Re: How to act on this mailing list [was: Re: Preparing 3.1.1 release]
ermouth - this isn’t much of an apology. You are making a lot of people unhappy which makes it really difficult to work effectively. Life is hard enough. Joan, I’m really sorry you have to deal with this. > On Aug 27, 2020, at 4:19 PM, ermouth wrote: > > Joan, my tone again made you unhappy. I feel it from your response, and I’m > really sorry. > > Anyway, the argument stands. Leaking CouchDB instance IPs to half-dozen > places, and trusting that places because ‘what can go wrong, they are good > guys’ is at least a strange attitude. > > And I still think that a newsfeed on subdomain should have its own favicon. > Yes, it should. > >> Why didn't you bring this up sooner? > > I did, 2 month ago. > >> The absolute best way you could *HELP* address this is to code a fix. > > I have another CouchDB admin panel to maintain, sorry. And anyway, I think > the button/iframe should be removed in favor of direct link to newsfeed at > the bottom of left panel. > > ermouth > > > чт, 27 авг. 2020 г. в 22:12, Joan Touzet : > >> This email stuck with me overnight, and I want to address why. ermouth, >> your attitude in this email was poor, and I'd like to give you the >> opportunity to revise it. >> >> On 2020-08-26 6:45 p.m., ermouth wrote: The blog is controlled by the CouchDB PMC. No one outside of the PMC or >>> who they authorize has access to it. >>> >>> This is about wordpress server where the blog lives. >> >> Why didn't you bring this up sooner? Why wait until now? This doesn't >> give anyone the chance to address your concerns, and furthermore, comes >> across as arguing in bad faith. >> >>> The server is >>> maintained so impressively, >> >> Actually, it is. It's hosted at wordpress.org. I would expect them to do >> the absolute best job of hosting WordPress, wouldn't you? >> >>> that shows default wordpress favicon for years >> >> Because it's run at wordpress.com. So what? I don't actually know if we >> can customize the favicon there, but honestly, given they provide the >> service to us for free, I have zero objections to them using the favicon >> as a teeny tiny bit of advertising for another open source project. >> >> How is the presence or absence of a favicon any indication of whether or >> not the server is being managed well? This is arguing in bad faith. >> >>> and responds with x-hacker header, promoting jobs aggregator. >> >> For the company that provides us with free blog hosting. >> >> The same thing is over at docs.couchdb.org for readthedocs.org, and no >> one's ever complained about that - arguably, that site gets more clicks >> than the blog does. >> >>> It implies an >>> obvious question about how reliable is the server in terms of injections >>> and logs protection. >> >> Now that you know the above, do you still want to make this argument? >> >>> Also the blog pings gravatar, not good. >> >> For its own content, yes. And I get that you don't want to leak the IP >> address of standalone CouchDBs - that is a valid concern, to which two >> options have been proposed. The absolute best way you could *HELP* >> address this is to code a fix. >> >>> If you don't want to display it, don't click on it, and the iframe won't >>> >>> This is not how things are protected, and I know that you know about it. >> >> This isn't how you treat people who run the community you claim to >> participate in. Nor is this the first time you've acted this way towards >> *volunteer developers*. >> >> Kindly choose your words more carefully, and think ahead about how to >> make a meaningful contribution here. Complaining endlessly is not >> earning you any merit, and the tone you've taken actually does you a >> disservice. If you push this attitude any farther, you're liable to end >> up in people's killfiles / junk mail folders...or worse. >> >> -Joan "PMC hat on" Touzet >>
Re: How to act on this mailing list [was: Re: Preparing 3.1.1 release]
Joan, my tone again made you unhappy. I feel it from your response, and I’m really sorry. Anyway, the argument stands. Leaking CouchDB instance IPs to half-dozen places, and trusting that places because ‘what can go wrong, they are good guys’ is at least a strange attitude. And I still think that a newsfeed on subdomain should have its own favicon. Yes, it should. > Why didn't you bring this up sooner? I did, 2 month ago. > The absolute best way you could *HELP* address this is to code a fix. I have another CouchDB admin panel to maintain, sorry. And anyway, I think the button/iframe should be removed in favor of direct link to newsfeed at the bottom of left panel. ermouth чт, 27 авг. 2020 г. в 22:12, Joan Touzet : > This email stuck with me overnight, and I want to address why. ermouth, > your attitude in this email was poor, and I'd like to give you the > opportunity to revise it. > > On 2020-08-26 6:45 p.m., ermouth wrote: > >> The blog is controlled by the CouchDB PMC. No one outside of the PMC or > > who they authorize has access to it. > > > > This is about wordpress server where the blog lives. > > Why didn't you bring this up sooner? Why wait until now? This doesn't > give anyone the chance to address your concerns, and furthermore, comes > across as arguing in bad faith. > > > The server is > > maintained so impressively, > > Actually, it is. It's hosted at wordpress.org. I would expect them to do > the absolute best job of hosting WordPress, wouldn't you? > > > that shows default wordpress favicon for years > > Because it's run at wordpress.com. So what? I don't actually know if we > can customize the favicon there, but honestly, given they provide the > service to us for free, I have zero objections to them using the favicon > as a teeny tiny bit of advertising for another open source project. > > How is the presence or absence of a favicon any indication of whether or > not the server is being managed well? This is arguing in bad faith. > > > and responds with x-hacker header, promoting jobs aggregator. > > For the company that