← Back to context

Comment by ogogmad

3 years ago

The problem is they've been aware of this very serious bug for more than a year, and haven't tried informing their users. So "Protonmail" in this context refers to the business, and the issues surrounding their responsibility, competence and ethics.

7 comments

ogogmad

Reply
NayamAmarshe  3 years ago

The business is just 'Proton' though, ProtonMail is one of their offerings.

  • coldtea  3 years ago

    Doesn't matter much, if most refer to them by ProtonMail, by their main product.

    Same way people would refer to "Facebook" meaning the whole of Meta

miohtama  3 years ago

If there is a critical issue with an open source software any user can fix it.

If no user steps up then it might not be that important issue in the first place.

  • coldtea  3 years ago

    Or it's important, but nobody has the skills/time/familiarity/acceptance from upstream maintainers combo.

    Compared to the FOSS origin myths, many huge projects, with tons of end users, including very foundational ones, like GTK+ and OpenSSL and such, are understuffed (or just 1-2 base maintainers heavily overworked, who do 99% of the work and can't take it anymore), and nobody cares or has the time to dive in and fix anything.

    Other projects that might have some person interested to bugfix, have maintainers that don't like contributions outside a clique, and ignore bugfixes submitted for years or forever.

    So, "any user can fix it" is sometimes just in principle, while actual users than can fix and do fix it are thin on the ground, and othertimes it's just an option for external patches, that will not be merged upstream.

    • miohtama  3 years ago

      When OpenSSL got and noticed to be critical, it was fixed, funded and also forked tons of time. So open source model works here.

      I gut feeling is that Protonmail Bridge is such an obscure project that no one really cares enough, and thus it cannot be “important” or “critical”.

      Alternatively, users have an option to change to another system if they are unhappy. Protonmail has no monopoly. But complaining about open source maintenance is not going to change anything. Especially complaining on HackerNews is ungentlemanly.

      1 reply →

  • lapser  3 years ago

    Proton-bridge is a premium product you only get by being a paid subscriber. If it is open source, they should not be expecting contributions. One pays to make sure issues like this can be fixed, they don't pay to fix the issue themselves.