pip_.
I think there’s some emotional nuance here. After a certain point he basically said all of his technical justification and the request does boil down to “because I said so and I’m the author.” The Nix maintainers explicitly do not want to respect the author’s wishes (which is fine) but that makes the whole thing turn adversarial because “okay we won’t include it” wasn’t even something the maintainers considered for even a second. It was pretty level headed discussion until it was clear that their only motivation was getting to yes or enough justification to ignore him.
In totally agree but in the case where the Nix maintainers don’t think the author’s reasons are good enough (which happened) that’s where we’re left with “because I said so and I control the license.”
I would agree that the author's reasons aren't good enough, because when they proposed a solution that would mitigate the reason, he rejected it. That implies that there's far more to it than the reason given.
> It was pretty level headed discussion until it was clear that their only motivation was getting to yes or enough justification to ignore him.
No, they offered solutions and only gave up when the author refused to provide any actual objection other than that he didn't like it. "Doesn't want people to file bug reports because downstream broke something" is a reasonable objection, but it's also a fixable problem. "The only thing that will ever make me happy is you completely removing this package from your distro" is neither.
The only solution Franck gave is to not re-package for any emotional reason he had. The Nix developers gave their reasons why they need to re-package. Franck just ignored everything and gave no reasons to justify his request.
The broader issue here, again, is that maintaining FOSS software seems to be becoming a shittier and shittier proposition.
I can fully empathize with him that he doesn't want some other project shipping an old an broken version of his project even though it is allowed by the license.
FOSS is really quite ill at this point. If you don't recognize what is happening, you're going to see this happening more. Continuing to blame maintainers that are burned out and frustrated and broke won't fix the systemic issues.
I have no specific opinions on the author really, but:
> Seems like an author that doesn't understand the spirit of FOSS.
The author states he understands the licensing and the project's rights to use his software earlier in the thread. He was simply making a request.
> Why is a person like this even engaged in FOSS if they don't have a desire to share or even engage in a reasoned discussion?
Again, he stated his reasons in the thread. He didn't want to have to potentially support their repackaged and/or old versions of his software. His software being OSS did not give up his right to make nuanced requests.
That said, the thread ended with something to the effect of "well, we can include instructions on how to install his software" -- an option which wasn't presented until the end, yet it fully complies with his request.
Some people release something as FOSS but don't understand what that means. We had a developer we worked with at PortableApps.com release his software under a FOSS license. He requested we package it portably in our format and release it. His users and ours were happy.
Fast forward 3 years and a bug impacted a user's data in the portable package. The developer became increasingly irate even after it was fixed and demanded we stop publishing it. To avoid confusion, I even renamed the portable package to a new app name, forking it. That made him even more angry and he started publicly claiming we were "stealing" his work, despite following the license, maintaining his copyrights, and directing users to donate to his donation page to support development. He put up banners on his website and documentation pages about the "theft". As his emails to me went downhill, I got the feeling he might poison the code itself upstream to mess with the fork. I didn't want to deal with that just for one small app, so I abandoned it.
So, yes, this does happen. And some people thing "because I said so" is a valid position.
> If users experiencing issues with the ambee library in this package, they will knock on my door. And I'm not willing to support that or accept that burden. Especially as I don't see a good repacking reason in this case.
I mean, yes, but then when the NixOS folks offer something like:
requiring users to explicitly set config.ambee.acceptThatThisPackageIsNotSupportedByUpstreamDevelopersAndIWillGoToNixpkgsToReportAnyIssues = true to be able to install the package, or they would get an error that would make it even clearer. Would that be enough for you?
the author replies just:
I feel like I'm starting to be on repeat now. Please don't add any of my stuff to this project.
But when suggested alternatives to resolve that issue, he simply ignores it and states “sorry, this is my wish” with no further clarification.
The whole chain is a guessing game trying to figure out what the real issue is (and in the end, it’s not even found — the author randomly finds an alternative he likes)
> If users experiencing issues with the ambee library in this package, they will knock on my door. And I'm not willing to support that or accept that burden. Especially as I don't see a good repacking reason in this case.
Users will contact the author for support, but users are getting the software indirectly via a packager, which means a) there might be changes from the packager b) they might be getting an older version that appears to be the "latest" and c) they don't have a way to install a modified version provided by the author to test out a fix in the same way that they installed their current version.
(It's true that with nixpkgs these problems are much more solvable than in basically any other distro, but the risk is stil there.)
This is the case with literally every piece of software packaged for linux, it seems that nix is just the first place to attempt to package this. The project looks to only be a week old anyhow.
If users experiencing issues with the ambee library in this package, they will knock on my door. And I'm not willing to support that or accept that burden. Especially as I don't see a good repacking reason in this case.
I don't have any experience of nix packaging, but I work on a couple of programs when Debian applied some broken patches while packaging, then "we" (upstream) get the bug reports. It's annoying as we don't have any way of fixing it, just have to tell users to uninstall the Debian version.
I am not the author so I can only speculate. He's anticipating that they will be distributing an out-of-date package and it's simply another place that has to be synchronized. He's saying that there isn't actually a need to host it elsewhere as it can be installed via pip through pypy (his preferred host) which will have up-to-date code. He doesn't want to get bug reports for outdated code.
the author of the lib pushed the code by a PR to Home Assistant, a project that is packaged by multiple distribution, including ubuntu, fedora, arch and more, all of which will repackage the library.
The author should ask for removal from HA, not going to all packager for all distro requiring to be removed
I’m not sure why there are scare quotes around “his”, the code is the author’s property, it’s just they’ve granted a license for it to be used by anyone.
The scarequotes are certainly inappropriate unless it's CC0 licensed, but you do point out that he's explicitly granted a license "for it to be used by anyone". Which seems... of some relevance here.
The reason is the concern that users will confuse issues with the project with issues with how the project is distributed in Nixpkgs. He doesn't want to have to support nixpkgs.
There are likely multiple root causes. The whole space of issue management around libraries and applications using those libraries is a horrible and abusive mess. In my experience, between an application using a library and a library users will target whichever is easiest; not most applicable. Plus, most opensource user support is a fucking chore (you'd need to pay me for these days) that's unsustainable.
Another cause is likely the cost of nixpkgs contributions themselves. Personally, I no longer contribute to nixpkgs because even for tiny changes the process is ridiculously expensive. That's not including the cost of getting up to speed with nix/nixpkgs and the, often, highly opinionated packaging.
nixpkgs needs to be broken up into multiple independently distributable packages.
Seems that he wants pypi and pip to be the exclusive distribution mechanisms for his project. He wants to avoid handling bugs that come from his project being packaged through other means.
