Comment by tsukurimashou

> if I see you approaching a door, I am under no obligation to open it just because I'm physically able to, but if I open a door for you, I'd better hold it until you're finished walking through, or I'm a jerk. By holding the door open, I've made an implicit promise that I'm not going to close it on you.

This reminds me of an incident years ago. I was on a city bus, very full of people, and we were just about to leave a stop. There's a woman maybe 150 feet away running towards the bus. The driver sees her running and re-opens the door, waiting. Inconvenience to all of us on the bus, but hey, she's running.

The woman, seeing the bus has waited for her, stops running and starts slowly walking instead.

Driver sighs, closes the door, drives away.

I'm not sure what the moral lesson I take from it is, but mainly "if I go out of my way to help you, don't take advantage of my generosity". Maybe that partially applies to situations like this one. Or maybe just "don't annoy transit operators". That's a good one too.

He held the door open for a lot of people. Some people spit at him as they walked through. He doesn't want to hold the door open any more, he's done it enough. He didn't sign up to be a doorman for life.

> It's absolutely correct that people don't have obligations simply by putting some code online. But they do have obligations when they start telling people to use their code. We understand this as humans even in realms far from open source: if I see you approaching a door, I am under no obligation to open it just because I'm physically able to, but if I open a door for you, I'd better hold it until you're finished walking through, or I'm a jerk. By holding the door open, I've made an implicit promise that I'm not going to close it on you.

Exactly.

Like it or not, there are implicit social contracts if you maintain OSS software.

Yes I've read the birdseed of the various licenses.

I know this will whip up the oft-suffering maintainers and developers in here. But this is the exact kind of trope that stymies wider FOSS adoption.

The artifacts of these little meltdowns are exactly the kinds of things your upper management will cite the next time you suggest using FOSS vs. whatever vendor they're about to push down your throat.

Ignoring security conventions, and then adopting a "take my ball and go home attitude" isn't a ringing endorsement for adopting FOSS, unless it's run by a large entity.

I'm not saying the author should have to endure abuse or harassment, but consistently pushing unsafe code into a web-framework, being cavalier about trivial and widely accepted coding conventions, and dismissing patches as "boring" is exactly how you end up with NPM Ecosystem v2

If some one opens the door for you that was nice of them, they did your work for you, they have no ongoing obligation to maintain the door in an open state.

If some one give you their code that was nice of them, they wrote your code for you, they have no ongoing obligation to maintain your code.

by simply giving you their code they have already provided you with value, a head start for nothing in return, they have opened the door for you, the rest is up to you.

Well put. I’d add on to your metaphor: slamming the door on someone is quite different than just not holding it open anymore. The second is totally acceptable; the first is impolite.

If someone is relying on your code, that means they have their own copy of it.

You're not obligated to keep your copy online.

I absolutely agree with this. The author has spent an insane amount of time to build all this stuff and instead of getting recognition and/or being payed adequately he is getting shitstorm after shitstrom.

As an outsider I have to say that I think what the Rust community has technically achieved is remarkable. But on the social side it is not so bright, avid Rust users constantly spam forums of other programming languages with toxic comments. But this incident shows that the situation is even worse than expected, the Rust community even treats its own peers like sh..

Well, it's easy to get confused when you look at the professional looking website with a well crafted logo, a promo list of features and a copyright notice from the "The Actix Team". The community page even says "We're a welcoming community so don't be afraid to engage.". Ouch!

> It's a personal project.

If you create an organization on GitHub for a project that is meant to remain personal, this kinda sends a wrong signal.

Blaming some users for being rude and entitled, and then deleting an open source repo out of spite... it's a bit hard to feel sympathy for the guy here.

Exactly. It can be argued it's unprofessional to become dependent on third-party software without any background recherche regarding the maintainer's motivation, team size, financial standing, etc., especially when said third-party software isn't a replaceable, standards-based component such as, say, Java Servlet containers and other web components used to be.

Professional pursuits are things related to a vocation, not directly tied to an exchange of money for every interaction under consideration. If you're in the industry of software development, and tie your identity to an open source project, it is de facto professional.

In this example it is held as a significant accomplishment on this individual's linkedin page. Which isn't surprising as professional credibility is a primary motivation driving a lot of open source involvement. We are seeking a different, less direct form of compensation.

So it's fair to say that acting like this is unprofessional.

That doesn't mean it isn't merited, or that they might have been frustrated or had good reason. But professionally they would have been much better served by other means: Simply announcing that they're retiring from the project and encouraging forking and the percolation of a new canonical version, etc.

> And this seems like a perfectly personal thing to do with something that's preventing happiness.

Sure, if you want to spread the misery. That's still kind of a dick move, even if he's perfectly within his rights.

> If you offer code to the public – and present it as an active, dependable project – professional behavior is exactly what you implicitly promise and signed up for. If you can’t offer that (at any time, and for any reason), then you should immediately make that clear, front-and-center, to any current and future users.

As far as I can tell, this project was released under the Apache License 2.0.

https://github.com/actix/examples/blob/master/LICENSE

Clause 7 of said license says the following:

"7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License."

Other popular free software licenses (namely the GLP) have very similar clauses.

> It isn’t “entitlement” on part of the users – the users are making reasonable expectations based on promises implicitly made by the the project as it is presented.

Expecting labour from someone without paying them is the very definition of entitlement.

