"Sorry I opened a PR and merged it without discussion" is not an honest description of what happened (https://github.com/reactiveui/splat/pull/778), and therefore the apology seems very insincere.
You can't apologize and at the same time minimize the thing you actually did. It's pretty much like ending your apology with a "but". And this (not really) apology is a big "but".
More to the point though, this apology attempt made it worse. It starts off with a dishonest apology, and then goes into a big policy and contract debate.
Why would you conflate the two? Whatever point you're then trying to make about policy and ownership is tainted by both the personal misstep (I call it that unsarcastically) and by the insincere apology.
It's needlessly ineffective.
1. It makes your apology sound like "I'm sorry, but I'm the dictator here"
2. It starts you off from a position of "I was wrong, admit I was wrong, but here's how actually I'm right"
It's going to be hard convincing anyone if you start from a position of being wrong. And not just wrong but also really rude.
It seems to me that it would be much more effective to just apologize for the obvious process mis-step and arrogant rudeness (it happens to the best of us), and let that sink in. And then start a new conversation about policy.
Whoever raises "yeah, well weren't you the one who went around PR policies?" in that thread will be the unproductive one, and it won't go anywhere.
As-is the policy points can't be taken at face value.
Coming into this as an outside observer, I don't really understand the original infraction and can't judge it's severity.
But reading the apology, I still had the reaction: Wow, they really don't understand community management if they think this is going to work for anyone, which they seem to be telling us is in fact their whole job?
> Wow great conversation! Let's lock it to contributors just for a laugh and not because someone on Twitter just unhelpfully sent 27.3k Looky-Loos over to drop their $0.02 on my repo
> @reactiveui reactiveui locked as resolved and limited conversation to collaborators 6 days ago
Either I'm out of touch (quite probable) or sarcasm doesn't translate too well, since... I think they're unhappy with someone tweeting a link to this PR, but it also seems unclear why discussion was shut down.
I think that was a good call. Most mob-comments on these things are not productive. And especially when done on the project's own infrastructure (unlike here on HN) it's like locking your normally-open door to prevent people coming into your house to berate you. Let the people upset write to their local paper, instead.
I don't think the thread would be helped by 100 "who's here from HN?", "Congrats, you're on reddit", and such.
What you do not see is any deleted messages that already happened before that comment, it can well be that a bunch of twitter/reddit/hn/... users already thought it'd be helpful to invade and post some probably not so well-thought-out nor useful stuff.
And I mean, it's their repo, if they want to restrict an issue/pr to contributors only and do so with a sarcastic message or some other rhetoric way, it's their full right to do so..
Of course it’s their right to do so, what a silly response. Just because they can, doesn’t mean they should though.
> What you do not see is any deleted messages that already happened before that comment, it can well be that a bunch of twitter/reddit/hn/... users already thought it'd be helpful to invade and post some probably not so well-thought-out nor useful stuff.
And so the solution is to double down and antagonize everyone else? That’s a good way to lose any moral high ground. Ban the bad actors if need be, lock the comments, but for god’s sake communicate that decision professionally.
If this is not desired behavior it should be enforced by requiring a reviewer to sign off on the changes before merging. By not requiring this it means it is okay for pull requests to be merged without discussion, even if it is a rare occurrence. This is one of those occurrences.
So, first of all I disagree. Just because something is not prevented by technical means doesn't make it allowed. That goes for all things in life, outside of a supermax prison.
And after being asked twice by another maintainer (one of the two current maintainers (none of which are her), as I read it) to please follow the procedures, she tells him to fuck off and overrides him.
And after all that she does actually write something intended to look like an apology. So what does that mean? Either she disagrees with you, and indeed she should have followed procedures, or all she's apologizing for is "sorry you got so upset", which more of a taunt than an apology.
No, actually. Contrary to what cryptocurrency people would have you believe, there are other and more effective ways to prevent undesirable behaviour than technical means, for the vast majority of behaviour.
Isn't this situation a counterexample though? Nontechnical ways to prevent behaviour were attempted, and failed.
For distributed software development processes, the only thing that works are hard boundaries. No hard boundary -> implicitly tolerated.
For instance, "the vast majority of behaviour" includes every line of code in a repo. The only viable way of preventing undesirable behaviour of a software system is to enforce passing tests before merging. A mandatory technological safety net baked into the developer's workflow.
All of these boundaries are to prevent human error propagating to production. Merging changes without review shouldn't be possible.
> Isn't this situation a counterexample though? Nontechnical ways to prevent behaviour were attempted, and failed.
Not really. Just like shoplifting isn't a motivator for putting everything behind the counter in a store. The cure could be worse than the disease.
> For distributed software development processes, the only thing that works are hard boundaries.
Definitely not true. Opensource has existed for a really long time without a two-key system. Many projects (besides this one) still have big sets of people with commit bits. I'd go so far as to say that almost all projects with a core team size greater than one has some amount of this, with very very few exceptions.
Not everyone needs protections as if they are covered by Sarbanes-Oxley (SOX).
And these projects work just fine.
In fact, it's not even desirable in most cases. You have to take development velocity into account, too. "It must never be possible to unilaterally commit to the main repo" is not the value the project brings to the world. It's a means to deliver the actual value. And it's not the only one. So there are always tradeoffs.
Having worked under mandated requirements (legal and contractual) such as this, I can tell you that it's not without big costs, costs that opensource projects would rather spend on other things. Especially since it's detectable. Preventable is usually not worth the extra costs.
> No hard boundary -> implicitly tolerated.
Of course that's not true. Not in any context. You don't go to someone's house and flip their furniture, and say that not only was the furniture not nailed down, it wasn't even part of the ToS for entering your house, and in any case the door was unlocked.
A project without a CoC is obviously not implying that you can be a nazi or sexually harass.
"What is not prevented is permitted" has never been true in the whole history of humanity, and there have always been repercussions for what you did.
I've been a sysadmin with root access. That doesn't in any way make it implicitly tolerated that I read people's emails and home directories.
> Merging changes without review shouldn't be possible.
Ideally yes. But it's more convenience than security. E.g. your example about having pre-merge testing decreases the toil of maintainers having to deal with test-breaking code being merged. I.e. having to roll it back, and deal with any merge conflicts during rollbacks.
But by your logic of "no hard boundary -> implicitly tolerated" this means I could change the code to detect if it's running in a test, and do something else. There's no hard boundary, but will obviously not be tolerated.
We're going to have to agree to disagree, if you are arguing against mandatory code reviews in software projects.
Beyond the obvious sanity checks, they exist for establishing collective consent, and knowledge sharing - these are responsibilities that increase with seniority, not decrease.
Junior people should never be permitted to sidestep the process, and senior people must be leaders and set an example.
No, I think as soon as a project has two people who care about it and will reliably review, it should be turned on as mandatory.
But there will always be a way for one of these two to go around the process, if they really want to. Otherwise you have to plan for what happens if anybody becomes unavailable.
But it's clearly not "the only thing that works". E.g. AFAIK OpenBSD still just gives core team the commit bit, and don't work on a "prevent" basis for enforcement.
And if not OpenBSD anymore, then this has at least been the default model of CVS for over 30 years. It clearly does, in fact, work just fine.
Now, enforced code review is better.
So I agree with all you said in this comment. But it's not as simple as what you said before.
But short of SOX-compliant stuff and very strict environments, there will always be people with "god" powers. As I understand it the PR author here could have turned off code review, merged, and turned it back on. And with the attitude she showed in the comment saying "yeah thanks this is my project so I do what I want", clearly "doing the right thing" was not on the radar. It didn't serve to remind her, because she knew. She acted as if "above the law" deliberately.
..and further it is not possible to discern properly the relationship between a project and a contributor just because there is a time gap. If I wrote a project completely myself up to version 1.1 and then allowed other maintainers on to it who had taken it to version 1.2 I might feel I can merge whatever I like even after a gap. Not saying that is what happened here, just saying that it is impossible to discern from that discussion
It takes no effort to enforce reviews for pull requests. So why not just do it? If that’s the desired behavior, why not just enforce it as the desired behavior?
Relying on people to remember rules or adhere to some informal policy isn’t scalable, and complicates onboarding for new maintainers who may not be aware of the repo’s “culture”.
> Relying on people to remember rules or adhere to some informal policy isn’t scalable
Is that the case here?
She was asked twice to follow the formal procedure. She basically replied "fuck off".
> It takes no effort to enforce reviews for pull requests. So why not just do it?
Fair enough. Devil's advocate here: If they had then they wouldn't have found out that they can't trust this person to act in the project's best interests.
But yeah. Seems reasonable to me to just flip the bit, if indeed for them it's that simple. But there will NEVER be that easy a fix for all issues.
Edit: It seems it may be more complicated than this. Other commenters have said that this project was moved into a Github enterprise account, which granted this person god-like powers. If so, then at the very least this means that she exploited a temporary security vulnerability, where she found herself with god like access she was not supposed to have according to the project maintainers and policy.
It's also not scalable to "just never have a security gap", which is also one of the many many arguments against cryptocurrencies. "Prevent-only" just does not scale.