He misunderstands how nixos works and suggests that Home Assistant will be able to install his package via pip on nixos.
> He wants to avoid handling bugs that come from his project being packaged through other means.
From his conduct in the thread this seems a red herring. The nixos devs have proposed a selection of reasonable solutions to avoid any support burden on his part, all of which he's rejected outright.
Python ambee is a simple client library for a proprietary sass iot service.
I guess they want to control exactly how their users are using their service.
Yet the author is an admin on the HomeAssistant community forum, one of only 6. Presumably his other contributions to the project justify those privileges, and he did not shut down the passive-aggressive thread some nixOs folks started there, it was another admin (the founder of HomeAssistant).
This sucks for nixOs, but it looks like community incompatibility means they won’t be able to support HomeAssistant at all.
Some context: Frenck is a core developer on the Home Assistant project, and was hired by Nabu Casa (the company the project's founder founded to try to create a sustainable funding source via adding some optional value-add services) to develop for Home Assistant full time.
If instead of packing these separately, the home assistant nixpkg for home assistant simply downloaded all the required dependencies from PyPi, and verified them against a maintained list of checksums as part of the nixpkg (for reproducibility), then frenck probably would not object to that, since the last I knew the some of the official home assistant docker images do preinstall the requirements for the majority of plugins like that.
I'm suspect frenck's real concern comes from any possibility of modifications in the packaged version, combined with any possibility of nix allowing home assistant to be used with a version that is not an exact match of what home assistant specifies.
Alternatively If this could be packages as some form of home-assistant sub-package that was guaranteed to always match the PyPi version specified for home assistant exactly, without any mixing and matching, it would likely allay his concerns. Unfortunately he has not spelled out his concerns fully, so I cannot know for sure. I also have no idea if this is at all feasible in the nix packaging system.
> If instead of packing these separately, the home assistant nixpkg for home assistant simply downloaded all the required dependencies from PyPi, and verified them against a maintained list of checksums as part of the nixpkg (for reproducibility), then frenck probably would not object to that
From what I can tell the Home assistant core team doesn't not want to deal with any other installation variants than their own supported ones. Their user base consists of a lot of technical tinkering people (hobbyists, electricians, etc) but those who don't necessarily have Linux sysadmin skill's. So you could say they are skilled enough to get themselves in any of a hundred different configuration scenario's that would then need to be debugged by the HA developers for each support ticket. For a developer knowing the installation environment is at least sane is a great help.
That said, Home assistant does lend a lot of its growth to open source contributions, collaboration and being free software. If it was not as open in the beginning it might not have gathered enough attention to grow its current size. Cutting off developments in other directions like this to me feels against what FOSS stands for.
IIRC he had xscreensaver start spitting out error messages when it was old because Debian generally keeps package versions fixed per release, meaning if someone had a 2 year old but still updated version of Debian it would ship with a 2 year old version of xscreensaver. Jwz was tired of getting error reports for bugs fixed years ago because someone installed a the default "current" version on their Debian based OS.
Did you catch me before the edit? I remembered right after I clicked "submit" and immediately removed it, ha! You must have seen it right at the right moment.
if you follow an HN link to that site it detects the referrer and shows you something you don't want to see, so it's more than just because jwz doesn't want you to, he actively punishes people who unknowingly click a link that violates his preference.
Sure, it's not like, a law of physics or something, but
1. in this case there's... more to it, as you've been pointed out
2. I still think it's polite to respect someone's wishes, especially when it is trivial to do so.
This attitude of "well I can because I can and what you think doesn't matter" is promoted as the culture of "the internet" by a lot of folks, but it's a cultural thing that not everyone agrees with.
Author ships code with a permissive license, other people build code, and view things from a purely legal perspective.
Author realizes that code doesn't exist in a vacuum, and that actual binaries/packages matter (different versions, etc) , which he doesn't control, and it's a problem to him.
He then asks the distro guys to do things differently. Distro guys are either offended (evil author!) , legalists (he chose the wrong license, his fault) or sometimes helpful (maybe there's an alternative) .
I think it's obvious the authors made a licensing mistake, and I don't understand why distro maintainers don't want to see this.
All in all, it's quite fascinating : a bit of law, a bit of social contract, and something truly in the 'grey area' where we, humans , don't always shine.
Is there greater context here that helps explain what's going on? Reading the comments in the thread didn't clarify much for me as someone unfamiliar with NixOS, their apparently unique Python packaging scheme, and Home Assistant.
He just doesn't want anything of his included in nixpkgs because he doesn't want to deal with anyone opening Github issues against his repos if there happen to be build / installation issues that are coming from some kind of failure in the nixpkgs install / build process.
Also they offered various options to appease the author including code forking and the author rejected them all. Basically the team exhausted all of their options to make this author happy but the author seem not to understand the reality of FOSS. This author shouldn't be in the FOSS if the author is going to roadblock every options despite his licensing explicitly allows including the codes.
Agreed. If he wants to be stubborn like this he just should change his licensing so it can't be included anywhere else upstream and that would put an end to it.
Not sure why I'm being downvoted for what he explicitly lays out from the link above:
If users experiencing issues with the ambee library in this package, they will knock on my door. And I'm not willing to support that or accept that burden. Especially as I don't see a good repacking reason in this case.
> Seems he's just being unreasonable for the sake of it tbh; I can't see any logical reasoning behind it all.
> That's speculative on his part (noone has opened any issues with him, neither coming from nixos nor from any other repackaging).
Which is the whole point of acting on it before it happens...
It's crazy the amount of entitlement I see toward open-source developers. You don't like his stance, then fork it and support it yourself. You are already lucky to have a good base to work on, you shouldn't even be entitled to that!
They explicitly offered to do that, and also suggested 3 other solutions to address his concern, and he shot all suggestions down with what amounted to "I already told you what I want: Don't repackage my code."
The only entitlement form the nixos devs has been using a right which Frenck explicitly chose to provide when licensing his software.
In the end, the will have to fork it, and probably maintain a fork of HM, since he is relicensing it to disallow repackaging.
It sounds like Home Assistant by default pulls the (EDIT: Home assistant specified, not latest) version of the package from PyPI at runtime and loads it dynamically.
The point of NixOS is reproducible builds, that is if you build a given nix environment you will always get the same code. Dynamically pulling from PyPI at runtime defeats that.
The author doesn't want any way of downloading the code other than getting "the supported version" from PyPI, as they don't want to deal with support requests for issues that are fixed later. They are likely worried that packaged versions will become stale, and users will expect support for specific versions, which they are unprepared to offer.
