It's partly just a numbers game, innit? There are about 5.5 billion on the internet. IIRC about 3 billion of them speak English. Even a tiny percentage being profoundly unreasonable means there are millions of them. Sooner or later you will come in contact with some of them.
Or to be more eloquent about it: being instantly connected to everyone on the planet also means you're instantly connected to every fucking asshole on the planet.
They are over-represented everywhere. We live in society where being martyr is highly valued, others are not allowed to ignore it and set their boundaries. If you do, you are an asshole and have no empathy.
> I don't know how we end the cycle of cruelty in our industry.
Actually have consequences for it? When industry leaders like Linus act like assholes constantly but are given cover because they produce something so valuable, will always produce a situation where being empathetic becomes a social proxy for being weak or untalented
Now hold on a minute. I'm reading the Codeberg posts, and I think Neowin is getting it wrong. The LoucheBear person seems to be saying that their ClamAV scan is clean without Kapitano, but not clean with Kapitano. Anyone want to grab the flatpak quick, just to see if somehow some malware hitched a ride?
Anyway, if I'm reading this right, then these two people are just talking past one another, not understanding what the other is talking about.
Off-topic: It's absolutely mad from a security perspective that you can't download flatpaks as a simple bzip file for security analysis.
> Off-topic: It's absolutely mad from a security perspective that you can't download flatpaks as a simple bzip file for security analysis.
You can download Flatpak bundles: Flatpak supports exporting apps as .flatpak bundle files, which are single-file archives that can be analyzed offline.
These can be created using flatpak build-bundle or downloaded if the distributor provides them.
From a security perspective, I don't trust the binary that downloads and installs a package to just download it. Some package installers, such as Bundler, like to run arbitrary code from the package on install. I don't trust that to not be invoked with a simple download. I'd rather use hardened tools like CURL or a web browser. It's just good security hygiene.
I think it is a bid problematic that anybody can create an account on github and open issues there (if enabled).
No "professional", paid software would allow ordinary users to communicate directly with the programmer. Or allow outsiders to post comments on their products website.
Just moving discussions to irc would already filter a lot of spam. As a last resort you could require some kind of proof that you are a maintainer of a bigger distribution. Or something in between.
While the developer's decision must be respected, I don't really understand it. Why not simply ban the troll instead of engaging with them in any way? I wouldn't want to give a troll any power or influence at all.
It's still effort. If you have someone shitting up your PRs with personal complaints you can either put the effort in to squelch the opponent or you can just walk away. For unpaid FOSS work there is often very little to be gained except for a bit of self satisfaction and kudos from the community.
It's easy to walk away from an ungrateful community if you don't have gold in your pockets to soften the blows.
Alternatively, people can instead choose to NOT be dicks to people who are altruistically developing stuff for no compensation and the net benefit of our industry.
As the former community manager for ClamAV, there could have been some work done here to correct the situation and make both parties happy. I know ClamAV doesn't want to see third party utilities go away, and it's beneficial to the community for them to exist. Trolls exist, but there are ways to deal with them. I ran ClamAV and Snort for about 15 years, and we had plenty of heat over the years. This could have been avoided.
A single developer doesn't have a 'community manager' to deal with assholes. That said, why would one try to make the troll happy? What reading this results in "they both have a valid point we should address"?
Im not saying the developer needs to have a community manager. Im saying this could have been handled differently by any number of people. I dont want to point fingers.
I find I am typically only browsing this site when I am not ready to present the best version of myself (tired, bored, demotivated).
I don't know how we end the cycle of cruelty in our industry.