delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2023/10/12/12:54:31

X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org F3AF23857731
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
s=default; t=1697129670;
bh=NYp4KiMqSVib2lzB61MADfqM3gQvvuhJ0yFJp1pMJrU=;
h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
From;
b=HpgL9CEMOrLvB6tj85J5mz8DVklyZ606+h1A86yGjPbbV2q4RoWlFVUmDvfR4jf25
yS3b9MFOW5oh2ncsYOrXVSJwF2P2qvS9RIL31W66Uwbd155qh/QwKyYLDd3Hw8vAeT
7it3V1t+e5EhSUsa3XiKXMpAmGWtnzp3R1xCkzuY=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E139E3857725
X-Authority-Analysis: v=2.4 cv=MPxzJeVl c=1 sm=1 tr=0 ts=6528249b
a=DxHlV3/gbUaP7LOF0QAmaA==:117 a=DxHlV3/gbUaP7LOF0QAmaA==:17
a=IkcTkHD0fZMA:10 a=w2PP7KgtAAAA:8 a=w_pzkKWiAAAA:8 a=GXfhEz1C1riqALMhmXcA:9
a=QEXdDO2ut3YA:10 a=CDB6uwv3NW-08_pL9N3q:22 a=sRI3_1zDfAgwuvI8zelB:22
Message-ID: <91ce8e05-8c73-4dab-9df3-28e0dd46226a@Shaw.ca>
Date: Thu, 12 Oct 2023 10:53:46 -0600
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Ruby EOL in Cygwin 3.4.9?
To: cygwin AT cygwin DOT com
References: <PH7PR22MB31209C697AD372E36AD384ABAFCCA AT PH7PR22MB3120 DOT namprd22 DOT prod DOT outlook DOT com>
<8cae1a30-cc92-cbea-4599-d7d550850ac5 AT cs DOT umass DOT edu>
<PH7PR22MB3120ED5DF8EB2AA48EB8C436AFCCA AT PH7PR22MB3120 DOT namprd22 DOT prod DOT outlook DOT com>
<d5eb20bc-bbe9-327f-bafc-e56dacfb23b8 AT cs DOT umass DOT edu>
<CAByPD9=cE_-cuS8BXYv9EPy7_VNqhyXHj=2HMQ_ro4+V5t+sng AT mail DOT gmail DOT com>
<ZSdvEv7Ds2UY72FG AT xps13>
<CAByPD9kifZGr+N2oS6sgGieJHfsp2Wr_SNFqs_uDb+w14Cbz5A AT mail DOT gmail DOT com>
<ZSd6PcPx9022z1ly AT xps13>
<CH0P223MB03167E1EDAF8D71E6744F8EEF8D3A AT CH0P223MB0316 DOT NAMP223 DOT PROD DOT OUTLOOK DOT COM>
Organization: Inglis
In-Reply-To: <CH0P223MB03167E1EDAF8D71E6744F8EEF8D3A@CH0P223MB0316.NAMP223.PROD.OUTLOOK.COM>
X-CMAE-Envelope: MS4xfMKt/ESYafTM4OlmHlI2LAKdcCAYeE/HLyQuxFEQqUq5NUBCYUfBx7iTF+M+SscYW0v+PGBxYIw+43a3AHSs33Tqtw5r5YA+R11cWIpyUsFYqYX5jz9o
X0b+DXSVeonHHlS3fDRsh0L0yxcqPvKrif/w/gVrw3XtXaQOliZ+ILAJtn7r7qGhwGf4hwn13Iw8hrG/EqIb5iGzexiNiLPpnGUwsNxEtiTFFGCrfumROgE6
qc93DJatK4BvA0CRUP7HPQ==
X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00, DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,
RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS,
TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Brian Inglis via Cygwin <cygwin AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
Cc: Brian Inglis <Brian DOT Inglis AT Shaw DOT ca>, "Hendrickson, Eric D" <edh AT optum DOT com>,
Eric Hendrickson <ericdavidhendrickson AT gmail DOT com>
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 39CGsVuj015841

