The GNUTLS bug was found, it was fixed and people were upset obviously. What I cannot understand is that when people complained about that, open source developers and their supporters(I’m not sure about the GNUTLS people, but unrelated open source people) started saying “if you don’t like it, don’t use it” and asking why users didn’t test for a crypto bug they wouldn’t even know how to look for.
This argument is ridiculous. When your software fails me, whether it be GNUTLS exposing me to man in the middle attacks, firefox crashing on me while trying to submit an assignment, or libreoffice losing two hours of my work I can complain about it. Sure there’s no point since what happened happened but the least open source devs can do is own up to their mistakes. What good is it to switch to something else when my data has already been stolen or my work has already been lost?
Instead they complain about why the users aren’t contributing, making it their fault that these mistakes happen. Guys, you’re people, you make mistakes, we get that but don’t blame us for something that is totally on you. We know the software is provided as is without warranty but we’re just putting it out there that we are upset that this has happened.
Be accountable like adults instead of blaming others like children.
@joe Yeah that’s great and all but what if I’m not a programmer? Especially in crypto software how would the average joe know what to look for? Most people are not capable of contributing code or bug reports.
The recurring themes are “it’s not a bug it’s a feature” and “code it yourself you lazy douchebag”. Neither are very constructive.
@neuro I was just disappointed that even high profile open source devs share this view.
I think part of the problem lies in the fact that some programmers interpret that open sourcing their code means someone else will be responsible for testing it. Better summed as “I built it, you test it” syndrome. This type of behavior ensures no one really looks at the code. If people feel like they are part of a team then they are more likely to see issues better. Another part of it is that there’s been a failure to design good processes (e.g. processes that allow for easy identification of issues and reporting of said issues). It’s hard to fix anything without clearly understanding the issues which is relying on the user being able to communicate the issue without being frustrated. Anger leads to the forgetting of important details.
Please respect our code of conduct which is simple: don't be a dick.