> We are tech people, do things technically.
Hmm... I'm trying to not say "I used to think that, but then I grew up", because I don't intend it as an insult.
Running a project, and more true the larger it is, is not as much technical work. There will always exist the technical possibility to do the wrong thing (except in a supermax prison).
And even when possible, most technical means are just not worth it. We can't all develop software like the space industry[1]. It's just not worth it. Especially when the problems are of the kind that can be undone, like this one was (rollback PR).
> If this is not desired behavior it should be enforced by requiring a reviewer to sign off on the changes before merging.
From what I've read about this specific incident, it seems this was enabled by the fact that this project had been moved to GitHub Enterprise without the maintainers' knowledge. One of the features of GitHub Enterprise is that some privileged users in the organization can bypass such restrictions. That may be what happened here.
I am not versed in all the details here, but it is clear there is a diverge of expectations between MS and some of the repo owners. This is just part of business. Legal agreements and projects are complicated. Not everything is going to be spelled out. In a good business relationship you acknowledge this and work in good faith to resolve differences when they occur.
However, top comments make clear there is a dire need for professional communications training among these programmers. There is entirely too much emotion on display here. Stuff like this:
While I appreciate that this must have been hard to write, this is a total non-apology and just about meets the incredibly low expectations I and others had for the .NET Foundation's public statement.
.. and the other comments like it, are not productive. There is a difference in expectations, so resolve it by making offers to MS for proposed changes. Ultimately there is a negotiated settlement or you walk. That's it. Don't bring emotions into it.
I don't see anything wrong with that quote. Can it be expressed more "softly"? Sure. But that person is expressing his opinion and I don't see any problem with that. You could also argue it lays the foundation for further escalation but that's on whoever chooses to engage in it IMO.
There seems to be a more general trend going on, some think themselves or others must be protected from "harshness" (even though I consider the above quote to be only a mild example - see the rest of the internet...). For example Linus Torvalds gets a lot of flak for his opinions on some pieces of code he doesn't like but every time I read those emails, I feel like people are blowing it way out of proportion. I'm sure it's not fun to be on the receiving end but his arguments are typically sound and likes to write a lot to really drive his point home. I'd rather be told I'm working on a dead end than a "nice comforting letter" explaining how my patch can't be accepted _right now_ because of x and y with wording that could be interpreted as "it could be accepted later" just to be friendly even though the code is structurally bad and needs to go back to the drawing board. It would give hope where there is none and I think that is worse than "no your code sucks because of x y and z".
I think in this case here it was ok for disappointment to be expressed.
I'd say the key thing wrong with it is that it's not actionable. It doesn't express what the commenter would like to see changed. It's just general vague disapproval.
Harsh or soft, criticism should always be actionable. The way you describe Torvalds' feedback, that's actionable, when someone is told what makes their code unacceptable, so they can correct course and try again.
EDIT: I should edit to add, the post that the quote is from -does- in fact then go on to point out what it finds unacceptable. But I'm commenting just on the quote.
What if that person is Hitler? What if you work at Dignitas? What if you're Linus Torvalds, working at Dignitas, and the person is Hitler, and Hitler wants to merge a particularly bad pull request to add an NPM leftpad dependency to page_alloc?
If it wasn't sufficiently clear from my scenario where Hitler wants to merge an NPM dependency into the Linux kernel while Linus Torvalds is treating him at a euthanasia clinic, I was joking.
In the scope of any realistically possible pull request discussion, yes, you're undoubtedly right.
(Rationally) making a point, expressing emotions, and being offensive/insulting are entirely separate things.
There are a few misconceptions at play:
1. that expressing negative emotions implies being offensive
2. that being offensive strengthens an argument
In my experience, being able to separate the offensive part, which is certainly difficult, leads to much more productive outcomes, without losing argumentative strength - besides, being also (considered) more professional.
> some think themselves or others must be protected from "harshness"
In the above perspective, harshness is simply improductive in any context - being firm and persuasive is always a better choice. It's just very difficult :^)
> I'd rather be told I'm working on a dead end than a "nice comforting letter" explaining how my patch can't be accepted _right now_ because of x and y with wording that could be interpreted as "it could be accepted later"
This is a dichotomy between an arguably harsh approach and a false/polite one. There are other different approaches (besides, I think that there's nothing offensive/harsh in being told that one is working on a dead end).
> I don't see anything wrong with that quote. Can it be expressed more "softly"? Sure. But that person is expressing his opinion and I don't see any problem with that.
Being considerate towards other people leads to a much more productive collaboration. This vision:
> You could also argue it lays the foundation for further escalation but that's on whoever chooses to engage in it IMO.
is indeed non-collaborative - essentially, not being interested at all about the other person. The point is then just venting frustration rather than communicating (in general, not the specific case).
I doubt that anybody can hold a lead/management position with this attitude (without being considered at least an unpleasant manager).
> For example Linus Torvalds gets a lot of flak for his opinions on some pieces of code he doesn't like but every time I read those emails, I feel like people are blowing it way out of proportion. I'm sure it's not fun to be on the receiving end but his arguments are typically sound and likes to write a lot to really drive his point home.
This argument actually proves the point. Torvals made a public apology:
so definitely there is something (to say the least) inappropriate with that attitude. There are indications that he went to therapy specifically because of that:
> making a point, expressing emotions, and being offensive/insulting are entirely separate things.
Whilst true, what often happens is that people emotionally express disapproval. This then often includes harsh judgement not just of someones work, but of their person as well. At that point it becomes insulting. Even when not moving on to harshly judging a person, totally destroying someone's work is likely to put them on the defensive. For the purposes of keeping up conversation, it can be equivalent to being insulting.
Consider remarks like.
"This code is riddled with bugs and lacks insights form the last 10 years. Whomever wrote it must be willfully ignorant or a total moron with their head in the sand".
It reads like a statement made from emotion, it technically only includes "making a point" but it goes so far as too become insulting. Even if you drop the second sentence it can still be insulting.
Excuse me? The post is a non-apology. It starts with a minor PR while in fact it turns out to be about the whole organizational structure which was a surprise to people that joined it?! This is a fundamental problem, not a minor PR and how the process for merging that is.
As for emotions and business you are also quite wrong. Emotions will give you some pretty good hints about reality. Ignoring those and trying to be 'productive' is a sure way of being tricked all the way to the bank. There's a reason emotions exist and to lobotomise yourself won't make you a better business person.
"There's a reason emotions exist and to lobotomise yourself won't make you a better business person."
This. If the other party has identified you as a mark for their scheme, non-emotional professional haggling will result in the worst case in profit for the hostile party, and even at best will be a total waste of time for you and exhausting.
I.e. it's
"Excuse me sir I notice an acidic liquid flowing from your direction. I would appreciate if you could either maneuver yourself or stop the said liquid flow as the volume of fluid gets in contact with my countenance."
v.s.
"Stop peeing on my face you **hole!"
You should not aggravate situations beyond reasonable bounds, should not become a sosiopathic professional victim and so on - but for a person of healthy psychological state, your emotions definetly are a valuable guide.
I find it fairly important to be “human,” in my interactions; professional, or otherwise.
That said, I’m also responsible for keeping the tenor of my communication constructive.
There will be mistakes (on my part, and on the part of others), as well as miscommunications, but they can be kept to a minimum, and addressed on a case-by-case basis.
I’m a big believer in sincere, appropriate, apologies. They have been enormously effective, in my own career.
I won’t apologize for breathing your oxygen, but I also won’t avoid taking responsibility and accountability for what’s mine.
When we weasel out of responsibility, we also surrender agency and power. If it’s our fault, it is also our bailiwick. An apology may seem like a weakness, but it can actually be the opposite.
I agree the part about the low expectations of the foundation isn't constructive, but I feel like some open display of emotion is necessary after a person openly refuses to have an honest discussion. In the PR she repeatedly ignores the maintainer to push her changes. Then in the 'apology' she doesn't really apologize and isn't really straightforward about what really happened. In the PR the maintainers were pretty reasonable in their communication and it didn't really change the directors approach. I feel like when communicating with someone who repeatedly works in bad faith at some point all you can do is walk away. This emotional poster is doing that but before doing so making sure it is clear to others that this is not okay. I think that's better than saying "I repectfully disagree" because that makes it seem like it's just a slight misunderstanding rather than someone working in bad faith.
Wanted to support your point on emotions with a quote from my favourite philosopher, David Hume:
"We speak not strictly and philosophically when we talk of the combat of passion and of reason. Reason is, and ought only to be the slave of the passions, and can never pretend to any other office than to serve and obey them."[0]
> There is a difference in expectations, so resolve it by making offers to MS for proposed changes.
Here's some more rude commentary for you: you are showing your hand, and it's a very poor / weak one.
You seemingly operate under the assumption that corporate-speak is some sort of invisibility cloak that gives the denizens of said corporations free reign to exploit whoever they like, and those exploited should politely ask for their soylent green in return.
