On Sat, 2017-12-09 at 22:43 +0100, Arne Babenhauserheide wrote: > Florent Daigniere <[email protected]> writes: > > On Sat, 2017-12-09 at 19:24 +0100, Arne Babenhauserheide wrote: > > > Florent Daigniere <[email protected]> writes: > > > > Months later he is asking for help supporting the windows > > > > version of > > > > the > > > > legacy script that has now been broken for years (we're past the > > > > one > > > > year mark now)... > > > > > > Let one point not be forgotten: > > > > > > You broke that script this spring when you disabled > > > downloads.freenetproject.org without first checking which parts of > > > our > > > tools depended on it. This was a throwback of more than half a > > > year on > > > the way to finally getting next released. > > > > > > And you did that when I had just finished my setup to get reliable > > > releases again. Despite me voicing concerns. > > > > You are re-inventing history here: > > > > 1) It wasn't my decision to switch to the new infrastructure: > > Keeping > > osprey was both expensive (in £ but also sysadmin time) and useless > > (since nothing was running nor working from it anymore). > > The cost in £ is irrelevant compared to the amount we'd have to pay > for > even a single week of paid development. We had and have enough money > in > the account to keep osprey up for decades. Deleting it after I told > you > that there are things we should preserve was folly. > > And when I think about the time your premature deletion cost me and > others, and all the breakage which resulted - not for you yourself or > your workflows, but for many parts of the release process - this is a > bad joke. >
Again, you're blaming me for a decision that was taken collectively (through another very efficient multi-year long process)... Osprey was switched off in late June... the cert expired on the 5th of April... It's clearly not what broke it or prevented you from fixing it in the meantime. > > 2) In August 2016 (and probably before on IRC) I did warn that > > action > > had to be taken: > > https://www.mail-archive.com/[email protected]/msg29456.html > > ... Removing the DNS records and switching it off hasn't changed > > anything to the fact that it was already broken. Wget and cURL both > > check for HSTS headers by default, which means that "keeping it on" > > wouldn't have helped with making existing deployments of the script > > work. > > Since 1478 replaced the pinned certificates, that is simply wrong. We > can change certificates with an in-freenet update, even use self- > signed > ones, and still get the security needed for the updater. > 1478 does not replace the pinned certificates; it just sets the new ones on new nodes. I've told you several times that your code doesn't do what you think it does... https://github.com/freenet/fred/pull/612 The proof is that it didn't magically "fix" the "fetch the plugins over HTTPS" functionality of the node. If you'd done it properly it would have (at least until Osprey was switched off). > > 3) You are the one who has changed the plan: > > https://www.mail-archive.com/[email protected]/msg54925.html > > I wrote this message after a discussion with you where you stated that > the Maven repo would be the way with least work to be done. Which was > false. But your quite strong requests that I investigate and choose > among the alternatives you showed (which excluded the least effort > one) > did take up the time needed to avoid the breakage. > > When I asked you, what the lowest effort action would be which would > keep everything working so we could migrate in small working steps, > you > left out the option to simply copy the file hierarchy and replace the > pinned certificates. Yes, I could have thought about that myself, but > I > trusted your expert opinion. > > Due to that I lost a week where I spent most of my free time > investigating the different options (as you asked me to) and trying to > see what we could use. Yes, I put in work to keep things working > despite > the expected breakage. That you're now holding it against me that I > tried to push things forward according to *your* wishes is unnerving. > Who is pushing work on who here? We had a plan we agreed on, you've changed it and unilaterally decided to do something else because you've deemed it to be "less work". Turns out that you were wrong; whichever way you stretch it, you had to touch all the parts of the codebase at least once to make the infra switch (like I told you). Your new plan involves making several changes to all the same parts... and a year in the process we're still there. By all the parts I mean: - the release scripts (still broken) - sha1jar (now retired for a less secure alternative) - the update\.(sh|cmd) (broken until last release on all platforms, still broken on the main platform of our users today - what this thread is about) - Fred (updating the pinning certs -still broken as shown above) - Fred (the fetch-a-plugin over HTTPS ditto) ... and the list goes on. > > Blame me all you want, but I have delivered upon what I said I would > > I give it to you that that's true in some sense, because you always > said > that others should do a large part of the work required due to the > changes you did. You did not promise to do the work, you simply stated > others should spend their time adapting to what you did. > What are you referring to here? > And then you forced the issue so we'd have widespread breakage if > others do not bide. And not only once. > Again, can you be specific? > Ever since I started as release manager, you put additional work on my > plate, broke things which I needed in workflows I inherited, and > harassed me when I did not do the exact thing you wanted me to do. I > should have seen that coming when you deleted the ant build files from > next. The switch to Gradle isn't something I have decided; It's on the roadmap decided upon by the project... > Despite that, I still moved forward to reduce the differences > between master and next to minimize the risk of switching to next, and > I > preserved our ability to release some improvements despite the > transition still being unfinished, and what I got from you were > requests > to invest more time into things you broke. Along with requests that I > take a leading role, paired with harassment when I did not act as you > wished; you tried to abuse me as spearhead to make others follow your > ideas and attacked me when I did not. > We just can't afford to have a release manager that doesn't lead nor make following the roadmap the project has agreed upon a priority... You insist on doing only "easy" changes and as a result the project is not moving forward. > I am working on Freenet because I consider it important, but not to > let myself be insulted by you. I am investing my private time, time I > then do not spend with my family, and your continuous attacks are > making this an unpleasant experience. > > I always tried to do what is the pragmatic way forward, the way which > aids the project, even if that means taking the coals from the fire > for you, and not to take your attacks personally even when they were, > but given the persistence of your personal attacks in IRC and now also > here in devl, I no longer see that as viable. > > You harassed xor for years, and I repeatedly asked you to stop > that. When I became release manager, you started to first put in ever > more demands for time investment by me and then to harass me when I > did not follow. > > I am saying this now in public, because I cannot let it stand any > longer. If I were to go, I expect that you would harass the next > person who takes up any official role for the project. I do not know > why you do that, but I no longer care: You take the joy out of > contributing. The discussions with you were the largest energy drain > for me in the past months, and that has to stop. > You are the one behaving like Xor; over-promising, under-delivering and making it personal when it's not. https://www.mail-archive.com/[email protected]/msg55031.html You're planning 3 releases for November, we have seen none and according to this thread, you don't even have the slightest idea on how to do what you've said you'd do. I can understand that you don't want to fiddle with windows and update.cmd ... I can't understand why it takes you so long to ask for help. We have been there and done it before: the solution to most windows problems is to write platform-independent tools... but you see that as too far fetched (the python/golang TUF thing). I am okay with you having a divergence of opinion on the matter, I'm not okay with you justifying doing it your way because "it will be quick" and ending up months later with something that has barely reached the drawing board (we're talking about code that still doesn't exist, let alone having been tested). > But this is not how I want to end a email. > > Things I am happy about: Being able to ship Sharesite so people can > create and update Freesites with minimal effort - which quite a few > people took up. Finally shipping WoT build 19. Shipping bookmark > updatenotifications. > This isn't on the plan *you* have layed out last month. Do you see why it's difficult to work alongside you? Do you understand that unless you lead and tell people what you need help with it's not going to work? Not only you're not following the collectively decided project's priorities, you're not even following your own! This thread is a step in the right direction: you're asking for help and that's okay... My initial email was being supportive of that... what came after is a Xor-ish tantrum I don't feel like I've called for. Florent
signature.asc
Description: This is a digitally signed message part