Or to put it another way:

As an open source maintainer, you're perfectly entitled to just walk away. Hit that archive button on github so nothing new can come from the repo, and enjoy your life. Nobody could fault on you that. People would prefer you work out a clean transition to a new maintainer, but you have no obligation to do so.

Deleting the repos is the equivalent of setting the house on fire on the way out (especially when they're under their own org). Unlike in reality, it turns out it's totally permitted, but people will still view it as a dick move.

> professional behavior is exactly what you implicitly promise and signed up for. If you can’t offer that (at any time, and for any reason), then you should immediately make that clear, front-and-center, to any current and future users.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

It's in big capital letters there. Explicitly no implied promises.

> It isn’t “entitlement” on part of the users – the users are making reasonable expectations based on promises implicitly made by the the project as it is presented

That is almost literally the definition of entitlement

To assume certain conditions that are not explicitly laid out without even talking to the person providing you the service is literally entitlement. It seems like you've made assumptions that turned out wrong. I've fallen for it too in the past. Not everyone thinks the same thing so people's assumptions are always different. The key thing is, when your assumptions don't turn out true, to learn from it.

In the case of open source, it's worth asking the maintainer what the terms are if you're unsure. The LICENSE always says that authors and contributors are not liable for any outcome, either as an ALL CAPS paragraph or a clearly defined section.

Everything is provided as-is so you can't expect anything. It's on you to pick up after them if you still need the project.

No you don’t. You aren’t alone in assuming that, but it’s an entirely unreasonable expectation. And as evidenced by this exact thread, people like you cause good developers to stop maintaining their projects. Your attitude harms our community.

Practically speaking, if I give you some work I did for free yesterday, and give you some work I do for free today, that does not entitle you to free work from me tomorrow. It does not entitle you to free support on the code I’ve published already. I owe you my time when you’re paying for it. Until then, if I have made something you found valuable you are in my debt for its use. Not the other way around.

As a user of my software I generally give you two rights - you have the right to use the code in your project, and the right to fork the project. And as the maintainer, I have the right to spend my time however I want for the rest of my short life on earth. If the beach looks like more fun than putting up with entitled complaints on github and HN, that is my right.

Strongly disagree. For me, what's implicit is that any software, commercial or F/OSS, can be abandoned at any time - because that's just the way it is. A remedy would be to use software coded to a specification with mulitple implementations such that in case a project folds, you might be able to switch over to a different implementation. The Java EE ecosystem used to be like that until around 2012 or so.

I've never heard of "implicit promises". For me a promise is by definition explicit. Anything else are assumptions, in this case false assumptions.

Yeah, no.

If you put your code out there open, it's still your code. If people start to rely on it, they need to be ready to maintain their branch.

I do not think these expectations are reasonable. This line of thinking is definitely the core issue of the problem.

>If you offer code to the public – and present it as an active, dependable project

Not familiar with the project or Rust Ecosystem. Anyone else can comment whether it was presented / marketed / sold as an "active, dependable project" ?

As someone more used to the Ruby Rails ecosystem, I think the communities as a whole generally accept the convention that all open sources, whether they are backed by a single person or cooperate account, are given out as it is ( MIT ) and their maintainer or author will do the support or development as they could when they are FREE. And it is perfectly acceptable of forking it to make your own variation or improvement.

> you implicitly promise and signed up for

Think about this. Do you really think it makes any sense to try to hold people to promises inferred by alternate parties that aren’t even providing any consideration in return?

Just think about that.

> professional behavior is exactly what you implicitly promise and signed up for.

Wise up. Professionals get paid, if you aren't paying some one they are not a professional. This is the reason why opensource projects provide professional support for pay, for professionals who need professional support.

I think that's made pretty clear in pretty much every open source license: "Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND".

> you should immediately make that clear, front-and-center, to any current and future users.

like, for example, in a license file?

> Did the maintainer screw over people that were using Actix? Very likely.

How so? Just find a fork with a decent maintainer, or push your copy to your own repo. Let the Actix guy do his thing and move on with life.

In open source you give and take. The actix author almost certainly (unless they deploy their own kernel) has profited immensely from other peoples work. This is because as a community we have realized that we don't sell libraries, we sell stuff build with them, so we all win when we share.

It is your choice to use open source software without open sourcing your own work or without contributing.

But by engaging in open source you engage in a social contract, you become part of a community whose goal it is to foster collaboration and help one another, other people start to rely on you, just as you rely on their libraries, compilers, and kernels.

The author choose to break that social contract out of spite. He created a scenario where people choose to rely on him, when they could have relied on other works, and then screwed them over majorly.

You basically can. The cost of free stuff like this is "be nice to the guy giving it to you" or at least don't be actively abusive about it. If the community won't pay that price, expect it to evaporate.

You can retract it. He just did it. You can take down any webpage under your control. I could delete this comment later if I like. You could delete yours. etc.

The point of open source is that people can maintain their own forks etc. There's plenty of mirrors of actix I'm sure.

Why?

Dude, sorry to break this to you! But basically any widely used software is supported by major companies just to avoid this problem.

Libraries, compilers and kernels alike.

If you want to rely on software being there, you should be ready to pay for people to support it.

> This is because as a community we have realized that we don't sell libraries, we sell stuff build with them, so we all win when we share.

It is clear to me that is not true anymore. It is really hard to find open source project without clear direct financial incentives.

Again, as a community, we should start to pay for the components we use.

> has profited immensely from other peoples work

Have they? how much $$$ profit did they make?

You aren't paying for shit and yet you think they are making a profit and you are entitled to professional support? Wise up.