provides us with free blog hosting. > > The same thing is over at docs.couchdb.org for readthedocs.org, and no > one's ever complained about that - arguably, that site gets more clicks > than the blog does. > > > It implies an > > obvious question about how reliable is the server in terms of injections > > and logs protection. > > Now that you know the above, do you still want to make this argument? > > > Also the blog pings gravatar, not good. > > For its own content, yes. And I get that you don't want to leak the IP > address of standalone CouchDBs - that is a valid concern, to which two > options have been proposed. The absolute best way you could *HELP* > address this is to code a fix. > > > If you don't want to display it, don't click on it, and the iframe won't > > > > This is not how things are protected, and I know that you know about it. > > This isn't how you treat people who run the community you claim to > participate in. Nor is this the first time you've acted this way towards > *volunteer developers*. > > Kindly choose your words more carefully, and think ahead about how to > make a meaningful contribution here. Complaining endlessly is not > earning you any merit, and the tone you've taken actually does you a > disservice. If you push this attitude any farther, you're liable to end > up in people's killfiles / junk mail folders...or worse. > > -Joan "PMC hat on" Touzet >
How to act on this mailing list [was: Re: Preparing 3.1.1 release]
This email stuck with me overnight, and I want to address why. ermouth, your attitude in this email was poor, and I'd like to give you the opportunity to revise it. On 2020-08-26 6:45 p.m., ermouth wrote: The blog is controlled by the CouchDB PMC. No one outside of the PMC or who they authorize has access to it. This is about wordpress server where the blog lives. Why didn't you bring this up sooner? Why wait until now? This doesn't give anyone the chance to address your concerns, and furthermore, comes across as arguing in bad faith. The server is maintained so impressively, Actually, it is. It's hosted at wordpress.org. I would expect them to do the absolute best job of hosting WordPress, wouldn't you? that shows default wordpress favicon for years Because it's run at wordpress.com. So what? I don't actually know if we can customize the favicon there, but honestly, given they provide the service to us for free, I have zero objections to them using the favicon as a teeny tiny bit of advertising for another open source project. How is the presence or absence of a favicon any indication of whether or not the server is being managed well? This is arguing in bad faith. and responds with x-hacker header, promoting jobs aggregator. For the company that provides us with free blog hosting. The same thing is over at docs.couchdb.org for readthedocs.org, and no one's ever complained about that - arguably, that site gets more clicks than the blog does. It implies an obvious question about how reliable is the server in terms of injections and logs protection. Now that you know the above, do you still want to make this argument? Also the blog pings gravatar, not good. For its own content, yes. And I get that you don't want to leak the IP address of standalone CouchDBs - that is a valid concern, to which two options have been proposed. The absolute best way you could *HELP* address this is to code a fix. If you don't want to display it, don't click on it, and the iframe won't This is not how things are protected, and I know that you know about it. This isn't how you treat people who run the community you claim to participate in. Nor is this the first time you've acted this way towards *volunteer developers*. Kindly choose your words more carefully, and think ahead about how to make a meaningful contribution here. Complaining endlessly is not earning you any merit, and the tone you've taken actually does you a disservice. If you push this attitude any farther, you're liable to end up in people's killfiles / junk mail folders...or worse. -Joan "PMC hat on" Touzet
Re: Preparing 3.1.1 release
In ermouth's defence, I also think that the PR was merged prematurely. But adding a button with a warning that then conditionally loads the iframe should not be a lot of work and I'm happy to review a PR there. Cheers Jan — > On 27. Aug 2020, at 01:05, Joan Touzet wrote: > > A PR to disable the tab via an ini file setting would absolutely be merged. > Why not work on one? > > On 2020-08-26 6:45 p.m., ermouth wrote: >>> The blog is controlled by the CouchDB PMC. No one outside of the PMC or >> who they authorize has access to it. >> This is about wordpress server where the blog lives. The server is >> maintained so impressively, that shows default wordpress favicon for years >> and responds with x-hacker header, promoting jobs aggregator. It implies an >> obvious question about how reliable is the server in terms of injections >> and logs protection. >> Also the blog pings gravatar, not good. >>> If you don't want to display it, don't click on it, and the iframe won't >> This is not how things are protected, and I know that you know about it. >> ermouth >> чт, 27 авг. 2020 г. в 00:55, Joan Touzet : >>> At the moment, I have no plan to update Fauxton for 3.1.1. >>> >>> The blog is controlled by the CouchDB PMC. No one outside of the PMC or >>> who they authorize has access to it. >>> >>> If you don't want to display it, don't click on it, and the iframe won't >>> load. >>> >>> -Joan >>> >>> On 2020-08-26 11:57 a.m., ermouth wrote: Is that very unsafe PR https://github.com/apache/couchdb-fauxton/pull/1284 going to be included into 3.1.1? If it will, who exactly controls the wordpress site with those “news”? ermouth вт, 25 авг. 2020 г. в 23:45, Joan Touzet : > Hello there, > > I have time to get together a 3.1.1 release now. If you have any > pressing things to get into 3.x, or anything that's on master that > should be backported, please open your PRs now. > > -Joan "Labor Day! Schools are out and pools are open!" Touzet > >>>
