Comment by mid-kid
1 year ago
After reading the executive summary I have no idea what it's about, and no desire to keep reading. Then again, I think I've been burned out on all these open letters to different projects over the years.
1 year ago
After reading the executive summary I have no idea what it's about, and no desire to keep reading. Then again, I think I've been burned out on all these open letters to different projects over the years.
Reading the rest of the document doesn't feel very illuminating either. As near as I can tell, the guy who made Nix is apparently also involved in a startup/company that also acts as a contributor of Nix and a distributor of some version of it. There's some concerns over a military contractor that uses Nix and sponsored a recent Con, and some potential conflict of interest between the the Nix creator as the head of the Nix project, and that person as an employee of a company allegedly tied to the sponsor.
And then there's a lot of referencing various "bad behaviors", but being honest, those seem the weaker points. Of the two I've looked through the links for, the one about not expanding the commit/PR approval team for CPPNix looks especially like prudent caution in light of what we know about how the xz thing played out recently, and the one regarding a PR that was ignored for "quite a while" reads (as an outsider to all of this) worse for the authors of this open letter. First, if the dates on the PR are correct, "quite a while" apparently means less than 1 day. And while the issue might indeed be something that needs to be reverted the PR author comes across quite hostile to everyone else trying to understand the use case, and there's a LOT of snark about breaking stable behavior. If this is frustration boiling over from repeated prior experiences, I hope the people the letter is aimed at have that context because to someone coming in cold, this is a terrible example.
The commit bit isn't about security, it's about control. There is no way open source projects can never give out commit bits again due to xz. And xz doesn't have an active team with multiple people in it so it doesn't really make sense to compare them.
Not sure what you are talking about wrt the dates. Why did you ignore the Meson example? And here is another example: https://mastodon.delroth.net/@delroth/112310645064859357 This is a guy who has implicit authority to veto anything. Sometimes he does so, and sometimes he just comments on something perhaps not necessarily intending to veto it but that is what happens anyway.
Of course it's about control, it's in the name "source control". As an outside observer who only has the links provided available as information, I don't have insight into the actual motivations of the people in question, so without speculating beyond what's been presented how do I know the people who want and don't have control are the people that should have control? In light of what we know about how the XZ attack happened, I'm not inclined to look unfavorably on project owners being reluctant about expanding who has access to the projects source control, and certainly not when that reluctance is in the face of a coordinated pressure campaign complaining about a lack of speed.
As for the dates, I am talking about this bullet point from the letter, quoted in full:
> puck having to remind him multiple times to even read her PR message at
> all and think about if he could be mistaken
> https://github.com/NixOS/nix/pull/9911#issuecomment-19252073...
> (after eelco ignored the PR for quite a while, also!)
Clicking that link takes us to a PR that was opened on 2024-02-02. The initial response from the Nix author comes 7 minutes later. Puck has multiple back and forths with other members Github, but her next interaction with the Nix author comes the next day on 2024-02-03. This is also the first time in the conversation where she "reminds him ... to even read her PR message". There's a second interaction later that same day during which she does similar, but it's worth noting this is pointing to a different message and appears to be less a "reminder to read" and more re-iterating what they feel is their argument against the Nix author's own arguments. Puck then continues to have back and forth with other commenters but as of today, there has been no further comments from the Nix author after 2024-02-03, and no further comments from Puck after 2024-02-08.
This hardly to my mind qualifies either as "having to remind him multiple times to even read her PR message at all" or "after eelco ignored the PR for quite a while, also!" So as I said it's a fairly weak claim, and feels more like a "bastard eating crackers" reaction to the PR than an actual showing of poor behavior.
As for the "Meson example", I didn't ignore it. As I stated in my comment, I had at that point read two of the referenced discussions in detail, and thus commented on them. I didn't comment in the "Meson example" for the simple reason that I hadn't read it.
I have read it now, and equally find it confusing.
1) The claim in the letter is that the proposal has "passed RFC, for five years", yet the RFC itself only appears to have been opened 2022-08-24. It's been a while since grade school for me, and I'll admit COVID has warped all our sense of time, but I'm pretty sure 2022 is not 5 years ago.
2) The first completed working implementation of the change doesn't appear to have been done until 2023-01-18 (https://github.com/NixOS/rfcs/pull/132#issuecomment-13874661...). Again this is much less than 5 years old.
3) On 2023-03-20, the author of the PR for this change states:
> the RFC has made it past most of the early stages and the current goal is to achieve parity with the current buildsystem before replacing it.
(https://github.com/NixOS/rfcs/pull/132#issuecomment-14768433...)
Again, this doesn't seem to fit at all with the claim that the proposal has "passed RFC, for five years"
4) On 2023-11-01, the Nix author themselves asks for updates on the RFC implementation, an action which doesn't seem congruent with someone who is willy nilly single handedly blocking things and being a disruption to the process. And the author of the PR states:
>the main block is actually a lack of free time for the main devs!
(https://github.com/NixOS/rfcs/pull/132#issuecomment-17890770...)
This doesn't seem to point to evidence that the Nix author is single handedly holding up this process.
