Comment by geofft
5 years ago
> A lot of people are complaining that the code is unsafe while the author thought it was safe enough for them. How many nines is safe, depends on the person.
There's a very precise definition of this, it's not a matter of opinion. The code exposed a public API that was not marked "unsafe" that allowed you to construct (definitely intentionally, perhaps unintentionally) two mutable references to the same object.
> So this guy is happy to rely on code he hasn't even looked at and then gets upset when that code is unreliable. This is not a reasonable expectation.
This is a hostile misinterpretation of what actually happened. The bug reporter actually looked at the code, determined it was unsafe, and reported a bug. That's what everyone wants an OSS user to do.
> The bug reporter actually looked at the code, determined it was unsafe, and reported a bug. That's what everyone wants an OSS user to do.
No again this is end user entitlement, you are not an end user you are a developer, if you discover a bug you are supposed to provide a patch to fix it not expect some one else to fix it for you.
If you depend on some one else's code it is your job to do due diligence on that dependency, no one did and it came back to bite them. People need to stop blaming every one else and learn from their own mistakes.
Which is what the end user did! The maintainer rejected the patch as "boring" despite being given concrete example of how UB could be triggered and how the patch would fix it.
Another user provided a patch, the patch got called "boring" by the maintainer, a passerby snapped with offensive personal attacks and the rest is history.
The Actix website encourages end users to report bugs: "If you think you found a bug it's best to go to the github directly."
If you're claiming that taking those directions seriously is entitlement and that it's less entitled to second-guess the maintainer and do what you think they meant even if it's the opposite of what they said....