I think the offers from NixOS of having to enable config flags to get this enabled which make it clear it's not supported by upstream should be fair. Part of open source is that others are free to modify your code, and if you have a problem with that you're not really ok with the idea of open source.
His project has zero issues created. It's a pretty small and simple library.
Why would users report to his project when installing Home Assistant? That's not usually how it works and Home Assistant has a lot of other dependencies.
Yeah I really wouldn't want to use anything that dynamically pulls a package from PyPI at runtime, because I don't trust this guy not to add a vulnerability to the code at a later point in time.
Okay, so ... I know someone might, but really who will audit any of his existing code?
(Sure, that's slightly different than identifying such an auto-update point and then trying to do a supply-chain attack. But do maintainers look at what they package? In how much detail?)
That's the point of packaging it... you review it at the time that you package it, and then you review it each time you update it in the future. Should always do a simple diff at minimum to see what changed. That's just part of being a responsible open source user.
The open source user they're referring to is the package creator, not the package installer. The package creator takes responsibility for the software they package. I sure hope they check the diff. I certainly do for the packages I maintain.
But is that an audit? How much does that worth against a determined and skilled adversary? I mean if they quickly do a lot of big changes they can easily drown packagers/reviewers, and then slipping something through becomes a waiting game.
Home Assistant's core developers really do look at the intergration plugins rather closely before they accept any pull request that updates the dependencies. This is needed as badly coded integration libraries really can negatively impact the stability and performance of the whole system.
It is not uncommon to see them request changes to the bumped library to fix any issues they have noticed.
NixOS is quite ready to handle home-assistant but did not yet package every python package that it could depend on. That is just taking a bit more time and will be eventually done. Until then you should take a quick look at your logs if something is broken/not working and you should easily find which package is missing. If you need help with that you can always jump on the NixOS matrix channel and people will help you with that.
> It sounds like Home Assistant by default pulls the latest version of the package from PyPI at runtime and loads it dynamically.
Package versions are recorded in component manifests so it will not default to the latest version, someone has to make a code change and PR on homeassistant to update the version. And they are collected in a requirements file for every HA release[0]. So it should not be hard to automate that if needed whenever the HA Nix package gets updated to ensure the latest used version of ambee package is included.
I think the greater context is that the Home Assistant developers are somewhat hostile to people running, and especially packaging, their software outside of their own supported methods (which are Docker containers or their own full OS). It's somewhat understandable as it creates a support burden for them, but especially given the enthusiast nature of the community this doesn't seem like a smart decision. There's been some outrage in the community about the developers deprecating platforms before.
> I think the greater context is that the Home Assistant developers are somewhat hostile to people running, and especially packaging, their software outside of their own supported methods..
The person proposing the Nix package is a Home assistant developer afaik, so that would be weird.
Well, Home Assistant is a large project with lots of contributors, so it's not surprising that its developers don't have a singular opinion. However, this is the impression I get from the official announcements and other interactions I've seen on GitHub.
Another incident was when they deprecated/unsupported installing it on a generic Linux install last year, which they had to (somewhat) back down from after community outrage.
that frenck guy actually just comes off as an a-hole. especially with their passive aggressive responses. why are so many software people like this? maybe he should change his license
I don’t really understand the details here. Seems like they disagree about the ease of avoiding it being repacked. Perhaps a good compromise would be for them to collaborate on a solution they’re both happy with. As it is, this conversation looks like: “can you not pls” “too difficult” “no it isn’t” “yes it is” ad infinitum.
He's not interested in that. The NixOS folks asked:
"I'm also a little anxious that this thread has the potential to get heated quite quickly, so if you have the time and are willing to it might be worth setting up a quick Jitsi Meet to talk about this. Failing that, maybe we should pull this off into a separate issue thread so we can discuss there instead."
but he replied curtly with
"My wishes are above, please do not repack my code into this project. Please respect that request. It is a fairly simple request, nothing heated about it. I have no intention of spending time in this project.
> a good compromise would be for them to collaborate
If you read through the thread, the author makes it extremely clear that he has zero interest in collaborating or coming to any kind of mutually agreeable solution.
If you don't understand the authors frustration, read Daniel Stenberg blog about what kind of requests he gets about curl. It's insane and ridiculous, not everybody is capable of/wanting to deal with all kinds of shit and hostile users like Daniel.
You don't understand the issue then. The author don't want to deal with all kinds of requests unrelated to his own package. NixOS is an operating system, totally understandable he doesn't want to deal with OS issues.
Why would users report to his project when installing Home Assistant? That's not usually how it works and Home Assistant has a lot of other dependencies.
His library was written specifically for Home Assistant and it's an internal dependency that no one usually sees. It's a 300 lines wrapper for Ambee API.
But people on NixOS may use his software...if not in nixpkgs then someone will just maintain their own overlay that many people use. It's impossible to stop - if there's demand by NixOS users for this software, they're gonna package it up and patch it in order to keep Nix Nix..
Hell, I could go make that overlay right now and link it in a nixpkgs issue for discoverability. What's this frenk person gonna do? Cut me an issue saying "pls delete this code from the internet"? Hah!
There is a considerable difference between getting requests and providing support. You don't have to provide support, but it's a little hard not to get requests.
Well, you can disable the issue tracker for a project on GitHub. You're not even required to publish a project on GitHub, you can host it somewhere that doesn't offer any way to contact you.
I don't think GP was saying that anyone is obligated to provide support, just that receiving support requests is intrinsically part of publishing software as source. The only way to avoid receiving requests is to abstain.
To be fair, the reason the curl author is being contacted is because (IIRC) he advertises his name and ways to contact him in curl. The point of advertising yourself is to get people to contact you, and you can't control who does (but can ignore them).
That's entirely reasonable if it's happened/happening to you AND you have no means to stop it from continuing.
In this case it clearly hasn't happened to this author (yet) AND the nixos devs have put forward a selection of reasonable proposals to prevent it happening to him. All of which he has rejected without and real justification.
If you read the full thread it becomes clear that his citing fear of support burden is not made in good faith. His acts of blocking redistribution of his package in any Linux distro (here & Fedora at least) is clearly a bigger burden for him to take on than he would take on if he allowed the redistributions.
Funny that the author complains they have no time to support users, but they have time to waste that of other open source maintainers and users as if the wish to package their Open Source software deserved no respect.
> the author complains they have no time to support users
In the github issue, as far as I can see, he doesn't "complain" at any point about having "no time to support users".