>> On Wed, Oct 11, 2023 at 10:59 PM wrote:
>>> On Wed, Oct 11, 2023 at 09:55:04PM -0500, Eric D Hendrickson wrote:
>>>> Sorry for the unclarity - I meant this for the whole list - not just you.
>>>> Thank you so much for taking the time to respond.  Like you said, this
>>>> really is all volunteers.
>>>> For the whole list:
>>>> Totally taking into account the all volunteer nature of Cygwin, would it
>>>> make sense to defer on further non-emergency releases of Cygwin until all
>>>> packages that are EOL have been updated?  Since this is the case with
>>> ruby,
>>>> I am guessing it's likely the case with other packages in Cygwin too.
>>>> Is there a Issues log of some sort (ala github) for Cygwin somewhere, so
>>>> that I can document this in the backlog and come back later to
>>> investigate
>>>> this myself if I have time this winter?
>>>> On Wed, Oct 11, 2023 at 8:11 PM Eliot Moss wrote:
>>>>> On 10/11/2023 6:36 PM, Hendrickson, Eric D wrote:
>>>>>> Thanks for responding.  That makes total sense.
>>>>>> Totally taking into account the all volunteer nature of Cygwin,
>>> would it
>>>>> make sense to defer on further non-emergency releases of Cygwin until
>>> all
>>>>> packages that are EOL have been updated?  Since this is the case with
>>> ruby,
>>>>> I am guessing it's likely the case with other packages in Cygwin too.
>>>>>>
>>>>>> Is there a backlog for Cygwin somewhere, so that I can investigate
>>> this
>>>>> myself if I have time this winter?
>>>>>> On Wednesday, October 11, 2023 5:03 PM, Eliot Moss wrote:
>>>>>> On 10/11/2023 12:37 PM, Hendrickson, Eric D via Cygwin wrote:
>>>>>>> As a ~25 year user and sometime contributor to Cygwin, I support
>>> Cygwin
>>>>> here at my place of work.  Does anyone know why we are deploying Ruby
>>> 2.6
>>>>> which EOL about 18 months ago?
>>>>>>>
>>>>>>> https://www.ruby-lang.org/en/downloads/branches/
>>>>>>>
>>>>>>> I'm concerned about proliferation of EOL versions of Ruby in case
>>> some
>>>>> security risk / 0Day is identified.
>>>>>>>
>>>>>>> Please advise.
>>>>> You should send such things to the list, not me.  I'm just
>>>>> a user who has only made occasional small contributions ...
>>>>>> If nobody has responded I can give a generic response:
>>>>>> "Because cygwin is all volunteer and someone has not volunteered, or
>>> did
>>>>> volunteer and is behind, or fell off the radar."
>>>>>>
>>>>>> Someone else will know how to look up if there is a currently
>>> registered
>>>>> volunteer for Ruby ...
>>> On Wed, Oct 11, 2023 at 09:55:04PM -0500, Eric D Hendrickson via Cygwin
>>> wrote:
>>>> Totally taking into account the all volunteer nature of Cygwin, would it
>>>> make sense to defer on further non-emergency releases of Cygwin until all
>>>> packages that are EOL have been updated?
>>>
>>> Absolutely not.  That makes *zero* sense for an all volunteer group.
>>>
>>> Not every single package is important to everyone.
>>> (I am speaking personally, as maintainer of a single package on Cygwin.)
>>>
>>> You care about Ruby?  Good.
>>> I do not use Ruby, so that is not important *to me*.
>>>
>>> If some specific packages are important to you, please consider finding
>>> the maintainers of those packages and offering to help maintain those
>>> packages.
>>>
>>> https://cygwin.com/cygwin-pkg-maint
>>>
>>> There are many ruby-* packages that have been orphaned.  Have at it. :)
>>>
>>> Cheers, Glenn
> 
> Your suggestions might be given slightly more weight if you made *any*
> substantive contribution besides sharing your questionable assumptions,
> and opinions on work that your think *other* people (who are volunteers)
> should do.
> 
> Aside: The preference on this list is to bottom-post.