5) On 2024-03-21 the PR author notes:
> currently working on adding support to build nix-perl, waiting for assistance
(https://github.com/NixOS/rfcs/pull/132#issuecomment-20135356...)
Not to sound like a broken record, but if the issue isn't finished as of a few weeks ago, it can hardly be considered to be held up by the Nix author for 5 years.
I agree that one of the links in the open letter is to a comment on a PR from 2019, which is indeed 5 year ago, and does indeed contain the Nix author commenting that they are skeptical of the change because "he doesn't know meson but knows his own build system". But given that there's an entire wealth of history on the topic since then, including progress on the feature that appears completely unobstructed by the Nix author and an open PR that is a mere 3 weeks old for a current implementation, I find myself again unconvinced of this rampant bad behavior on the part of the Nix author. And I reiterate again that these complaints are very weak and don't do much to support the open letter at best, and act as contrary evidence at worst.
Again there might be other context to be had that is missing, but if one is going to write a massive "open letter" complaining about bad behavior, I expect the links in that letter to point to actual bad behavior, and or provide the relevant context necessary to show how what appears to be normal dissent is a passive aggressive continuation of obstruction. I have to assume the links one provides in an open letter is their strongest evidence, and if this is all the authors have... I am unconvinced.
11 replies →
As far as I can understand, the complaint is about the behavior of the owner of the Nix project, together with alleged ties to military companies. Most of the sources are assorted screenshots of Matrix and X posts with snide remarks, so it's hard for me to understand the latter claim. As for Eelco's behavior, it seems like a case of BDFL gone wrong. Tightly restricting the commit bit but also not taking the time to review patches is certainly annoying. The Clojure community a few years ago had a similar friction and ensuing drama (cf. https://news.ycombinator.com/item?id=18538123)
The installer issues are annoying. I just barely started using Nix, and I'm completely new to it. I wasted an entire day tinkering with the default Nix install to enable flakes and other features that are apparently experimental, even though they are widely used by the community. In the end, I did use the Determinate Systems installer simply because, on Mac OS at least, it provides Flakes out of the box, functioning package search, and the Zero-to-Nix guide assumes you are using their installer. It's hard for me to judge why exactly this is a bad thing. The site seems to just list it as an aside for the ineptitude (intentional or not) of the Nix maintainers.
Yeah, this letter is odd in that it doesn't begin by stating what the problem is, but instead allude to the problem as if the readers were familiar with NixOS cultural issues
I'm sure that somewhere buried in a wall of text they state what this is all about, but reading up to there is pretty hard when one doesn't have context.
edit: it appears that this is mainly about the bad behavior and conflict of interest of Nix creator, Eelco Dostra. Reading this makes me appreciate how well managed the Rust project is (despite occasional crisis and misbehavior like the RustConf fiasco)
> I'm sure that somewhere buried in a wall of text they state what this is all about
If they could've, they would've. Unfortunately, this has been bit of a problem in the Nix community for a while. No one mentioned in this letter is an "abusive" "right-wing" "concern troll" by any stretch of imagination. Actual behavior that kind would most likely result in an unanimous ban. But none of the evidence buried in this wall of text supports that assumption. Whether the authors realize it or not, this letter consists almost entirely of ad hominems and accusations of ulterior motives.
Just as an aside, I wrote "almost," because I do think the handling of the sponsorship was an issue here despite the letter framing this as not the central issue. Military sponsors aren't a great fit for a community of international volunteers, especially one trying to put AI on drones. I'm not comfortable with that either. But were the accused members of the Nix community abusing and concern trolling to push a right wing agenda? Definitely not.
The other issues though, are just disagreements. The letter is taking screenshots of random disagreements and claiming it as proof of, again, "abusive" "right-wing" "concern trolling" behavior. Some vocal members of the Nix community love to do this. All. The. Time.
They disagreed with me. They didn't do this or that. That means they must be against social justice. They're persecuting minorities. They're concern trolling. Oh, here's another person trying to stay away from all the drama. They're complicit too.
This is the stated mentality of these vocal members. This is also the reason I avoid posting in NixOS Discourse and Matrix off topic chat channels. It just feels like some are more interested playing Game of Thrones. It's not representative of the community, but I don't want to attract unnecessary attention from the vocal few. I think this is harmful because destroys healthy decision making on difficult issues by excluding people not looking to pick a fight. Fun fact, the same sort of drama also played out when #nixos IRC migrated to Matrix following the Freenode incident.
Actual concrete example. The Nixpkgs repository includes a file containing a list of maintainers. A PR was made against this file, and one member of the community asked the PR author if they can make the maintainer name the same as their GitHub username.
https://github.com/NixOS/nixpkgs/pull/120729#discussion_r621...
And this exploded. Way out of proportion. Some were pouncing on the member who made that comment. To me, the response seems far more abusive than the original comment ever was.
https://github.com/NixOS/nixpkgs/pull/120729#discussion_r621...
Accusations were flown, like "denying someone of a name." Like, seriously?
https://github.com/NixOS/nixpkgs/pull/120729#discussion_r622...
I feel bad about bringing this back up, but it only seems fair to show the whole picture given the drama.