What he does say is "I'm not willing to support that or accept that burden" [of supporting NixOS users], and "I have no intention of spending time in this project" [meaning NixOS].
It appears that he just isn't interested in NixOS or supporting NixOS users. That's absolutely his prerogative, and does not mean he is "complaining" about not having "enough time" for it. And regardless, how he chooses to spend his volunteer/unpaid time really isn't anyone else's business.
There are some other valid criticisms here but I don't feel this particular point is a fair take.
I don't see anything wrong here. I think licensing terms should heavily favor authors, because if you're writing FOSS, you're already giving away intellectual property for free.
You don't need to suffer any degree of support. Software in most cases is literally provided "as-is." There are no fruits to bare from providing something for free. Clout doesn't pay the bills.
I think people get really weird as soon as you cross the threshold of providing something for free versus something for even a nominal amount. As soon as you have to pay anything, it turns people off. Which is a good thing.
Contrary to this, I think we do see FOSS authors post every now and then that when their packages explode in popularity, they can't provide meaningful support, and end up closing down their FOSS project instead.
I think it's entitled to want to use someone's free work against their wishes. Why is he the bad guy? He acknowledges the licence allows it, but wants to change the licence in response to people wasting his time. That's surely fair game too.
This is an extremely odd request for something licensed as MIT.
Especially since the code layer is so thin. The project has existed for a week, and consists of 360 lines of python, most of which are get/set on what I think is JSON.
Edit: Geez. Half the commits are bumping dependencies. The project is incredibly clean and beautifully structured, but gosh...
A very similar thing happened when the folks at flathub tried to package MultiMC. Unfortunately the author threatened to sue for trademark infringement and they backed down.
Huh, I'd been pretty happily using MultiMC for some time and even thought they were in the right of the Forge dispute. Might have to look for alternatives next time I get back into Minecraft.
I think this is a cautionary tale about using social media while in a bad mood.
Considering how unreasonable he was in that thread, I'm assuming he was just in a bad mood or something like that. Except now he's on the front page of HN with tons of comments criticizing him and painting him as a bad person.
99.999% of people will probably forget this by tomorrow, but it still would suck to be on the receiving end of this kind of attention I think.
Seems like he does give back his knowledge and time to the open source community. Much more than me I can tell you, and probably more than many of people in thread.
What he don't like is people expecting support from him in ways that differ his initial distribution methods, which makes sense when time is a limited ressource and he clearly has expectations on how he want to spend it.
I find it quite amusing that the package author refuses to act reasonably and states he wishes to spend no time on the project, whilst being pulled further into the project. If he simply willingly engaged with the project owners to resolve the situation he could avoided:
1. Spending so much time trying to get the project to stop what they were doing.
2. Peacefully come to a mutually beneficial arrangement.
3. Front page HN where I will most certainly be avoiding using any project the author is part of.
This is an interesting example of how social concerns interact with technical concerns in the real world.
We sometimes like to think that software architecture decisions are made by rational actors using logic to choose the technically best solutions, but here's an interesting example where Home Assistant may need to change its dependencies because the author of the library it relies on is too difficult to work with.
I fail to see why the author could not add instructions to their project's issue tracker, something to the effect of
"If you want to report a bug, please reproduce the issue with the latest pypi package. Reports for any other deployment methods will be closed without further discussion."
Plus Nix is a crazy deep rabbit hole. If you're at the point where you're trying to make something work with Nix, you'll know when the problem is upstream and when it isn't.
regardless of the specifics here, stuff like this is liable to pop up a lot in the coming several years while NixOS is gaining more popularity but casual (as in "not willing to put in the effort of supporting off-beat distributions") OSS authors can still reasonably ignore it. the amount of patching that Nixpkgs packagers have to do sometimes is pretty extreme
Generally if the patch is not-specific to nixpkgs, we ask the contributor to upstream the patch, and then we have a `fetchpatch` utility which makes it easy to pull from an upstream source.
I agree with the point that this is a FOSS, but as author I would be terrified if some downstream users started some mobbing me [1] due to upstream changes as we saw in the FastAPI Pydantic meltdown [2].
362 comments
[ 2.9 ms ] story [ 253 ms ] threadThere’s no silver bullet. Sometimes things just don’t work out right and you need to fork or make an alternative. I’d personally lean towards making an alternative in this case, if it’s possible.
Everything else is simply noise.
Once you make your software free, it isn't yours any longer and your opinions about it (or what others do with it) aren't relevant.
On the non-legal side, there’s still a much broader issue of being good members of a community. We do, in fact, live in a society.
"As the author of the package that is being re-packaged here. I'm against it being repacked into here. While licensing wise I cannot stop you, I do hope you can honor my request.
Thank you for considering respecting the author's wishes."
It seems more like a matter of respect than a matter of law.
You can't demand respect from the Nix folks after disrespecting them by telling them to do something "just because".
I think you're right. This is largely a difference of opinion. It's a shame it couldn't have worked out better.
If the HA community's stance goes on to be made official (for now it's informal forum posts, albeit from senior maintainers), I would argue this is then a case of one FOSS community (Nix) having irreconcilable differences with the community of a proprietary software project falsely advertised as FOSS.
While it's technically true that a free software author owes nothing to any of their users, it's a legitimate problem that there's no good way to selectively offer help and support to those getting the software directly but not to those getting it from a package.
I don't know when precisely that stopped happening. Perhaps when OSS became more commonly hosted on sites like GitHub that have more easily-approachable issue trackers, users became more savvy about talking to upstream directly.
The project could have pinned the version and downloaded from pypi rather than repackaging.
This isn’t a situation of “can do” it was “is it nice to do.”
And the author mentioned that he’s changing the license to prevent it so it no longer becomes possible legally.
I typically don’t like authors demanding stuff outside their license, but this started as a simple technical/community request to not do something dumb and escalated.
And "becomes his problem" isn't right either. If he wasn't upset by normal packaging then there wouldn't be a problem at all.
It couldn't, since Nix is a package manager and will only download things from its repository. It can't access the internet otherwise.
Just because you're legally entitled to be a pain doesn't mean this leads to good things. If the source owner has a polite request, honoring that is usually the best course of action, independent of what the law says. (Ask people who thought image hotlinking was OK even against requests, and how goatse looked on their page)
"It's legal" doesn't mean that it's decent behavior.
I'm not exactly sure who's being a "pain" in this case outside of the potential future concern that someone might wrongly blame him for package failures via nixos which is packaging it as an upstream dependency of home-automation.
I think I'd be more concerned about the latter's users!
But he cannot retroactively remove MIT license. Changing license will only affect newer versions afterwards.