Well, if I were giving my humanities-grad opinion to those developers in terms of dealing with people like you, I'd tell them to immediately recognize and refuse to deal with people like you, and more specifically to tell you that "if you want me to participate in your HR-speak, you can pay me a salary, until then the discourse is not on your terms. Maybe you should tell your boss to send someone else."
I think more highly of people who are honest about their emotions and express them, instead of pretending that the motivating force behind almost all of our personal behavior isn't "relevant." Emotional ≠ unproductive.
I've been around long enough to know that the higher goal is to line the pockets of those who establish and enforce the "polite" interaction rules. They give orders to the workers (in the broadest sense, workers can be productive professors) and skim off a percentage of the output.
OK, sure, that's the order we live under, and it's not ideal. But better than running around foraging all day, and if you wish to change it it's better to save the rage for situations where it's called for.
> there is a dire need for professional communications training among these programmers.
Maybe, but probably not why you think.
Once you've read the PR's conversation you'll see this isn't about someone just merging a PR which wasn't approved. This about someone submitting a PR, a maintainer asking for discussion before merging it, ignoring the maintainer and just merge the PR, the maintainer asking why it wasn't discussed and then making a snide remark to the maintainer.
So I agree that the "Sorry for merging a PR" isn't going to cut it here. The merging of the PR was the least of the problem. It's a hollow corporate-style apology where someone is allowed to be called out for. It's like saying: "Sorry I hurt your toe" after you pushed someone of a cliff.
Did you look at the Contribution License Agreement? It appears that the issue at hand was in fact "spelled out". Repo owners aren't unreasonable to interpret this action as bad faith. I would agree that their message would be better communicated with a more amicable tone.
I don't see why you think people should respond in an amicable tone to an employee of a corporation blatantly attempting to seize ownership of assets which currently do not belong to them.
I did not really dive into the details of the legalese that was shared in the comments, but on the surface none of what the .NET Foundation doing seems that odd. How is it any different really from how Apache or Eclipse or many other foundations operate? I think it is less about the Foundation trying to seize the projects from the founders then it is the Foundation doing what it needs to do to apply its legal value to the projects ... which is seemingly why these projects decide to move to the foundation.
Maybe I just missed some nuance that was discussed in more depth elsewhere.
The CNCF and the kubernetes system does do a CLA, so it's not a concept the Linux foundation has never heard of it, but clearly it's not required for every project they support.
EDIT: Apparently the .NET Foundation has an additional copyright assignment track. Their documentation is inconsistent and not up-to-date. This is deeply unfortunate and certain to cause grief.
> 5. Licenses.
> a. Copyright License. You grant .NET Foundation, and those who receive the Submission directly or indirectly from .NET Foundation, a perpetual, worldwide, non-exclusive, royalty-free, irrevocable license in the Submission to reproduce, prepare derivative works of, publicly display, publicly perform, and distribute the Submission and such derivative works, and to sublicense any or all of the foregoing rights to third parties.
What appears to be at issue is administrative control over the Github project / organization.
> It is also clear that the .NET Foundation project governance model is not well understood. Project maintainers sign an agreement that either assigns or contributes their project to the .NET Foundation. That’s the point at which project ownership changes. We’ll post another document on that this week as well.
This apology claims project ownership was assigned and the parent poster claims that the actions taken are required for supporting the projects.
Clearly from the comments in other linked threads the project owners dispute this but the CLAs shared by the contributors differ from the sample one you have linked.
That wording (from the post) is unfortunate because it is misleading, but that doesn't mean we should continue to spread the misinterpretation. Please stop conflating "project ownership" with "copyright assignment".
> the CLAs shared by the contributors differ from the sample one you have linked.
In response to your challenge, I subsequently went through the first step of the project contribution process at https://dotnetfoundation.org/projects/submit and (after signing into Github) wound up at a page which includes the following:
> *Contribution Model.* Under the .NET Foundation contribution model, a project retains ownership of the copyright, but grants .NET Foundation a broad license to the project’s code and other intellectual property. The project also confirms that the project’s submissions to .NET Foundation are its own original work (there are also instructions for any third party materials that might be included).
> That wording (from the post) is unfortunate because it is misleading, but that doesn't mean we should continue to spread the misinterpretation. Please stop conflating "project ownership" with "copyright assignment".
What else is there to own in an open source project? The trademarks? How many of these projects even have trademarks?
This is the document that the .NET foundation requires new contributors to projects owned by the .NET foundation to sign. Ok. But it's not the document that the owners of these projects signed as part of opening relations with the foundation, at least by the project owners claims and provided screenshot. The .NET foundation could plaster this document on their home page, but it doesn't change that the project authors are providing a different document that they claim is the one they signed.
The document that the project authors claim to have signed includes this modified intro:
> Project means the projects owned or managed by Contributor and listed below that is assigned to the .NET foundation hereunder.
If this is assigning copyright to the .NET foundation, is it bad faith to not make that clearer? Yes. Is it a reason not to do business with the .NET foundation? Yes. Does the fact that the later sections of the document discuss copyright licenses make their claim less credible? Yes. But I'm not a lawyer, so I'm not going to pass judgement on if it does what the .NET foundation claims, merely discuss the point that the foundation now claims it does so, and other posters have claimed that kind of assignment is needed for a foundation to operate.
Please stop attacking me for trying to discuss the situation without using your preferred description exactly. I'm trying to present both sides claims in a discussion that it is not required for the .NET to do what they claim based on the examples of other foundations which have managed without such a step.
For what it's worth: while I'm not a lawyer, I'm a past ASF board member, VP Legal Affairs, and VP Incubator. Not that you should take my "argument from authority" as gospel, but that should give some perspective on why I'm focusing narrowly on the issue of copyright assignment. I've explained these issues many many times to many many projects, dealt with conflicts over administrative control analogous in some ways to the one at hand, etc.
Copyright assignment is extremely cumbersome and difficult. To achieve it, all copyright owners must be willing to give up their own copyright, which many organizations and many individuals are not willing (or even able) to do.
From my standpoint, it is unthinkable that the .NET Foundation would say that their contribution model is to license, and then slip copyright assignment language into an agreement on the sly. There would be hell to pay if that were the case. The contribution models, how you run the organization, etc., they're quite different.
EDIT: Mea culpa. I have found additional documentation that conflicts and reveals that there is now an an additional copyright-assignment track. See my soon-to-appear reply.
> > Project means the projects owned or managed by Contributor and listed below that is assigned to the .NET foundation hereunder.
> If this is assigning copyright to the .NET foundation, is it bad faith to not make that clearer?
That clause doesn't assign copyright. While IANAL, from my perspective copyright assignment language would be much more specific than that.
EDIT: There may be additional language later.
> the project authors are providing a different document
Yes, that's true unfortunately. I wish that the project author had provided the whole thing because that would make our discussion easier. I can't get at the actual current document because it's sent via Docusign, and I'd need to actually submit a project to the DNF to get at it.
I tried, though, because clearing this misunderstanding is important.
> What else is there to own in an open source project?
In terms of intellectual property: copyright, trademarks, and patents.
But then there is also administrative control over project resources: domains, Github organizations, possibly physical resources such as servers or test hardware, accounts at various places, upload permissions for distribution channels, occasionally bank accounts, etc.
And specifically, this conflict is about administrative control over project resources and permissions on Github.
> The trademarks? How many of these projects even have trademarks?
Well, technically few have registered trademarks, but in general you get a trademark by using it in commerce. So all of them have at least a claim on a trademark, although it may not be enforceable if there's a conflicting registered mark or if the project name is too generic.
> EDIT: Mea culpa. I have found additional documentation that conflicts and reveals that there is now an an additional copyright-assignment track. See my soon-to-appear reply.
> Assignment and Contribution Models. The .NET Foundation uses either an assignment model or a contribution model for on-boarding new projects. Under the assignment model, a project transfers ownership of the copyright to the .NET Foundation. Under the contribution model, a project retains ownership of the copyright, but grants the .NET Foundation a broad license to the project’s code and other intellectual property. The project also confirms that the project’s submissions to .NET Foundation are its own original work (there are also instructions for any third party materials that might be included).
Here is the best part, if you dig a little deeper into the issues and pull requests, you will find out that the .NET Foundation people have been removing the contribution option from the blank agreements, leaving only the assignment option.
Lol! Unsurprisingly, this upset some of the developers on the projects, as they were unclear about how this affected them.
The consequences seem foreseeable and I don't understand why the DNF would do that. The difference between copyright licensing and copyright assignment is a big deal. If you think it makes strategic sense to transition (which I don't understand either), to my mind you'd better be loud and bold, overcommunicating in order to maintain trust — with project founders, contributors, and the broader community (including outsiders like you (?) and me).
FWIW, this would never happen at the ASF. The 800 or so Members of the ASF (who elect the Board) are drawn from the projects, so the kind of people who are upset at the DNF would be in a position to take action at the ASF (by electing a different board).
If you're moving your project to the FSF, it's because you want their lawyers to defend your users' rights under the GPL/LGPL/AGPL.
