Comments (9)
I've submitted my changes as patches over a year ago and got no response: https://nest.pijul.com/pijul/thrussh/discussions/69
extra safety guarantees
refers to removing all sources of panicking in the library such as .expect()
, .unwrap()
and unchecked indexing - it's explained in the readme
from russh.
I must admit I didn't imagine that someone would want to contribute to Thrussh and at the same time find it "unreasonably hard" to install a Rust crate and type two commands (especially when the alternative is something as broken as Git).
I was actually excited to try something other than Git and Mercurial for once, but dang, with user support like this, I wonder why more people aren't using it.
by refusing, for purely ideological reasons, to use the tools used by the community
something as broken as Git
Ironic, isn't it?
I've tried my best to get it to work and failed anyway. So maybe instead of assuming "ideological reasons" behind someone else's actions, you should have focused on making Pijul work.
from russh.
I've submitted my changes as patches over a year ago and got no response: https://nest.pijul.com/pijul/thrussh/discussions/69
I see no change submitted in that discussion, only links to diffs. I don't think you would accept PRs to this repo formatted as links to diffs against an unnamed commit. Also, you started this fork before submitting these.
extra safety guarantees refers to removing all sources of panicking in the library such as .expect(), .unwrap() and unchecked indexing - it's explained in the readme
Did you identify places where an .unwrap()
or .expect()
can cause a safety problem? I believe all unwraps are legit in Thrussh, since the panicking branch is unreachable.
I would suggest reformulating your "extra safety guarantees" as "using more lints (from Clippy)".
from russh.
I don't think you would accept PRs to this repo formatted as links to diffs against an unnamed commit. Also, you started this fork before submitting these.
This is beyond the point. You've made it unreasonably hard to contribute by rolling your own VCS and failed to communicate back when offered a changeset in alternative way. If you look at the URLs in the post, you can see that I haven't even renamed the repo at the time and have only been using it as code storage.
Did you identify places where an .unwrap() or .expect() can cause a safety problem? I believe all unwraps are legit in Thrussh, since the panicking branch is unreachable. I would suggest reformulating your "extra safety guarantees" as "using more lints (from Clippy)".
I mean things like line 341 where a misbehaving server causes the library to panic, or .unwrap()
on file I/O like on line 325 Anyway, changed the wording ✌️
from russh.
This is beyond the point. You've made it unreasonably hard to contribute by rolling your own VCS and failed to communicate back when offered a changeset in alternative way.
This was exactly on point, actually: one of the reasons I've published Thrussh as open source was to encourage people to use Pijul by contributing to interesting repositories. I must admit I didn't imagine that someone would want to contribute to Thrussh and at the same time find it "unreasonably hard" to install a Rust crate and type two commands (especially when the alternative is something as broken as Git).
Actually, you made it hard to accept your contributions by refusing, for purely ideological reasons, to use the tools used by the community around that library.
I mean things like line 341 where a misbehaving server causes the library to panic, or .unwrap() on file I/O like on line 325
Indeed, that sort of things is usually fixed in the open source community by submitting changes, or at the very least bug reports. No need to go through the "unreasonable" pain of running cargo install
for that, you already submitted one, I know you were able to do it.
from russh.
with user support like this, I wonder why more people aren't using it
Maybe because this was never directly reported as an issue in the Pijul or Thrussh repos, nor even mentioned or discussed in the community platforms (Zulip, Discourse)?
Ironic, isn't it?
I don't see why, but maybe you could explain the irony.
from russh.
@P-E-Meunier guess it just doesn't get better than straight up lying in an invite-only community where you know you won't get called out: https://lobste.rs/s/bikpmo/russh_rust_ssh_client_server_library
The original motivation for the fork was aggressive (they didn’t talk to us initially) and was motivated by a misunderstanding of whether a feature was present or not.
hostile forks by people just adding micro-features and claim ownership
forking it to [...], claim ownership of my work
“More secure” and “up to date” was in their README at some poin
from russh.
So, now in addition to being a terrible person for being upset that you never upstreamed your changes, I'm also a liar and conspiring against you.
Did I lie by saying it was in the readme rather than in this issue? I'm so sorry.
Also, why not quote me completely? For example when I wrote the following:
(note that I’m not even complaining about the fork, just about how its hostile nature: never contributing anything back)
from russh.
So, now in addition to being a terrible person for being upset that you never upstreamed your changes, I'm also a liar and conspiring against you.
Yes, unless you want to explain why you're spreading literal false information.
Did I lie by saying it was in the readme rather than in this issue? I'm so sorry.
It's literally in neither, at any point of time.
Also, why not quote me completely?
(note that I’m not even complaining about the fork, just about how its hostile nature: never contributing anything back)
Because I didn't want to embarrass you more than necessary, as that's literally in my first response
You've simply ignored the contributions offered, so I just assumed that the project that hasn't had a commit in 6 months at that point in time is unmaintained, forked it, and kept silently working on my project that I needed the library for - until you have opened this issue to cry about getting forked, and only then resumed work on thrussh, 1.5 years since the last update.
You're welcome to pull in all of my changes, in fact, if you do, I'll replace this crate with a placeholder pointing to thrussh.
from russh.
Related Issues (20)
- 100% cpu usage when send data with channel.data HOT 6
- How to serve a basic shell #2 HOT 10
- `decode_pkcs5` does not remove padding HOT 2
- `write_key_v1` writes `ed25519` key incorrectly HOT 1
- Missing ciphers HOT 2
- Blocking API
- russh-config: Opinion: deprecate parse_home() and add crate documentation that it parses an OpenSSH-like format HOT 1
- Incorrect sha2 hash function for ecdh-sha2-nistp{384,521}
- The new `Handler` definition makes it harder to build state machines HOT 2
- Support for SCP protocol
- FEATURE REQUEST: add a Geller Field when ssh
- TryFrom<PrivateKey> for KeyPair: RSA assumes SHA512 HOT 3
- `russh::server::Server::handle_session_error` seems to reference the new client instance rather than the one with the failed session HOT 5
- ERROR - Unsupported key type ssh-rsa HOT 2
- Host key checking is lazy
- Error with CryptoVec
- streamlocal-forward support HOT 3
- Why is String being used for Paths? HOT 1
- Unclear interaction between inactivity timer and server keepalive
- Shutdown ssh server HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from russh.