> If the source owner has a polite request
If this is your definition of polite so be it. I think it's quite unfriendly. Asked for a valid reason he basically says "because I want it".
If he want's them to remove it even though they have the right to use it he should at least explain why (or not publish MIT in the first place). His only argument is that he will get support requests, but he could just ignore them...
Not in common-law jurisdictions, where an open source license without consideration is a bare license and can be revoked at will by the licensor.
Only the license terms that the software is released under matter.
Most FOSS licenses include disclaimers like: "THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE."
If you did not pay the author for support, they do not owe you anything.
If they choose to provide support or fix reported bugs, that is their choice.
The NixOS team can use the code regardless of the developer's wishes if the license allows it.
If the developer chooses to not support the software on NixOS or change the license, that is their choice.
Additionally, the license is a contract (license don't exist as a separate category like in the US), the "[...] WHETHER IN AN ACTION OF CONTRACT" is particularly misplaced.
Do you have a reference or, more preferably, casserole to share on this point?
Are you by any chance a Firefox user and you have auto-correct enabled?
I'm guessing that because of "casserole", which is what Firefox corrects to if you accidentally double the 's' in 'caselaw'. Chrome goes for "casual", and Safari goes for "caselaw".
It's a swype keyboard, I'm not always awake enough to catch the errors. Casserole is good too though! ;o)
In order for a contract to be valid, and enforceable on both sides, there has to be an offer, acceptance, and consideration. No consideration (payment), no contract, and the open source license reverts to what is known in law as a bare license. Bare licenses can be revoked at any time, at will, by the licensor, regardless of any promises made by the licensor to respect the license in perpetuity. (You can always tell a squatter to leave your property, regardless of how permissive you've been in the past.) This includes revoking the license to software downloaded under an open source license for which the licensee has given no consideration.
The author is additionally being intentionally dense and inflammatory. They are unlikely to get their way acting like this instead of trying to find a compromise as others are trying to do.
It also seems the author wrote this library specifically to be included in Home assistant (since HA only allows glue code to be included in the core and keep the implementation specific parts in dependencies) and does a lot of HA development. So he knew what he was getting into. It's not like he's library was added by someone else and he will now be overwhelmed by all the additional NixOS users. His requests to not repackage his code because of the support burden seems a little moot to me.
There is ZERO obligation for an OSS author. Nothing, zilch. It is NICE to respect requests or help with issues you don't care about, but clearly not required when you are working on something FOR FREE.
I don't think so. The "problem" here is that the author doesn't want nixos to repackage his library because he's concerned about a "support burden" imposed, presumably, by nixos users who might get confused and report issues to him instead of the packager. I can vaguely understand where he's coming from, but being as his library in question[1] doesn't even have a single issue submitted, I can't help but feel that the "support burden" is either a consequence of paranoia or an excuse to have his sources pulled from nixos.
Worse, his package is being pulled--if I'm not mistaken--as a dependency of home-automation. So this is a totally different issue than yours.
As the sibling poster said, once you license something under a FOSS license, your intentions are pretty clear. If you don't want that to happen, pick a different (non-free?) license. Saying "this is open source, but I don't want $CLASS_OF_USER using it" no longer makes it open source by definition and thus no longer a free license.
His solution is to release a new version distributed under a license denying repackaging of his code, which is one solution, but that's almost certainly going to cause his package to get forked from an earlier version (under MIT) or dropped from home-automation.
Either way, this issue is going to get resolved, and I suspect it'll be resolved in a way he doesn't like. This should be a warning to anyone distributing under FOSS licenses: If you're squeamish about any vague possibility that someone, somewhere, might--maybe--post an issue on your issue tracker that has something to do with a use case you didn't plan, then you really ought to not distribute it under a FOSS license.
[1] https://github.com/frenck/python-ambee/issues
https://community.home-assistant.io/t/consider-to-avoid-addi...
It's worth pointing out that for the time being, all of frenck's packages are still MIT, so there's no current danger. It's totally reasonable (IMO) to request things as a OSS developer that aren't technically license requirements, but equally there's not much you can do if the answer to that is "no" and the use is in the scope of the license.
Now those are two very active projects but what I mean is that no one is forcing the author of the repackaged code to support anyone he does not have time to support. If they want support they can ask the nixos project maintainers for it.
I don't think there's a way to actually do that with an open source project though.
This library was written specifically to be used in Home Assistant, as per project policy the code that interfaces with devices needs to live in a separate python package. So there is no real fame to be had from this particular package.
He surely sees this repackaging as a source of potential headaches. If the nix folks could convince him that the package would never contain modified code (no no untested/unsupportable modifications), and further that the home-assistant package in nix would always use exactly the version specified upstream (so no version mismatch concerns), he would likely be less opposed.
Unfortunately the latter is very much not true right now.
They did everything possible to try to convince him but he had his ears closed and refused to listen.
> Unfortunately the latter is very much not true right now.
Based on the above, it is very much true.
The "fine article" always contains the correct bits.
They can also act as a bigger person and say "Sure, we understand, respect your wish and will find an alternative."
I'm starting to get the feeling that home automation might be somewhat hostile to repackaging.
[0] https://community.home-assistant.io/t/consider-to-avoid-addi...
The author's conduct in that thread is certainly not what I'd call "acting as the bigger person".
If they were serious about their request they'd be looking into having the homeassistant guys removing it, or PRing to homeassistant. Or changing the license to make it closed source.
From looking at the ambee repo the license appears to still be MIT; can't see any relicensing anywhere.
(And actually, as has been mentioned elsewhere, it seems like it wouldn't be possible for him to relicense in reality as the package is explicitly developed for homeassistant and as such would need to comply with homeassistant's licensing to be included as a dependency of it)
which is something I haven't really seen anything in the open source world manage, though that might be because I'm not much of a contributor. What happens if a utility explodes in usage and the author can no longer effectively support it as a result of being buried in overhead?
Are there any mechanisms for limiting how much of one's life an author signs away to their project (without feeling compelled to grow an operation) while still retaining an Open Source designation?
It sounds like this author is looking for a third option, one that doesn't involve people management (1) or ghosting (2), and as far as I can tell, no mechanism for this exists that doesn't violate the current tenets of open source.
A direct consequence of open source is that the good user experience burden falls to the consumer, not the producer. If someone wants control over the user experience, they want a closed-source model.
1. Some kind of forum/wiki starts providing community support and increase community contributions pick up the burden
2. Some business starts supporting this component and picks up a lot of the burden because they fix things that cause them pain in their business.
I've never seen a single person passion project be both open source and well supported for a long period of time without healthy community engagement.