From the FSF[1]:
> Under US copyright law, which is the law under which most free software programs have historically been first published, there are very substantial procedural advantages to registration of copyright. And despite the broad right of distribution conveyed by the GPL, enforcement of copyright is generally not possible for distributors: only the copyright holder or someone having assignment of the copyright can enforce the license. If there are multiple authors of a copyrighted work, successful enforcement depends on having the cooperation of all authors.
> In order to make sure that all of our copyrights can meet the recordkeeping and other requirements of registration, and in order to be able to enforce the GPL most effectively, FSF requires that each author of code incorporated in FSF projects provide a copyright assignment, and, where appropriate, a disclaimer of any work-for-hire ownership claims by the programmer's employer. That way we can be sure that all the code in FSF projects is free code, whose freedom we can most effectively protect, and therefore on which other developers can completely rely.
tl;dr: the FSF can't enforce a project's license unless they're copyright holder.
If I recall correctly, that was because it was legally uncertain whether a copyright infringement case could be brought by an entity other than the copyright holder in the case of GPL violations. Since then, lawsuits to ensure GPL compliance haven't really materialized, since the threat of lawsuits tends to be sufficient, so assignment of copyright hasn't been necessary for other similar foundations.
Intent also matters, and I would trust the FSF much more than I would trust a Microsoft-based foundation.
It seems the issue hinges on: did a copyright assignment take place in order for projects to join the .NET foundation? It currently seems unclear whether this is the case or not.
Foundation seems of the opinion that assignment did occur, but individual projects differ on whether they think they have assigned copyright or not. There are legitimate reasons for copyright assignment but all contributors need to have the same understanding of whether a copyright assignment applies or not. If projects have not had individual contributors agreeing to a copyright assignment up to now, then it's not possible for a project to assign copyright to the .NET foundation without the consent of every contributor. Which is likely a tricky proposition...
This whole situation is toxic. She literally made a 1-line change in a configuration file with basically no downsides.
She also repeatedly re-opened and then merged the PR despite the other guy telling her to follow the format and wait for a review. Which she shouldn't have done. But then everyone started bashing her and .NET for other (similarly small) things and extrapolating that. Then there's this 1000 legalese word apology, and then people are bashing her for the apology.
Please read this discussion[1]. The issue goes far beyond a pull request.
Project maintainers had their projects moved from their public GitHub accounts to the DNF's GitHub Enterprise account without notice. Some maintainers only found out about the transfers of their projects because of this[1] discussion.
In practice, how does such a change actually affect the project owners? Because from all the kerfuffle, I haven't seen a single legitimate grievance or issue this actually caused the owners. In fact, one of them even says (paraphrased) "If you had just waited for review, there probably wouldn't have been any issue."
So it seems that the root of the whole mess is that the .NET Foundation demands that every project lets a centralized and anonymous committee enforce their code of conduct by banning users from all member projects.
No, that was not their problem. CoC violations have not been a problem here. It is the complete lack of communication and a enforcement of other things (the .NET Foundation things they should do), like account management, code ownership and collaboration model.
All of that is however, quite debatable whether it should or should not done by the foundation, but the utterly lack of communication and community participation is the problem here.
The GitHub Enterprise organization thing poses a request to GitHub: is there an audit trail for this kind of operations (moving organization to be a part of another org)? If there's none yet, the need is apparent.
I think the goal of that language is to avoid an increase in drama from random people outside the community (e.g. us!) reacting to the apology without actually being an affected party. If you don't know what the apology's referring to, it's probably not directed to you!
And also, I strongly suspect, because any description of the events is likely to be considered tendentious by some of the upset parties. Much easier to avoid the issues that come with having to write a balanced history of it.
Umm the people who she is apologizing to know why she is apologizing... I don't think it is super important to educate the peanut gallery on the issue... if you don't know what the apology is for, the apology doesn't really matter to you.
I don’t know enough about this to comment, except to say, gee, isn’t the social and business life of human adults complicated?
Yes it is. It is complicated. How strange, then, that so many people seem to jump with both feet into complicated shared ownership arrangements with near strangers— leading to the absurdity of public messages flying around instead keeping these communications private to the specific people who understand them?
Why am I even seeing this shit? That is auto-fail right there.
They're discussing this on a public forum, but only sharing screenshots of small sections of PDFs which remain private. The CLAs are the governing documents here, and nobody except the people who have access to those agreements in full have any business even forming an opinion as to what rights are held by whom. Posting selected parts (literally just the definitions section, the non operative part!) for public point-scoring is pretty ridiculous. Either shut up and email them privately, or post the entire thing so people can see what you've signed up for.
(The outdated copy of the agreement that's available online is not good enough.)
I'm sympathetic to this argument, but the fact that the blog posts, discussions, tweet threads etc. under issue are publicly viewable (that's the web!) doesn't imply an obligation that members of the debate perform for the public as if it were a political debate or a court room. I suspect that the intended audience of posts by aggrieved maintainers is other maintainers in the community. Oughtn't they be able to communicate and organise without putting their communications under lock and key?
Here we are now discussing it privately on HN and GitHub as we're a bunch of busy-bodies, but I am not necessarily prepared to blame the maintainers for that.
Does anyone have a good summary of what happened here? I'm not really following what the foundation did wrong. Did Microsoft do something underhanded? Did they get caught trying to start the extinguish phase of EEE?
The executive director of the .NET Foundation force merged a PR on a project, instead of following project guidelines.
The incident snowballed into other projects discovering they have been moved to the .NET Foundations Github Enterprise account without their knowledge.
And even more projects joining the snowball with “we were told the Foundation were just there to help us, not take over project ownership”
And now there is a huge snowball with a lot of projects and people stuck inside.
It seems to me that there is a valid apology present in two paragraphs:
> [...] I made a mistake this last week when I made a PR and merged it to a project without discussion. [...] I overstepped. I failed to consider how the interaction would look through the lens of my current role. [...] this was a mistake. I sincerely apologize.
> To recap, I’m sorry about the PR I made and merged on the ReactiveUI Splat repo. That was a mistake. [...] On behalf of myself as the Executive Director, past and current boards, I’m sorry that we’ve created an environment where maintainers are surprised by their relationship with the .NET Foundation. It will be my and the new board’s number one priority to fix that.
How does one label this as a "non-apology"? Mistakes were acknowledged and corrected; actions were regretted and improvements are identified. Shouldn't that be enough?
> On behalf of myself as the Executive Director, past and current boards, I’m sorry that we’ve created an environment where maintainers are surprised by their relationship with the .NET Foundation. It will be my and the new board’s number one priority to fix that.
This is the non apology. It's not apologizing for the nature of the relationship that was created, it's apologizing for people being surprised by the nature of the relationship. There's an implication in the statement that the maintainers failed to understand their agreements and that's the real root of the problem.
In terms of the "fix", it's not clear whether the fix is to renegotiate the agreements, or just to make it more clear what the agreements meant (in which case, the harm is not really being addressed).
If you look at the post as a whole, it reads that she's "sorry" that this happened, but the only reason that it's an issue is because the member projects don't understand their place. Literally: "It is also clear that the .NET Foundation project governance model is not well understood. Project maintainers sign an agreement that either assigns or contributes their project to the .NET Foundation. That’s the point at which project ownership changes."
But she doesn't even explain what the "mistake" was (moving OSS projects), and even down plays it by only mentioning merging a PR and not the intent behind the PR.
She also doesn't say why she thought this change was needed, or why on earth she would even think to do such a thing without talking with the maintainers.
These reads as a weak, non-apology to me - makes me wonder if the text was really written by her, or by legal.
For context, I've been working in Microsoft shops and with dotnet for 2 decades, and I'm pretty much a dotnet fanboi - the actions here have burned a tonne of goodwill, both with dotnet developers and those others who are/were tempted by it. I'm not angry, I'm disappointed :(
For one thing it doesn't say what she did was wrong by itself (repeatedly ignoring the maintainers rejections and not following submission guidelines), but it just looks wrong because she is the ED (but she's actually doing it as the maintainer)
Edit: on 2nd thought it seems she is also claiming she should be able to make this change unilaterally as Director and the problem is that people don't understand that. Which kind of makes this a non apology for saying sorry while also saying the problem is people's misunderstanding. Which also makes the part about doing the change as a maintainer a lie if that's the argument (she clearly said that in the PR too)
> While I’d been involved in this project as a founder and maintainer for many years [...] I failed to consider how the interaction would look through the lens of my current role.
That part could have been explained better, I think. It suggests it would have been a non-issue if not for being an Executive Director, it's just concerned with 'how it looks'. In that sense I can see why people would treat it as a non-apology.
> I created a PR in ReactiveUI’s Splat project and merged it with my ReactiveUI maintainer permission. I shouldn't have merged this PR without explicit sign-off from the other maintainers, because it's disrespectful and rude not to follow the project’s process.
This is an improvement, as it addresses the actual problem in the PR in question. It would have been good to start with this.
> Also, as the executive director for the .NET Foundation I should have been able to manage the conversation and the disagreement with the other maintainers a lot better.
But then it misses the mark again, here, as I don't believe it's an accurate reflection of the issue in the PR.
