Explain the reasons of the fork better about russh HOT 9 CLOSED

I've submitted my changes as patches over a year ago and got no response: https://nest.pijul.com/pijul/thrussh/discussions/69

extra safety guarantees refers to removing all sources of panicking in the library such as .expect(), .unwrap() and unchecked indexing - it's explained in the readme

from russh.

I must admit I didn't imagine that someone would want to contribute to Thrussh and at the same time find it "unreasonably hard" to install a Rust crate and type two commands (especially when the alternative is something as broken as Git).

I was actually excited to try something other than Git and Mercurial for once, but dang, with user support like this, I wonder why more people aren't using it.

by refusing, for purely ideological reasons, to use the tools used by the community

something as broken as Git

Ironic, isn't it?

I've tried my best to get it to work and failed anyway. So maybe instead of assuming "ideological reasons" behind someone else's actions, you should have focused on making Pijul work.

from russh.

I've submitted my changes as patches over a year ago and got no response: https://nest.pijul.com/pijul/thrussh/discussions/69

I see no change submitted in that discussion, only links to diffs. I don't think you would accept PRs to this repo formatted as links to diffs against an unnamed commit. Also, you started this fork before submitting these.

extra safety guarantees refers to removing all sources of panicking in the library such as .expect(), .unwrap() and unchecked indexing - it's explained in the readme

Did you identify places where an .unwrap() or .expect() can cause a safety problem? I believe all unwraps are legit in Thrussh, since the panicking branch is unreachable.

I would suggest reformulating your "extra safety guarantees" as "using more lints (from Clippy)".

from russh.

I don't think you would accept PRs to this repo formatted as links to diffs against an unnamed commit. Also, you started this fork before submitting these.

This is beyond the point. You've made it unreasonably hard to contribute by rolling your own VCS and failed to communicate back when offered a changeset in alternative way. If you look at the URLs in the post, you can see that I haven't even renamed the repo at the time and have only been using it as code storage.

Did you identify places where an .unwrap() or .expect() can cause a safety problem? I believe all unwraps are legit in Thrussh, since the panicking branch is unreachable. I would suggest reformulating your "extra safety guarantees" as "using more lints (from Clippy)".

I mean things like line 341 where a misbehaving server causes the library to panic, or .unwrap() on file I/O like on line 325 Anyway, changed the wording ✌️

from russh.

This is beyond the point. You've made it unreasonably hard to contribute by rolling your own VCS and failed to communicate back when offered a changeset in alternative way.

This was exactly on point, actually: one of the reasons I've published Thrussh as open source was to encourage people to use Pijul by contributing to interesting repositories. I must admit I didn't imagine that someone would want to contribute to Thrussh and at the same time find it "unreasonably hard" to install a Rust crate and type two commands (especially when the alternative is something as broken as Git).

Actually, you made it hard to accept your contributions by refusing, for purely ideological reasons, to use the tools used by the community around that library.

I mean things like line 341 where a misbehaving server causes the library to panic, or .unwrap() on file I/O like on line 325

Indeed, that sort of things is usually fixed in the open source community by submitting changes, or at the very least bug reports. No need to go through the "unreasonable" pain of running cargo install for that, you already submitted one, I know you were able to do it.

from russh.

with user support like this, I wonder why more people aren't using it

Maybe because this was never directly reported as an issue in the Pijul or Thrussh repos, nor even mentioned or discussed in the community platforms (Zulip, Discourse)?

Ironic, isn't it?

I don't see why, but maybe you could explain the irony.

from russh.

@P-E-Meunier guess it just doesn't get better than straight up lying in an invite-only community where you know you won't get called out: https://lobste.rs/s/bikpmo/russh_rust_ssh_client_server_library

The original motivation for the fork was aggressive (they didn’t talk to us initially) and was motivated by a misunderstanding of whether a feature was present or not.

hostile forks by people just adding micro-features and claim ownership

forking it to [...], claim ownership of my work

“More secure” and “up to date” was in their README at some poin

from russh.

So, now in addition to being a terrible person for being upset that you never upstreamed your changes, I'm also a liar and conspiring against you.

Did I lie by saying it was in the readme rather than in this issue? I'm so sorry.

Also, why not quote me completely? For example when I wrote the following:

(note that I’m not even complaining about the fork, just about how its hostile nature: never contributing anything back)

from russh.

So, now in addition to being a terrible person for being upset that you never upstreamed your changes, I'm also a liar and conspiring against you.

Yes, unless you want to explain why you're spreading literal false information.

Did I lie by saying it was in the readme rather than in this issue? I'm so sorry.

It's literally in neither, at any point of time.

Also, why not quote me completely?

(note that I’m not even complaining about the fork, just about how its hostile nature: never contributing anything back)

Because I didn't want to embarrass you more than necessary, as that's literally in my first response

You've simply ignored the contributions offered, so I just assumed that the project that hasn't had a commit in 6 months at that point in time is unmaintained, forked it, and kept silently working on my project that I needed the library for - until you have opened this issue to cry about getting forked, and only then resumed work on thrussh, 1.5 years since the last update.

You're welcome to pull in all of my changes, in fact, if you do, I'll replace this crate with a placeholder pointing to thrussh.

from russh.