Exactly. He made that point a few times, but the replies don't always seem to address the issue he raises.
> Would you be happier if we forked your upstream source to provide our own, or provided a similar Python package with an identical API that we can use as a drop-in replacement?
Wouldn’t this remove the burden of support from the author? Or it might be that I don’t understand exactly their proposal.
Now, some users will perform due diligence and maybe find the NixOS issue referenced in OP and look elsewhere, but many will find the project and immediately file an issue there in the upstream, leading to the author's main concern of "I don't have time to support NixOS issues".
I was thinking that people will do the same or else how will they know if the github repository returned from search results is truly the one installed?
So for example if this will be the case with a package I use I will report the bug to the fork because the package manager showed me their link.
I will not search for name-like projects or the original one and report there if a fork was distributed to me.
This is why I am confused why a fork is not solving the burden of possible bug reports. Also the fork assumes its own maintenance this is the purpose of the fork.
That way, the project lives on with minimal disruption to its users.
https://github.com/frenck/python-ambee
The project has zero issues right now. I think that is not the real reason.
You don't have to do anything to keep it open source. The source is already open, others can use it, fork it, etc. There is no formal obligation for you as maintainer. However as a maintainer you can feel a moral obligation for whatever reason (pride, guilt, peer pressure, etc).
In this particular instance, if you think the problem is "nix users are overwhelming me" - then you have a hard and fast requirement of: if you want support fill out this form that includes OS version. If someone lists NixOS as their version you give a canned response linking them back to the Nix github page.
If the issue is just a generic: my package is so huge there is just an unending list of people asking for help. Ignore them? I get as a maintainer you may have a desire to help folks, but nobody is forcing you to. Browse github and respond to the things you feel like responding to, and ignore the rest.
I mean this with all due respect, but part of being an adult is knowing when and how to say no.
For distribution repacks specifically, there’s the old device of providing a configuration-time option to change the web and email addresses in the documentation (e.g. GCC does this), but I’m not sure if this will work when Google results for the error message will still point you to the upstream. There’s also the bug report checklist with “I have verified I am running the last development version”, but that comes with its own limitations.
Yeah, it's called setting realistic expectations. If I release something open source, I don't owe you anything. Support, help installing, fixing bugs, spending time implementing your specific feature...
I get being done with something when you've had a bad experience, but the maintainers here went to every effort to accommodate, and did so in a friendly way.
It reads like this guy wanted a fight and an excuse.
I think the correct answer is to just make the fork as proposed and use that instead, it solves the problem and removes the guy from the equation entirely. The fact he rejected it doesn't matter and he can be angry all he wants.
Daniel Stenberg creator of cURL has famously gotten a lot of weird support requests and emails over the years due to his license being shipped with an insane number of different utilities. He has handled them gracefully and with good humor from what I've seen, but not everyone is comfortable with fielding questions from random non-technical users - if that's where this dev is coming from then forking the project would probably let him dodge a lot of the responsibility. I just can't clearly tell due to how terse[1] his replies are.
1. I would say succinct here due to the fact that it lacks the negative connotations of terse, but it also implies a completeness of information which sadly isn't here. Please don't read terse as insulting or negative in any way.
> If users experiencing issues with the ambee library in this package, they will knock on my door. And I'm not willing to support that or accept that burden. Especially as I don't see a good repacking reason in this case.
I absolutely agree that there is a legitimate reason to say "look, I can't handle the support burden from this", but users aren't going to track down the original project to make support requests if you fork it, rename it and point everything to the new one.
(Obviously you might get one or two, but anyone that motivated would probably be making their own package and run into the exact same issue anyway, at some point you can't really blame the package).
To make matters worse, he even used the fact that the NixOS discussion was temporarily locked down due to high tensions and accused NixOS maintainers of attempting to shift the maintenance burden on Home Assistant, which is hardly what all this is about.
https://community.home-assistant.io/t/consider-to-avoid-addi...
Aside from how this issue has been handled, poorly, that seems like a reasonable technical decision for HA to make, particularly given that their main use case is semi-technical user installing on a Raspberry Pi, and in that case is it something they should be forced to support? A fork seems like the right option there?
I'm afraid they do[1] (that's from the project founder, and current CEO of the company supporting HA development).
https://community.home-assistant.io/t/consider-to-avoid-addi...
I would have forked his repo, and said, "We'll be happy not to include any of your code. We'll just use this forked repo which is now our code."
That response was what confused me as to the problem with packaging the library, as it seems like that would fix the inundated-with-support-requests issue.
I can understand the author's concern, and NixOS offered to maintain it's own fork to mitigate it, and the author rejected the idea. That tells me that it was more of a temper-tantrum stemming from some other deeper issue than just a concern about support.
He just doesn't want the extra work to support another distro which would include an outdated version of his package.
If you make a license FOSS then people are free to do what they want. Just don't make it FOSS if you don't want.
"Slightly assholic at first sight Actually a nice guy that just likes to get stuff done."
If you have to warn people that you're an asshole and then try to convince people that you're actually a nice guy, then you're probably not a nice guy.
The existence of pypi does not mean everyone is forced to link back to it and use it has their own source repo. Frenk insistance that everyone uses pypi and only pypi is just a tantrum not based on reality.
People could use his package from pypi and still have an outdated version. People could use a pinned version from pypi and they would always get an outdated version. People could be using an installed software from long ago and thus have an outdated version.
Thus his concerns are not magically solved by not packaging sources.
Plus, he has an attitude problem, is passive-aggressive, is closed minded and won't discuss. May he have fun with his newly weirdly licensed package,
You're right that the existence of PyPI doesn't mean everyone is forced to link back to it, but damn it would make a lot of stuff a hell of a lot easier if it did. I've been bitten by Debian packages being years out of date, I've seen packages modified by maintainers in ways that are poorly documented and useful for Debian users rather than Python ecosystem participants.
I've managed to work my way out of that now and would never go back to that world if I can help it as the trade of reduced engineering quality (along various axes) for increased "freedom" is not one that I value (personally, or at work). So I can really empathise with this persons position.
I think they handled it poorly, communicated poorly, came to the wrong conclusions, and left the discussion in a bad place, but all of that just screams frustration to me, and I can understand where it comes from.
I've been bitten far harder by pypi packages trying to download random opaque binaries, miscompiling their own binaries, vendoring and failing to update large packages, having impossible-to-satisfy dependency requirements (relying on pip only ever making a half-assed attempt at satisfying them) and generally making strange assumptions about the target system.