---
I'm not involved in any of this so I don't know if the general response to this is overly harsh or not, particularly with calls like "resign and find a new ED in 24 hours". I don't rate it as a particularly amazing apology, but I also don't think it's intentionally a non-apology. If anything, it's a mismatch of perspective: the author sees a misuse of Executive Director Power and thinks that to be the problem, but the other people involved see a maintainer ignoring their Code of Conduct.
Of course, the other issue is that it conflates the incident with the pull request with a whole bunch of organizational politics, which does feel like a bit of a sucker punch. Perhaps they should have been discussed separately, e.g. with an apology on the PR relating to what happened there, and then... all that other stuff.
I don't know anything about the .NET Foundation or much about this particular situation, but I know a little about open source governance.
It appears that Novotny believed she was acting in her capacity as a (long-dormant) maintainer of the project when she merged the PR in question. It was clearly wrong to do so without following the process set down by the other maintainers, and she was right to apologise.
However, as the Executive Director of the Foundation, she also had the power (perhaps indirectly) to force a merge of a patch in any project controlled by the Foundation. All Foundations must reserve this power to themselves (you can't take on legal liability for something you have no control over), but they also must never use it. To do so is the nuclear option, to be invoked only after all trust and goodwill has been irretrievably lost anyway, because it certainly will be once you use it.
When you wear multiple hats and one of those hats is very powerful, it is critically important to make clear when you are doing stuff but not wearing that hat. Sometimes even that doesn't help, and it's better to just refrain from doing that stuff until you have handed the hat on to someone else.
In this case she failed to make it clear that she was wearing her maintainer hat and not her ED hat. In fact, she accidentally invited speculation that she was wearing the ED hat by referring to the change as a requirement of the Foundation. I'd imagine this is why things blew up.
Note that this probably indicates a problem with the structure of the Foundation. It's more or less inevitable that at the board level these things are pay-for-play, and that the ED's continued employment is at the discretion of the board. But technical decisions should be delegated to a neutral body, preferably elected by the project maintainers. It doesn't sound like that exists, but had it done this situation might have been avoided.
The other issue seems to be a fundamental disconnect between the Foundation and the maintainers of various projects in it about the purpose of the Foundation. For example, I saw one where a maintainer politely declined to give the Foundation access privileges required to enforce the Code of Conduct, instead saying that the maintainers would enforce it themselves. Sorry, but I don't think any foundation could accept that. One of many reasons for joining a foundation is that it gives contributors confidence that there is a CoC backed up by an independent organisation, and that can be enforced even (especially) against powerful members of the community such as project maintainers - potentially even all of a project's maintainers. This is one of many ways that Foundations help build contributor confidence, which is one of the major benefits for a project of joining a foundation, and all of them rest on the credibility of the foundation to act as a circuit breaker and assert some kind of control should dire circumstances crop up. To allow individual projects - even historically well-behaved ones - to opt out of that control would be to effectively render those guarantees meaningless, and in fact reduce the foundation to what would be effectively just a giant fraud against contributors.
It appears that many projects signed up without being made aware of this, and that is an absolute disaster for which only the Foundation can be responsible, and again they are right to apologise for failing to communicate it. However, what many people wanted was an apology for having technical measures in place that would allow them to exert control over projects, which the Foundation cannot really apologise for because it would effectively be an apology for existing. Inevitably people who wanted that will see this response as a non-apology apology.
It looks like a long, hard road back from here to rebuild trust. I'd suggest that the board needs to work collaboratively with the community to clearly document the rights and responsibilities of both the Foundation and the individual projects, that they consider establishing an independent governance body for technical oversight, and that any project that feels this isn't what they signed up for be given the opportunity to leave on good terms.
> For example, I saw one where a maintainer politely declined to give the Foundation access privileges required to enforce the Code of Conduct, instead saying that the maintainers would enforce it themselves. Sorry, but I don't think any foundation could accept that. One of many reasons for joining a foundation is that it gives contributors confidence that there is a CoC backed up by an independent organisation, and that can be enforced even (especially) against powerful members of the community such as project maintainers - potentially even all of a project's maintainers. This is one of many ways that Foundations help build contributor confidence, which is one of the major benefits for a project of joining a foundation, and all of them rest on the credibility of the foundation to act as a circuit breaker and assert some kind of control should dire circumstances crop up.
Which is why those people in your hypothetical rightfully see CoCs as poison-pills meant to silently transfer ownership from themselves as owners/founders/copyright holders to corporate "contributors."
To which the obvious response is "if you want to own my assets, buy them, stop tip-toeing around contracts and trying to get them on the cheap."
This is the exact summary of what is wrong and need to be improved. Thanks for that.
The .NET Foundation needs a revitalization and maybe a split into a ".NET Foundation" and a ".NET Community Foundation" to separate the .NET and the .NET community. The F# community is much better in this separation of community and Microsoft.
There are a number of projects under the .NET Foundation umbrella, all maintained by different teams.
The .NET Foundation, supposedly for billing reasons, switched to GitHub Enterprise. People weren't aware it was happening or that a side effect of this would be that certain people would have increased access to their repos.
The person writing this post, Claire Novotny, merged in something maintainers disagreed with and that she shouldn't have had GitHub permission to merge. This lead people to realize access controls had changed and become concerned about abuse of this power.
There is also the fact that some projects were moved from their maintainers' public GitHub accounts to the DNF's GitHub Enterprise accounts without notice.
If you read this discussion[1], several maintainers only found out today that their projects have moved accounts because reading the thread itself prompted them to double-check.
There's another, slightly confusing aspect which u/vb explained absolutely brilliantly here (https://news.ycombinator.com/item?id=28781621), namely that she wore two hats: one as the ED of the Foundation, the other as a long-dormant maintainer of that particular project.
She apparently intended to merge that PR qua the latter, but didn't make that sufficiently clear, and also made some offhand remarks about Foundation rules which (accidentally?) implied she was acting qua the former.
TL;DR; .NET Foundation moved all member projects to be a suborg of .NET Foundation without asking maintainers.
For example, I am a maintainer of https://github.com/pythonnet/. If you follow that link, you will see "Part of .NET Foundation" which is a GitHub Enterprise Organization.
AFAIU, They could do that because when joining projects needed to add dnfadmin@github bot, that was supposed to perform some utility tasks such as enforcing CLAs.
Allegedly some actions required .net foundation to have admin access to projects under their umbrella. The foundation then changed the copyright notices to dotnetfoundation instead of the actual owners.
I didn't understand the drama above the comments entirely, though.
Legally, copyright notices can only be changed by the copyright holder or their authorized agent. If someone from the DNF were to make an unauthorized, illegal change, it would be very surprising.
I think there is very little intent on Microsoft behalf in this. This is a OSS foundation which enforce their (understanding of) ownership. What is horrible is the absolute lack of transparency, communication and community in this foundation.
What they have done happens also in the Apache, Eclipse or whatever foundation as well. Just that these are communities which are mature and composed of experienced open source people which know how to address and communicate with other maintainers/egos/people. Open Source Communities are about people. Not the tech. You are only successful if you are good with people. What they did there multiple times was pulling nuclear options without telling people.
The .NET Foundation is run by Microsoft MVP program (Claire, Ben, others) which live in their own dimension which is different from the rest of the community. They are supported by lawyers/managers of Microsoft trying to protect the brand and the core of .NET. That is a setup for failure without any malicious intent.
Disclosure: .NET Fanboy + (successful) open source maintainer (not .NET foundation related)
That's not the topic of this apology, so it's an entirely inappropriate place to have that discussion. The apology is about not following the procedure..
The whole post in the link is in reference to more than just the pushing of a PR.
> It is also clear that the .NET Foundation project governance model is not well understood. Project maintainers sign an agreement that either assigns or contributes their project to the .NET Foundation. That’s the point at which project ownership changes. We’ll post another document on that this week as well.
It's clear reading the comments on HN that the majority of people commenting have no clue what is going on.
Wow. That’s very brazen to force a PR in like that.
The apology made it sound like a small change that didn’t follow protocol. I didn’t realize it got called out as it happened and she pushed it through anyway.
What especially strange is, when you are one of multiple maintainers ... how the hack you are not communicating with them. Multiple maintainers = they need to have shared principles on the projects = they need to talk.
Ignoring this, is the strangest thing I have seen in this PR ... and a clear indicator, that this is not only about this project. This was a nuclear action by the .NET Foundation.
Yeah, as I thought - If I were the maintainer of that project I would have had no issue with her merging that. But I also understand why PRs exist and process, so I would have said, 'yeah, cool, just don't do it again. Nothing to see here, move along.'
one thing to just merge it, but another entirely to reopen it twice disregarding what the maintainer has asked of you before forcing it. At the very least disrespectful and arrogant.
I just don't get why not drop a brief explanation on the validity of the PR? She could have so easily avoided this. Active maintainers are right to be pissed.
I'm only having my first coffee of the morning, but I read that as Rocky from Andy Weir's excellent Project Hail Mary would have phrased it... "Anyone have a link to the PR, question?"
