Comment by cies
4 months ago
> if you provide something, even for free, you should expect people will rely on it and you shouldn't pull the plug overnight if you can help it
Do you know their reasons for discontinuing? Are you even entitled to know that? It's their private matter.
> of course, if you run out of business or something bad happens to you, that's something else
Huh? So now everyone should let you know "it was out of their hands"? You have no idea how entitled you behave.
> There is some kind of implicit commitment.
No. That's just between your ears. It's putting fancy words on a feeling you have, not something that actually exists.
> what's the point of even providing pre-built Docker images if you expect people not to rely on them?
How do you know they had that expectation? And why do you care?
> This feels pointless and you probably shouldn't start providing them in the first place if you have this expectation.
You are excusing yourself for these commenters that behave like spoiled children: not thankful for what they got for free, but only bitching when it stops.
Hey, tone down, please. Also, have you, for some reason, totally missed the first point in my comment?
> Do you know their reasons for discontinuing? Are you even entitled to know that? It's their private matter.
Fully addressed in the "if you can help it" part of my comment.
> You have no idea how entitled you behave.
I have 100% idea how entitled I behave. I don't at all. I don't use MinIO. As an employee, I push internally for relying on our own infra (but we are quite good at this already).
I don't expect open source projects to provide binaries. Well, I kinda do if they've been doing it though. Expectations vs entitlement? Not the same thing.
We're discussing human interactions and expectations here.
---
So, in your opinion, what's the point of providing pre-built binaries if you don't want others to be able to rely on them then?
As someone who develops free software in my hobbies and also as an employee, if I provide binaries for free, I 100% expect people to be able to rely on them, or I just don't do it, and I would 100% feel like I'd be causing them issues by stopping doing it on short notice. I would feel like I'd owe them explanations (and their can be valid ones I'm sure - burn out would be a hell of a valid explanation to stop working on the projects at all) if I did that. They'd not be entitled to receive the binaries from me, but they would expect it and breaking expectations is not very nice. I have difficulties seeing this another way to be honest.
Let's also recall that we are talking about a project who's business might have benefited from the adoption in the first place.
> why do you care?
I could care about nothing, but that's not what I'm on HN for. I'm curious and interested.
You can read more about my views on this stuff here if it can help understand me: https://news.ycombinator.com/item?id=45667271
If you were relying on their pre-built binaries, you presumably still have them. It's not like they went and deleted them off of your computer. They're just not giving you new pre-built binaries (but they're still giving you new code for free! And others pre-build binaries for free anyway). Do the old ones stop working at some point?
Note that a CVE is not an indication that something doesn't work. In the real world, they're mostly relevant only for businesses that need something like PCI compliance. Especially for something like a storage server that shouldn't be directly exposed to the Internet. If you are a business that has some compliance obligation, you have no one to blame but yourself if you rely on others' charity to meet that obligation.
Existing binaries don't stop working, but adapting your infra to get the update can take some time.
Without other elements, it's definitely not nice to stop releasing the binaries out of the blue, especially for a security fix. To me it's purely a question of breaking expectations you've built yourself (I don't mean entitlement, I mean expectations).
Now, it's indeed not the end of the world, and:
> you have no one to blame but yourself if you rely on others' charity to meet that obligation
100% agree with you on this (that's my first point in my original comment).
3 replies →