No, they offered solutions and only gave up when the author refused to provide any actual objection other than that he didn't like it. "Doesn't want people to file bug reports because downstream broke something" is a reasonable objection, but it's also a fixable problem. "The only thing that will ever make me happy is you completely removing this package from your distro" is neither.
I can fully empathize with him that he doesn't want some other project shipping an old an broken version of his project even though it is allowed by the license.
FOSS is really quite ill at this point. If you don't recognize what is happening, you're going to see this happening more. Continuing to blame maintainers that are burned out and frustrated and broke won't fix the systemic issues.
That said, the thread ended with something to the effect of "well, we can include instructions on how to install his software" -- an option which wasn't presented until the end, yet it fully complies with his request.
Fast forward 3 years and a bug impacted a user's data in the portable package. The developer became increasingly irate even after it was fixed and demanded we stop publishing it. To avoid confusion, I even renamed the portable package to a new app name, forking it. That made him even more angry and he started publicly claiming we were "stealing" his work, despite following the license, maintaining his copyrights, and directing users to donate to his donation page to support development. He put up banners on his website and documentation pages about the "theft". As his emails to me went downhill, I got the feeling he might poison the code itself upstream to mess with the fork. I didn't want to deal with that just for one small app, so I abandoned it.
So, yes, this does happen. And some people thing "because I said so" is a valid position.
> If users experiencing issues with the ambee library in this package, they will knock on my door. And I'm not willing to support that or accept that burden. Especially as I don't see a good repacking reason in this case.
requiring users to explicitly set config.ambee.acceptThatThisPackageIsNotSupportedByUpstreamDevelopersAndIWillGoToNixpkgsToReportAnyIssues = true to be able to install the package, or they would get an error that would make it even clearer. Would that be enough for you?
the author replies just:
I feel like I'm starting to be on repeat now. Please don't add any of my stuff to this project.
"I'm running into some issues with ambee..."
"First, make sure you aren't using the version in nixpkgs. I do not support that distribution and cannot help you."
The whole chain is a guessing game trying to figure out what the real issue is (and in the end, it’s not even found — the author randomly finds an alternative he likes)
Users will contact the author for support, but users are getting the software indirectly via a packager, which means a) there might be changes from the packager b) they might be getting an older version that appears to be the "latest" and c) they don't have a way to install a modified version provided by the author to test out a fix in the same way that they installed their current version.
(It's true that with nixpkgs these problems are much more solvable than in basically any other distro, but the risk is stil there.)
https://github.com/NixOS/nixpkgs/pull/126326#issuecomment-86...
Honestly sounds like they just cannot have his project or anything that depends on it.
Luckily that ambee code looks trivial to duplicate.
There are likely multiple root causes. The whole space of issue management around libraries and applications using those libraries is a horrible and abusive mess. In my experience, between an application using a library and a library users will target whichever is easiest; not most applicable. Plus, most opensource user support is a fucking chore (you'd need to pay me for these days) that's unsustainable.
Another cause is likely the cost of nixpkgs contributions themselves. Personally, I no longer contribute to nixpkgs because even for tiny changes the process is ridiculously expensive. That's not including the cost of getting up to speed with nix/nixpkgs and the, often, highly opinionated packaging.
nixpkgs needs to be broken up into multiple independently distributable packages.
He misunderstands how nixos works and suggests that Home Assistant will be able to install his package via pip on nixos.
From his conduct in the thread this seems a red herring. The nixos devs have proposed a selection of reasonable solutions to avoid any support burden on his part, all of which he's rejected outright.
This sucks for nixOs, but it looks like community incompatibility means they won’t be able to support HomeAssistant at all.
If instead of packing these separately, the home assistant nixpkg for home assistant simply downloaded all the required dependencies from PyPi, and verified them against a maintained list of checksums as part of the nixpkg (for reproducibility), then frenck probably would not object to that, since the last I knew the some of the official home assistant docker images do preinstall the requirements for the majority of plugins like that.
I'm suspect frenck's real concern comes from any possibility of modifications in the packaged version, combined with any possibility of nix allowing home assistant to be used with a version that is not an exact match of what home assistant specifies.
Alternatively If this could be packages as some form of home-assistant sub-package that was guaranteed to always match the PyPi version specified for home assistant exactly, without any mixing and matching, it would likely allay his concerns. Unfortunately he has not spelled out his concerns fully, so I cannot know for sure. I also have no idea if this is at all feasible in the nix packaging system.
From what I can tell the Home assistant core team doesn't not want to deal with any other installation variants than their own supported ones. Their user base consists of a lot of technical tinkering people (hobbyists, electricians, etc) but those who don't necessarily have Linux sysadmin skill's. So you could say they are skilled enough to get themselves in any of a hundred different configuration scenario's that would then need to be debugged by the HA developers for each support ticket. For a developer knowing the installation environment is at least sane is a great help.
That said, Home assistant does lend a lot of its growth to open source contributions, collaboration and being free software. If it was not as open in the beginning it might not have gathered enough attention to grow its current size. Cutting off developments in other directions like this to me feels against what FOSS stands for.
I don't think ... that's how the internet works?
(edit: I mean the "because... he doesn't want it to be" part)
https://www.jwz.org/blog/2021/06/to-be-clear-the-whale-did-n...
edit: maybe jwz took the image down?
1. in this case there's... more to it, as you've been pointed out
2. I still think it's polite to respect someone's wishes, especially when it is trivial to do so.
This attitude of "well I can because I can and what you think doesn't matter" is promoted as the culture of "the internet" by a lot of folks, but it's a cultural thing that not everyone agrees with.
Author ships code with a permissive license, other people build code, and view things from a purely legal perspective.
Author realizes that code doesn't exist in a vacuum, and that actual binaries/packages matter (different versions, etc) , which he doesn't control, and it's a problem to him.
He then asks the distro guys to do things differently. Distro guys are either offended (evil author!) , legalists (he chose the wrong license, his fault) or sometimes helpful (maybe there's an alternative) .
I think it's obvious the authors made a licensing mistake, and I don't understand why distro maintainers don't want to see this.
All in all, it's quite fascinating : a bit of law, a bit of social contract, and something truly in the 'grey area' where we, humans , don't always shine.
The nixos guys also offered various proposals to him to completely avoid any support burden on his part, all of which he roundly rejected.
Seems he's just being unreasonable for the sake of it tbh; I can't see any logical reasoning behind it all.
I agree.
Which is the whole point of acting on it before it happens...
It's crazy the amount of entitlement I see toward open-source developers. You don't like his stance, then fork it and support it yourself. You are already lucky to have a good base to work on, you shouldn't even be entitled to that!