...so that's how you get a lot of work for nothing... people, please never sign something without at least clearly stating what you think it means. A sneaky way is printing the document and sending it back together with a statement of how you interprete it - best on the page you should sign... A simple (see email 211007) below your signature often is enough... if you did not sign on paper but just by clicking some buttons, your position is even better, especially if you are in a non us legislation and there is no translation...
I'm confused why the correct course of action isn't to revert the commit, ask the author to re-open the PR for comment, and follow the process. Why the tortious apology?
If I wanted to interpret this in a paranoiac way, I would say that's because the author of the PR isn't apologetic at all, and in fact is quite fine with forcing a PR through the maintainers without their consent.
Assuming good intentions is a good way to get abused by people exploiting the fact that you assume good intentions. The person in question did a PR, someone informed her that she should follow the rules, she didn't, merged her PR, more people complained. Right now the PR is still merged. She wrote that whole text, and the PR is still merged.
Since I can't read people's mind, a good trick that I learned is to derive intent from actions. Removing a merged PR is easy, especially when you can force merge one in the first place. Yet she didn't do it, but wrote a lot of text that is apparently an apology. If it's an apology, why is there no show of regret by retracting her PR? Maybe because it's not actually an apology.
Edit: the PR was removed by the current maintainer.
> If it's an apology, why is there no show of regret by retracting her PR?
Perhaps because nobody has asked her to do so. Despite the contribution process not being followed, the results are seemingly desirable; and so nobody seems to want to worsen the codebase by reverting the change, even temporarily.
Process is great when it improves quality, but process followed just to follow process—when it won't result in a change in quality—is just pageantry. Engineers are generally too practical (and impatient!) to participate in pageantry, even as an act of public humiliation for someone they're annoyed with.
The repo has other maintainers; any of them could have reverted the merge and demanded the PR process be followed, if they thought it was a good idea to do that. What intent do you derive from their inaction?
> My understanding is that she did a PR, quickly merged it, and people only noticed after it had already happened. Nobody interjected to complain; there wasn't really time to do so.
The PR is here, it was explicitly rejected (with two comments) and closed before she merged it
Sometimes Hanlon's razor is in tension with Occam's. If it looks like a duck, and it quacks like a duck, maybe it is actually a bad actor. Or something like that.
Either way, I think the idea of "the banality of evil" is more useful here than Hanlon's Razor. Claire Novotny may well have simply not thought about her actions. Is she still responsible for them? Should we care that she meant well if she continued her bad behaviour after it was pointed out to her?
And what if somebody makes a habit of not thinking about their actions despite having it pointed out to them repeatedly that their actions cause harm to others? (It sure seems to be an effective way to climb the ladder.) Can they still hide behind the defense of "meaning well"? By analogy, what if somebody makes a habit of getting behind the wheel while intoxicated. If they hit a pedestrian, how much do you care that the drunk driver meant well?
I would hardly equate drunk driving to Novotny's actions.
But to address your analogy, I simply do not have enough information to tell whether Ms. Novotny is a bad actor or not. In the absence of such information, I can only assess a situation based on my prior life experiences.
Hanlon's razor is a great principle to apply to your personal relationships, but you'll make yourself a mark if you start applying it to the machinations of trillion dollar companies.
Hanlon's Razor is just a heuristic. What is the reasoning for following it? Or do we just blindly follow an age-old adage because it sounds philosophical?
For my part, I'm going off of my life experiences.
In the vast majority of cases, the logic behind Hanlon's Razor held. Many times I assumed malicious intent and was proved wrong. As I've gotten older, I've assumed malicious intent less frequently.
I would assume that you fell on the "assume malicious intent too much" side of what's probably a normal distribution, while some other people are on the other side. If that theory is correct, people like you would benefit from Hanlon's razor, but other people would not, they should do the opposite.
I think "people that don't assume enough malicious intent" are a real thing, so I think Hanlon's razor is not an universally good recommandation.
I would not say people are stupid. We should never assume we know why someone did something and then take action based on that assumption.
When someone cuts you off in traffic, for example, they probably did not see you or are late for an important event or their wife is in the emergency room having a baby. It probably was not personal or malicious.
"There is a pattern that needs to be resolved. Projects might not fully understand what joining the .NET Foundation means..."
This sounds like not only an apology, but an attempt to start a discussion surrounding the community overall and get everyone to have matching expectations.
the maintainer closed the PR twice, asking for her to follow the process before she reopened and merged it. Then reverted it.
the apology is because it's not just about this PR. Among other things there is moving a number of projects into the foundations enterprise gh org without any warning/discussion using the admin account they forced upon/bullied project orgs into adding. This has affected some in a negative way already.
Maybe since this person has a prominent place there is an attempt to set a better example for others? Not a cool move by Oren but maybe a "teachable moment".
Years ago I heard Microsoft was open sourcing .Net. and I thought that was a clever idea. But with all the drama coming out of the community now for years and years I seriously question the intentions behind that move. It seems to me Microsoft just wanted a bunch of free coders on their .Net projects.
And it wouldn't be the first time Microsoft set out to destroy a community of volunteers either.
Total waste of everyone's time. I suspect if the word "Microsoft" were not in this equation, this HN thread would not exist and no one would give a shit.
A lot of people have ulterior motives and 99% of the "toxicity" I have observed to date comes from either trying to hide those motives or pretending like others couldn't possibly possess them.
Yup, I'm inclined to agree. I also think the word 'toxic' is horribly overused, to mean essentially 'anything I don't like'.
Though FWIW, ulterior motives are hidden by definition – as in, that's literally the meaning of the word 'ulterior' – so I'm not quite sure what the last sentence is getting at.
What is with the comments calling this a non-appology? Do they need a hair shirt to make sure the sinners really suffer?
Hyperbole aside its kind of jarring reading a frank apology and ownership of actions (what they did, how it impacted others, why it was bad) that then gets dismissed entirely. I wonder what those people would consider to be sufficient?
It does not seem like there is any point to a public apology. You are going to get the same response whether you frankly admit fault or apologize because some one else didn't understand your good intentions.
If you read the entire post, it quickly becomes apparent why people are reacting poorly.
The opening paragraph is an apology. Other parts of the post undo any goodwill that might have been garnered from the apology itself.
One example:
> There is a pattern that needs to be resolved. Projects might not fully understand what joining the .NET Foundation means. We share a checklist with project maintainers on project changes they accept as part of becoming part of the .NET Foundation. That’s obviously not sufficient. We will post a new document that describes what you can expect when your project joins the .NET Foundation...
To me, this says "sooo, even though I screwed up, I'm technically allowed to do what I did and you probably should have already expected that based on the agreement you signed, but we'll make our materials even clearer so you don't make that mistake again".
It turns the problem back around on the community. I don't necessarily think there's anything wrong with the rest of the post after the apology...if it was posted separately. When included in the same post, it's hard not to take it as "sorry, but I still wasn't technically wrong".
I do think the whole culture around public apologies and the hair-splitting and analysis that comes after is concerning and often unhelpful. But I think the backlash here is understandable.
I did not get that at all. To me it sounds like she is coming clean with what she sees as the issues surrounding the project, including poor communication. I read that as, 'another problem we've seen is that people are unclear what it means to become a member of our organisation so we are working towards improving that.'
I initially read her apology and thought it was likely a response to an overblown situation that occurs because it's on the Internet and it's much easier to assume the worst of people's intentions.
I can imagine merging a PR I made that I imagined to be obvious and fine. I probably would have just said, 'oh yeah, sorry. I'll try not to do it again. My bad.'
But then again, that's probably why I'm not the leader of the .Net foundation :-)
Wasn’t just opening a pr and merging it, it was opening a pr, having a maintainer ask her to clarify/follow process, close pr, her reopen it, TWICE and then finally just merge it dismissing the maintainer
Thanks! Coming in to this cold: Starting with reading the apology and the first few comments on that page, then back here down to yours. This paints a totally different picture to the impressions I got from the preceding steps; I can fully understand the upset.
(It's weird.. I just came from that link, and was feeling exactly the same way, and then read your comment. Yes. I try not to chime in with "me too," but that PR really puts into perspective that the merge was problematic in addition to them transferring entire GitHub repositories without warning, which is generating an equal amount of outrage. I see now why it's equal.)
> I read that as, 'another problem we've seen is that people are unclear what it means to become a member of our organisation so we are working towards improving that.'
The implication though is that becoming a member of the organization allows for actions like the one she took. I do think owning up to "maybe these agreements aren't clear enough" is good, but that then seems inextricably linked to "I was allowed to do this".
The reader then needs to figure out "is she apologizing because of what she did, or is she apologizing for not being clear that she was allowed to do what she did?"
If you're one of the maintainers, the latter falls flat, regardless of intent/genuineness.
I hope your more charitable take is closer to reality.
I don't know why there would be confusion about what she's apologizing for. She explicitly stated what the mistake was.
> I shouldn't have merged this PR without explicit sign-off from the other maintainers, because it's disrespectful and rude not to follow the project’s process.
But when that is followed by an explanation outlining why they’re allowed to do what they did, and going forward they’ll try to make that more clear, how is one supposed to interpret the original apology and its intent?
