Or c) those who want it don’t have enough skill to code it, and those who have the skill aren’t interested.
That’s the generalized response to the flawed argument “if you want it, why don’t you make it?” in open source. People specialize at tasks to hopefully increase the total effectiveness of a system to more than it would be if everyone did everything. However, this means that if the only people who have the power to do something unionize, other people can’t get that thing without agreeing to their demands.
You could say in this situation, the core devs of Arch “unionized” to demand either coding help or patience from those who want the feature. I’m not interested enough in this situation to be bothered to research whether this is a reasonable demand. If it is unreasonable, c) is the case, and if it is reasonable, a) or b) is, but that’s as far as I care to investigate.
> Or c) those who want it don’t have
> enough skill to code it, and those who
> have the skill aren’t interested.
As others have pointed out, this would be more correctly stated as:
Those who want it, but don't have the skill
to code ti, want to demand that someone that
has the skills, spends their leisure time
creating it for free because they don't want
to pay for it.
Aka
If it is really that important to you, and
you don't have the skills to do it, you always
have the option of paying someone that *does*
have the skills to do it for you.
Apparently in most cases it's just more fun to fire up the email client and rant and rave about how it's 'unfair' that the feature isn't being implemented. And in the more interesting examples claim that the developers are 'Nazis' because they won't heed your bid and call.
What about hashing? Even if hashing is not the best solution, a not-so-good solution is preferable over 7 years of a hole. This is the attitude that make users mad.
If you don't have something you want and I have (the skill to write this patch), instead of bitching and griping, make it worth my while to do it for you.
Indeed. I work on several open source projects. When a user wants a certain feature really bad, can't code it himself and can't wait for my schedule, then they can always pay for my time to implement it. Problem solved.
Well c) isn't really the case in Mr. WhinyUser's second request, to add SHA256 hashes. He originally claimed it was "really easy" to do, but balked at actually providing any code unless the maintainers promised to accept it. A couple of days later Dan implemented the change -- without any help or thanks from Mr. WhinyUser.
I don't know that the union argument really works in the Linux distribution realm. After peeing in the community pool Mr. WhinyUser went off to a fork of Arch that supports signatures (for their additions only, which doesn't appear to address his original concerns about Arch repositories, but apparently for some the appearance of "security" is enough). But even if he didn't have that fork to go to, there was nothing stopping him from adopting one of the many Debian offshoots, or Redhat, or ... The Arch maintainer union -- really an odd term for a handful of unpaid volunteers -- have no control over his actions or desires, but there are plenty of Linux distribution alternatives out there.
I am with you on this and with IgnorantGuru on the issue (I don't even care about the lies).
There is no rational explanation that justify why a really major issue, or for that matter even simply an issue most users want, should not be implemented by the core developers for 6 freaking years. If you are too busy to code, you should step down and leave the position; same thing if you think the bug is not one of your personal priority: you are the maintainer and you have taken up a responsibility towards the users. Abandon if you cannot do it.
If the users were seriously demanding the feature, then at least someone would have stepped up to code it. It's my understanding that most of the users of Arch Linux are not exactly a technically challenged bunch.
There's also the lack of any chatter on the issue for long periods of time. If this was such a serious issue that so many users wanted, then why only a handful of discussions about it over the past 6 years?
I find it a little disturbing that you've just latched on to the part of the issue that hits home for you (developers ignoring a patch) and are ignoring other stuff (e.g.):
I don't care about the lies because what I need to know is that there is a major safety issue open since 2006 and the maintainer of the software have not fixed that yet.
I understand that people have their own schedules, I do maintain OSS myself: I am fine with developer taking months or even 1 year fixing stuff. 6-7 years is not justifiable though. If you didn't have time to code something important for an important piece of software you mantain in 6 years, you have no justification towards your user: don't pretend you do.
That’s the generalized response to the flawed argument “if you want it, why don’t you make it?” in open source. People specialize at tasks to hopefully increase the total effectiveness of a system to more than it would be if everyone did everything. However, this means that if the only people who have the power to do something unionize, other people can’t get that thing without agreeing to their demands.
You could say in this situation, the core devs of Arch “unionized” to demand either coding help or patience from those who want the feature. I’m not interested enough in this situation to be bothered to research whether this is a reasonable demand. If it is unreasonable, c) is the case, and if it is reasonable, a) or b) is, but that’s as far as I care to investigate.