The only entitlement form the nixos devs has been using a right which Frenck explicitly chose to provide when licensing his software.
In the end, the will have to fork it, and probably maintain a fork of HM, since he is relicensing it to disallow repackaging.
The point of NixOS is reproducible builds, that is if you build a given nix environment you will always get the same code. Dynamically pulling from PyPI at runtime defeats that.
The author doesn't want any way of downloading the code other than getting "the supported version" from PyPI, as they don't want to deal with support requests for issues that are fixed later. They are likely worried that packaged versions will become stale, and users will expect support for specific versions, which they are unprepared to offer.
I think the offers from NixOS of having to enable config flags to get this enabled which make it clear it's not supported by upstream should be fair. Part of open source is that others are free to modify your code, and if you have a problem with that you're not really ok with the idea of open source.
Why would users report to his project when installing Home Assistant? That's not usually how it works and Home Assistant has a lot of other dependencies.
(Sure, that's slightly different than identifying such an auto-update point and then trying to do a supply-chain attack. But do maintainers look at what they package? In how much detail?)
Nobody does this, as this is completely unreasonable thing to expect.
It is not uncommon to see them request changes to the bumped library to fix any issues they have noticed.
What do you mean by that, why shouldn't they include it?
Package versions are recorded in component manifests so it will not default to the latest version, someone has to make a code change and PR on homeassistant to update the version. And they are collected in a requirements file for every HA release[0]. So it should not be hard to automate that if needed whenever the HA Nix package gets updated to ensure the latest used version of ambee package is included.
[0] https://github.com/home-assistant/core/blob/dev/requirements...
The person proposing the Nix package is a Home assistant developer afaik, so that would be weird.
Another incident was when they deprecated/unsupported installing it on a generic Linux install last year, which they had to (somewhat) back down from after community outrage.
"I'm also a little anxious that this thread has the potential to get heated quite quickly, so if you have the time and are willing to it might be worth setting up a quick Jitsi Meet to talk about this. Failing that, maybe we should pull this off into a separate issue thread so we can discuss there instead."
but he replied curtly with
"My wishes are above, please do not repack my code into this project. Please respect that request. It is a fairly simple request, nothing heated about it. I have no intention of spending time in this project.
Thanks."
If you read through the thread, the author makes it extremely clear that he has zero interest in collaborating or coming to any kind of mutually agreeable solution.
His library was written specifically for Home Assistant and it's an internal dependency that no one usually sees. It's a 300 lines wrapper for Ambee API.
Hell, I could go make that overlay right now and link it in a nixpkgs issue for discoverability. What's this frenk person gonna do? Cut me an issue saying "pls delete this code from the internet"? Hah!
Well, you can disable the issue tracker for a project on GitHub. You're not even required to publish a project on GitHub, you can host it somewhere that doesn't offer any way to contact you.
But he hasn't had to face any of that, and a couple different methods to avoid that happening were suggested and rejected offhand.
In this case it clearly hasn't happened to this author (yet) AND the nixos devs have put forward a selection of reasonable proposals to prevent it happening to him. All of which he has rejected without and real justification.
If you read the full thread it becomes clear that his citing fear of support burden is not made in good faith. His acts of blocking redistribution of his package in any Linux distro (here & Fedora at least) is clearly a bigger burden for him to take on than he would take on if he allowed the redistributions.
I think he also posts some of the funny ones on Twitter
In the github issue, as far as I can see, he doesn't "complain" at any point about having "no time to support users".
What he does say is "I'm not willing to support that or accept that burden" [of supporting NixOS users], and "I have no intention of spending time in this project" [meaning NixOS].
It appears that he just isn't interested in NixOS or supporting NixOS users. That's absolutely his prerogative, and does not mean he is "complaining" about not having "enough time" for it. And regardless, how he chooses to spend his volunteer/unpaid time really isn't anyone else's business.
There are some other valid criticisms here but I don't feel this particular point is a fair take.
You don't need to suffer any degree of support. Software in most cases is literally provided "as-is." There are no fruits to bare from providing something for free. Clout doesn't pay the bills.
I think people get really weird as soon as you cross the threshold of providing something for free versus something for even a nominal amount. As soon as you have to pay anything, it turns people off. Which is a good thing.
I think it's entitled to want to use someone's free work against their wishes. Why is he the bad guy? He acknowledges the licence allows it, but wants to change the licence in response to people wasting his time. That's surely fair game too.
Especially since the code layer is so thin. The project has existed for a week, and consists of 360 lines of python, most of which are get/set on what I think is JSON.
Edit: Geez. Half the commits are bumping dependencies. The project is incredibly clean and beautifully structured, but gosh...
https://github.com/flathub/flathub/pull/1978#issuecomment-74...
I'm really astonished with this comparison.
> I like to give back my knowledge and time to the open source community.
Considering how unreasonable he was in that thread, I'm assuming he was just in a bad mood or something like that. Except now he's on the front page of HN with tons of comments criticizing him and painting him as a bad person.
99.999% of people will probably forget this by tomorrow, but it still would suck to be on the receiving end of this kind of attention I think.
However the MIT license dictates what can or cannot be done. No need for further drama.
Seems like he does give back his knowledge and time to the open source community. Much more than me I can tell you, and probably more than many of people in thread.
What he don't like is people expecting support from him in ways that differ his initial distribution methods, which makes sense when time is a limited ressource and he clearly has expectations on how he want to spend it.
1. Spending so much time trying to get the project to stop what they were doing.
2. Peacefully come to a mutually beneficial arrangement.
3. Front page HN where I will most certainly be avoiding using any project the author is part of.
We sometimes like to think that software architecture decisions are made by rational actors using logic to choose the technically best solutions, but here's an interesting example where Home Assistant may need to change its dependencies because the author of the library it relies on is too difficult to work with.
"If you want to report a bug, please reproduce the issue with the latest pypi package. Reports for any other deployment methods will be closed without further discussion."
I mean, c'mon, Nix is a tiny niche. It's not like the support burden will be colossal.
Part of the beauty of Nix is it's easy to maintain patches - this can be nice cost-wise compared to upstreaming in many cases.
Not saying upstreaming isn't a generally good thing, but it's nice to have this other option.
But by being unkind himself, he surrendered that privilege.
So now he won't and shouldn't get what he asked for.
I don't understand how an adult human could fail to understand this.
Asking a favor while simultaneously being a jerk is not likely to work.
[1] - https://twitter.com/ChristianHeimes/status/13828152605586554... [2] - https://github.com/samuelcolvin/pydantic/issues/2678#issueco...