The apology and the legal overview do not coexist well.
Aren’t people conflating two different things? Merging a PR when repeatedly asked not to until it got approved, and Microsoft moving repos?
Merging the PR is a personal failure for which she explicitly apologized for.
Microsoft moving repos is something that the organization has always said was possible. There’s not much to apologize there for. That has always been explicitly stated the rules.
> 'oh yeah, sorry. I'll try not to do it again. My bad.'
This definitely should be sufficient. But hey, we are not living in that time anymore.
Public condemnation is the new normal. And a response with public self-condemnation is expected from the mob. "I'm sorry" and "I apologize" is no longer sufficient. You need to go deeper and expose the evil in your soul, and condemn your self and your conspirators, and devote you will be a new person. You might get a chance.
The promise is "apologize and this will all go away". That's a lie. Never does. Depending on where you work, you may or may not be totally screwed, but apologizing when you have done nothing wrong changes bupkis.
Why give the bullies what they want? Stand your ground:
- You can cordially invite the mob to go fuck itself.
Or, for a less confrontational approach:
- You can ignore the mob and proceed as normal for a few months until they find somebody else to hate.
It's going to be a ride either way, but these bullying tactics work only because people cave. It's a trial by fire. The people that don't tend to end up more successful afterwards, and with the added benefit of knowing who their true friends really are.
A couple of important points:
- You need to commit. If you later on back down, you are done like a cheap steak. The bullies know they own you at that point. Yes, this means you might be fired, or kicked out of your university. Might get your house torched. You're going to lose "friends". Improvise, adapt, and overcome.
- These bullies want to provoke you to violence on their terms. Don't. Especially if you're the fighting type: don't take that bait. Pretty sure Sun Tzu didn't write, "Fight precisely when the enemy wants to battle."
People do something shitty all the time, like literally all the time. But public condemnation is the new normal. But nothing you do will prevent that from happening. Mob is just being mob. The mob mentality is spreading like a disease.
> The opening paragraph is an apology. Other parts of the post undo any goodwill that might have been garnered from the apology itself.
This is also recognizable as “I’m sorry, but” or “I’m sorry it made you feel that way”. Both of which have meaningful applications in very specific circumstances but neither of which belong in a public apology.
To people who actually want to better learn to apologize: find a way to apologize sincerely, without inserting yourself into the space receiving the apology, then take your “but” and apply what you learned from the experience to it. Your “but” matters to you, it might be important, it doesn’t matter to the person or people you harmed.
The .NET Foundation is just Microsoft money trying to pretend that Microsoft isn't for-profit or pro-proprietary-software. Microsoft only tolerates open source insofar as it doesn't impede any opportunities Microsoft has for increasing Microsoft revenue. When dealing with Microsoft puppets such as the .NET Foundation, one must always remember that all of this pro-open-source project stuff is pretense and subterfuge to maximize Microsoft profits, not to enrich the open source world.
The person (affiliated with the .NET Foundation) giving this apology is on the Microsoft concentration-camp-money payroll. They are being paid to do things that will ultimately result in the sale of more proprietary Microsoft software and services.
Don't get it twisted. These FOSS project maintainers were fools to get in bed with the enemy.
(While I applaud your energy, I wanted to gently point out that the labels might not be too productive. You might be right, or you might not, but given Microsoft’s recent (very positive IMO) open source contributions, well… it just seemed a little unfair that your labels discounted it entirely. That said, perhaps “you’re not wrong” applies. I don’t know.)
Microsoft doesn't contribute to open source software because open source software is good for the world. Microsoft contributes to open source software because Microsoft wants to sell more proprietary software and services to the open source world, as more and more developers live in that world.
They realized that without significant service lock-in, people would begin to abandon things like Windows (and continue to ignore things like Azure).
This is why WSL exists (so even open source people will keep buying Windows licenses), this is why VS Code exists (and, despite being open source, the most popular plugins for it are proprietary) (to provide a privileged position for GitHub integration), this is why they bought GitHub, this is why they bought NPM, this is why they paid Docker to make dockerd run on Windows, and this is why they're trying very hard to get as many people locked in to proprietary services like GitHub Actions and GitHub Issues.
This is also why they run little shell nonprofits like the .NET Foundation.
You might be right about that. But that doesn’t change the fact that good software now exists, which wouldn’t otherwise exist, and that the software is now open source, which otherwise wouldn’t be open source. In my opinion, that counts for something.
I’ve long hoped that gamedev would make a similar transition. And although Unreal Engine et al are open source, it’s still not the default. So in other words, if gamedev as a whole behaved as Microsoft behaves now, I would be gleefully happy. But you would also be correct in saying that they are doing it “just to sell more proprietary software and services to the open source world.”
I don’t know. The reason I’m trying to take a neutral stance is because I empathize with your point of view, but also can’t shake the feeling that the hard line open source idealism of 1980’s has not achieved all the goals that it set out to achieve (to phrase it diplomatically). And so in 2021, the movement is in danger of being totally ineffective, because all of the teenagers from 1980 are old now, and the teenagers from 2021 aren’t buying into the dogma.
>> can’t shake the feeling that the hard line open source idealism of 1980’s has not achieved all the goals that it set out to achieve...
Actually it has done quite well. Not as widespread as some would like, but I think Free Software is doing spectacularly well. I would say nobody needs Microsoft for anything these day because there are great alternative, but they are creating some decent enterprise tools that may not have free equivalents.
Windows and Office though? I haven't needed those in 15 years, and that's because Free Software has achieved most of its goals.
open source is open source, it is good that they are embracing open source community and contributing A LOT of resources to that. We have a lot of good softwares, framework, open code to learn and communities build by them and they're not allowed to make money from it?
You're basically saying that people who wants to make money are bad. That is just a weird judgement, laravel is building a whole ecosystem to make money, spring is building training and support around , nestjs is building enterprise support. If there is no way to make money around doing something that we love, then open source will be dead. If we are grateful as a community towards what they did, we should support them. not judge them that they want to make money :/
Reading the parent post, I found the monetary aspect less as some kind of anti-capitalist moralism, but more an observation regarding incentives:
There's nothing wrong with making money. However, when your historical business model relies on leveraging monopolistic positions to make said money, any contribution you make is tainted by your ultimate goals of embracing, extending and extinguishing competition to those monopolistic, proprietary offerings. I simply don't trust Microsoft: anything they present isn't a Trojan horse of one flavor or another; proprietary addons in vsc, all the Github nonsense, poisoned "foundation" governance structures - all of it has the effect of luring developers into doing work that benefits the Microsoft ecosystem over open ecosystems. It is naive in the extreme to assert that just because a benefit exists in any form, all harms associated with that benefit must be ignored.
Nothing wrong with making money from software. Lots is wrong with Microsoft attempting to bamboozle developers out of the rights to their work in a transparent attempt to extend corporate lock-in. When Microsoft GPLs their codebase, I'll take their contributions to open source at face value. They can take donations like everyone else.
I think this is actually a result of this post being a very savvy PR move. The title and beginning of the post make it seem like she's personally apologizing for merging a piece of code. That's all good and well -- I think her apology for that part is mostly fine. And at a casual read for a person who's just peeking in, and hasn't read the other post on that board for context, that's all it appears to be.
But (as other folks have mentioned) most of the maintainers are commenting on the rest of the post, which sort of hides behind that apology. The rest of the post addresses the real outrage that's been growing in that community -- not due to a bad merge, which is rude but somewhat understandable as a mistake, but due to the .NET Foundation essentially overstepping what the project maintainers understand as the DNF's role and authority.
That part is a complete non-apology, where the executive director of the DNF is basically saying "we're so sorry that you didn't properly understand that we could do this, we'll fix that by publishing a clearer document", and "we're so sorry that you didn't know we could just move you to our enterprise account, we'll communicate better next time". Both of these are spun as communication issues, whereas in reality they're authority issues -- the maintainers don't think the DNF should be able to just decide to do that, on its own, regardless of how well it's communicated.
And then I realized: her apology here isn’t addressing the root concerns. But it’s addressing everything she has authority to address. Therefore, it’s the best apology possible, but people may be upset because e.g. her merging a PR without discussion is perhaps less anxiety-inducing than the idea that your GitHub repo can be moved without warning to a separate enterprise account (if I’m reading this correctly).
I assume she can’t address the latter, since it’s unrelated to her. But she quite thoroughly addressed the former — which is great! — but perhaps she should have distanced herself in her apology from the other happenings that people have brought up.
I don’t know. It was just sort of shocking to read “they transferred my GitHub repo without warning” without an immediate “crap, sorry! We’ve reverted that” reply. I assume I’m missing lots of context though.
> e.g. her merging a PR without discussion is perhaps less anxiety-inducing than the idea that your GitHub repo can be moved without warning to a separate enterprise account (if I’m reading this correctly).
You're reading it correctly. There are several maintainers in that discussion who only found out today that their projects were moved from their public GitHub accounts to the DNF's GitHub Enterprise accounts. They weren't notified, and some of them only found out because they read the discussion you linked and decided to check the status of their projects.
