Re: [josm-dev] JOSM Plugin no_more_mapping

2012-10-27 Thread colliar 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 20/10/12 23:22, Russell Edwards wrote:
> My 0.02 on this storm in a teacup.
> 
> Isn't all of this one of the key points about open source software?
> 
> The source is open. Ordinary users can place a degree of trust in it
> because others in the community will review code for safety.  And that's
> exactly what we've just seen on this list. Any ordinary user who doesn't
> trust others to do this for him/her can educate him/herself and vet the
> source code personally.

Exactly, open source.

I do not get it. Ilya already did write that he would extend/update the
warnings/docu.
* It is open source and every user is responsible for himself as this software
comes without warrenty.
* It is warning
* It is no malware

I do not see any reason for deleting the source and wonder that it needs only
one person to delete working code from svn.

Please, undelete it and open up a wider discussion about this issue.

Thanks
colliar
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEAREIAAYFAlCL3iwACgkQalWTFLzqsCsSOgCgy4Lt2P1Zeztgzfq6TW3YyTH2
rsgAn0Li01QNbbH+lVzeObt0bLkE0jIj
=wyjo
-END PGP SIGNATURE-

___
josm-dev mailing list
josm-dev@openstreetmap.org
http://lists.openstreetmap.org/listinfo/josm-dev

Re: [josm-dev] JOSM Plugin no_more_mapping

2012-10-27 Thread Frederik Ramm 

Hi,

On 27.10.2012 15:14, colliar wrote:

I do not see any reason for deleting the source


Maybe it was indeed an overreaction on my part to remove the source from 
SVN. Of course it is still accessible even if removed, but I have now 
reinstated it.


I am however adamant that removing the compiled jar file from the "dist" 
directory, and thereby from the list of downloadable plugins in JOSM, 
was right. There may be educational value in the source code, but there 
is no value in having the plugin offered in JOSM for download. The fact 
that we are Open Source and trying to create as little hurdles as 
possible (anyone can get an SVN account, anyone can add their plugins to 
the list, even anonymous website users can add pointers to whatever) 
does not mean that we're openly inviting shenanigans.


Only recently DWG had to block two vandals who were randomly deleting 
and falsifying data in OSM. When challenged, their response was: "Yeah, 
we were just testing your security, and you should really do something 
about that." - I wanted to yell: We don't have any security and that's 
by design, to make mapping easier for everyone, and it is people like 
you who in the end force us to erect all these barriers and make life 
harder on everyone, but thanks for all your help!


Same here. Some might find it a humorous way of pointing the finger at 
our vulnerabilities ("if someone runs this without looking then he was 
asking for it!") but I don't find it all that funny.



and wonder that it needs only
one person to delete working code from svn.


It only needs one person to add something bad, and this is by design - 
we don't want people to have to ask for permission first. Consequently, 
one person is also sufficient to remove something bad.


The alternative is having a "plugin task force" that approves all 
plugins (and every update on every plugin...) and that can also be asked 
to remove ones which are thought to be problematic.


Bye
Frederik

--
Frederik Ramm  ##  eMail frede...@remote.org  ##  N49°00'09" E008°23'33"

___
josm-dev mailing list
josm-dev@openstreetmap.org
http://lists.openstreetmap.org/listinfo/josm-dev