As far as I'm aware, the projects haven't been transferred back to the accounts they belonged to prior to being moved to the DNF's account.
She says she is the "Executive Director for the .NET Foundation". I'd be extremely surprised if this role didn't allow her input into the decision to move projects to a separate enterprise account without informing the project maintainers.
If that’s the case — and that’s a big if… I don’t think we should assume it’s true — then her apology probably failed to address the root outrage of the decision to move projects to the enterprise account without warning or consent.
They may be entitled to do this, but anyone with a patent is also entitled to enforce that patent. An enforcement decision needs to be made with great care. In this case, they end up sounding tone deaf (https://github.com/dotnet-foundation/Home/discussions/39#dis... has a bunch of justifications about why their decision makes sense, and all I can do is shake my head, even though it is technically correct).
I was also struck with commenter’s swift label of her apology a “non-apology.” I’ve seen this on Twitter and elsewhere. It’s basically a proxy for “I don’t think you’ve suffered enough to be forgiven.” And that strikes me as honestly a little bit terrifying.
So I'm an outsider here, but I think you're missing the point.
Sure, the post starts out as an actual apology for her actions with regards to the PR, but that doesn't seem to have been the meat of the complaints.
Then her post goes on to start making claims that people were upset because things "sound scary" but that the foundations unilateral decision to move projects under their github account actually somehow "gives them more control over their projects".
Then she goes on to make legal claims that "project ownership changes", when that does not appear to be what the contracts actually say. At this point she is litigating in public against the project maintainers when it seems the foundations purpose in life is to represent them!
There's also an implication here by putting the legal claims after the part about moving projects without the consent that the foundation was "in the right" to do this because they had a contract giving them that right.
Then the email wraps up with multiple paragraphs of polite speech that can frankly be summarized as "and now you get to wait and see what we dictate".
"Non-apology" doesn't seem to be quite the right term, she did apologize at the start for one thing, but the rest was anything but an apology.
I don’t understand why people get so angry about this sort of thing, when I saw on Twitter that someone was upset because they had been migrated to GitHub enterprise my immediate reaction was to think that Microsoft did it to give them a better experience rather for some nefarious secret plan.
There is no law to say that people have to give their projects to the DNF, there is no law that says people have to use those projects and can’t start their own projects - join it if you want, don’t join if you don’t want.
I believe the issue is that the maintainers were explicitly told that they weren't "giving" their projects to the DNF, but rather that the DNF was there to support them, while the maintainers retain complete control. So the DNF is saying "we're sorry you misunderstood", and the maintainers are saying "we didn't misunderstand, you're not allowed do that".
It's an ownership issue rather than a benefits issue -- if you joined a homeowner's association in order to have a say in how things work in your neighborhood, and then got back from vacation and discovered they completely redid your yard while you were away, without telling you about it or asking your permission, you'd be pretty mad even if the yard ended up being nice.
Did you read the whole post? It does start as an apology, but then it explains that she actually had every right to exert control of the project and implies the only reason people are complaining is that they didn't understand the new hierarchy they had inadvertently signed up to.
People map their mental model of others onto text as they read, which is one reason why text-based communication, while low bandwidth, is also often misunderstood due to all of the subtle information compression that is lost during the information exchange.
holy fuck, does every little mistake need a solemn 4000 word apology these days? that’s already not a world i want to live in, but then even the apology gets shit on and invalidated. people need to take everything much less seriously, especially shit that happens on the internet.
this whole thing should have been able to be a new PR with “sorry about the merge before, i screwed up and it won’t happen again” at the end, and everyone should have been fine with it and moved on.
Edit: as lots of people said, I was on an older version of the file. I'm not sure how I did this, but I should have double-checked, especially since there was some base64 stuff in the URL.
So it was merged, then reverted almost immediately, and then reimplemented by the project maintainers in the manner they preferred (without a new dependency).
And, regardless of whether this particular PR Is reverted or not, whether there's anything to prevent her or any other board member from doing this again.
It does not seem like she did it as a Board member, she did it because she felt like she was still an Active Maintainer of that project. It seems like the project feels like even if she is still a Maintainer she still was wrong to merge without discussion.
wdym take everything less seriously? the internet is as real as real life, people who donate their time to work on OSS deserve respect and the same cordiality that they would irl.
i think her apology is a wash but that doesn't mean that people shouldn't act without empathy or reason.
you can enjoy not living in the world-- just go off grid and don't try to push that people can act without remorse or consequence :)
> The lengthy word count might tend to confirm that,as you say a genuine apology should be terse and direct.
I've seen enough short apologies posted here and the comments below usually pointed out the lack of effort, the lack of commitment to do better, the lack of pointing out errors and the likes. Any form of apology will get some flak just based on whatever form it took, so I don't think one can judge just based on word count.
I agree. Like others here I don't know the context, so maybe I don't know what I'm talking about, but her first paragraph seems about as sincere and direct an apology as anyone could reasonably want.
After that she talks about broader organizational stuff which isn't intended to take away from her own apology ("Separate from this personal misstep...").
It's a shame that based on the reactions in the linked thread, many seem unable to take what seems like a genuine apology at face value
From what I can see, it's an apology for a tiny symptom of the real problem. Being a genuine apology for that tiny thing, with no apology for the bigger issues, leads to a rejection of the entire post. In that context, if it's accurate, I think rejection is pretty reasonable.
Yeah, it's very hard to see the context, and maybe this really is management being horrible, but yeah, don't know, seems like small stuff to me: A PR that got pushed through, and moving to Github enterprise. Obviously, there was a breakdown in process and communication, but I'm sure Linus has done much worse with Linux.
Yeah, from an outsiders perspective, the apology felt pretty heartfelt (and humbling too, especially for issues that seem somewhat routine), but as mentioned, maybe there are other details we're not hearing?
... btw, these roles on community foundations/boards can be hell, because the community begins to vent at every mistake (and there will always be mistakes). Devs of .net, maybe give the person a break? She's a person.
It's not /just/ about the PR, the whole foundation has pulled all the projects it had access to into the DNF organization without telling anyone about it.
> people need to take everything much less seriously
I am starting to think there is a part of (some?) people's brains that needs to take something seriously. When all basic needs are met: food, warmth, security etc., problems are invented to give that part of the brain something to do.
Actions speak louder than words. If she were truly sorry, she would’ve reverted the PR and have it go through the normal process. Instead she wrote a really long message about how the .NET Foundation owns your project.
It was (rightly) reverted almost immediately after it was first committed, a week ago. I wouldn't expect the author of this apology - posted today - to have instantaneously realized the error of their ways and ever had the chance to do the revert themselves, and I don't think that reflects on whether the apology is sincere or not.
Forgiveness seems to be a somewhat old tradition that slowly goes out of fashion. I find that very regrettable, as forgiveness is the thing that enables the other one to admit their mistake and then improve upon it, which I think is one of the pillars of our society.
Not to armchair, but I think it's a reaction to the very liberal interpretation of the phrase "it's easier to ask for forgiveness than permission" that seemingly every entity with authority has used in almost any community.
Like me personally, I'm just about out of forgiveness to give, it's too often that the entity in question goes and skips asking permission a second time after they apologize for the first time.
Though in this specific case, the infraction seems really so minor that I'd happily live and let live.
What the heck are you two talking about? You're making it out as if the two top-level comments are just that OP didn't apologize enough. In reality they're responding specifically to the OP's individual claims and pointing out they're not accurate.
You think that "Our projects were moved to GitHub Enterprise to consolidate billing but we never had a bill in the first place." and "You're telling us we don't have copyright over our projects but the contract we signed doesn't say that." is "an accusation of insufficient prostration" ?
You might want to consider that the forced pull request has still not been reverted by this person. So an apology but no intention to undo a mistake? Does not sound very genuine in any way.
Also, an apology about a PR isn't this long. This is a wall of text with a few meek words inbetween.
The forced PR was reverted shortly after by another maintainer.
And I agree, a “sorry my bad” type of comment would have looked nice in the PR, but the attitude and actions in it vs the official apology, sounds like completely different people.
You can't apologize and at the same time minimize the thing you actually did. It's pretty much like ending your apology with a "but". And this (not really) apology is a big "but".
More to the point though, this apology attempt made it worse. It starts off with a dishonest apology, and then goes into a big policy and contract debate.
Why would you conflate the two? Whatever point you're then trying to make about policy and ownership is tainted by both the personal misstep (I call it that unsarcastically) and by the insincere apology.
It's needlessly ineffective.
1. It makes your apology sound like "I'm sorry, but I'm the dictator here" 2. It starts you off from a position of "I was wrong, admit I was wrong, but here's how actually I'm right"
It's going to be hard convincing anyone if you start from a position of being wrong. And not just wrong but also really rude.
It seems to me that it would be much more effective to just apologize for the obvious process mis-step and arrogant rudeness (it happens to the best of us), and let that sink in. And then start a new conversation about policy.
Whoever raises "yeah, well weren't you the one who went around PR policies?" in that thread will be the unproductive one, and it won't go anywhere.
As-is the policy points can't be taken at face value.