 > On Wed, Oct 11, 2023 at 11:15:40PM -0500, Eric D Hendrickson wrote:
 >> Thanks for your reply.  Again, to the point that this is an all volunteer
 >> effort.
 >> And not taking away from any of what you said.
 >> However, sorry I was not more clear.  The issue here is as follows.
 >> Is Cygwin as a whole not more important than any one package?
 >> Cygwin is distributing a suite of packages.  Are you really saying that if
 >> there were a 0day vulnerability discovered in an EOL package still being
 >> distributed by Cygwin, that this would do no damage to the reputation of
 >> Cygwin?
 >> How does Cygwin being an all volunteer effort have any bearing on this
 >> question, other than the time and interest of the volunteers?
 >> Perhaps the volunteer team should consider adopting a process of evaluating
 >> the support status of every package it redistributes, even at the expense
 >> of slowing down the rate of releases.  Or dropping packages when no one has
 >> the time or interest in creating a package from a supported version of the
 >> tool in question.
 >> Again for the benefit of Cygwin as a whole - distributing EOL packages
 >> could put Cygwin as a whole at risk, which I'm sure you would agree is much
 >> worse than dropping a package from the suite.
 >> This goes back to my other question -
 >> Is there an Issues log or backlog a la GitHub where bugs / enhancement
 >> requests / feature suggestions like this can be logged for future
 >> consideration / evaluation, instead of one off discussions in this
 >> ephemeral medium of email?

On 2023-10-12 09:18, Eric Hendrickson via Cygwin wrote:
 > I don’t know who all is on this distribution but I’m going to be very clear.

Thousands of users

> I asked a few very reasonable questions in regard to security and best
practices for a mature and widely known product like Cygwin. In this context, it
doesn’t matter much that it’s all volunteers except in terms of resourcing - the
answers should be basically the same. Either it’s important to Cygwin or it’s not.

Only if it's expressed by sufficient users and supported by sufficient 
contributors who have free time and are interested in doing the work, otherwise 
no, it dies on the mailing list

 > I’m even offering to contribute back to Cygwin.

In what way, other than offering opinions?

 > I got no answers to my questions except “you’re stupid”.

I saw no such comment or statement.

 > I don’t care how many stupid questions this volunteer team gets, or random 
emails. This is unacceptable for the open source community. Or for any community.

You are being unnecessarily contentious and your opinions are unwarranted.

 > The Cygwin team needs to internally examine its maturity and professionalism.

You are now being rude to every contributor to this project.

 > Decisions clearly need to be made about how to communicate with the community.

Decisions are made by each contributor according to their knowledge, ability, 
capability, interests, and availability within their own scope; anything else is 
merely an opinion or belief, which may be ignored.

 > Anyone who treats people the way Glenn does should be ejected from the community.

Glenn made no such implications towards anyone IMO!

He did question your assumptions, and posting methods, which are incorrect:

- Cygwin is a project, not a product, consisting of a bunch of components, 
including over 12k packages, with many dependencies;

- there are no Cygwin releases, each component and package is independently 
upgraded, except if there are dependencies, which need to be upgraded and 
released first;

- there is no "team", only volunteers, some of which work on the emulator and 
related packages, others on libraries and application packages, doing their own 
thing, when they have time, if they are interested, if there are no blockers;

- there is no internal, only public mailing lists on which all discussion takes 
place;

- importance is decided by each volunteer for each component and package they 
maintain or contribute to;

- best practices are decided by discussion and consensus, on the public mailing 
lists, or at least implicit agreement to go along or not bother;

- communication is what each person can manage in English, bearing in mind that 
this is an international project with international contributors, many of whom 
may not speak English as their primary language, so we try to keep things as 
simple as possible;

- comments about maturity, professionalism, and opinions about treatment, and 
ejection need to be considered based on the content and track record of the poster;

- these appear to be your first posts to this list since its inception;

- you do not appear to have read up about the project from its web site, looked 
at its FAQs, searched or previewed prior posts;

- your initial statements about Cygwin ruby were incorrect and others tried to 
correct your impressions and opinions;

- you appear to be attempting to push a series of uninformed opinions about 
unworkable approaches onto a longstanding project with its own approaches which 
are based on openness and cooperation by volunteers in whatever they can spare 
of their free time;

- the answers to all your questions (which you would know if you had read the 
FAQ or had any familiarity with the project at all, which contrary to the claims 
made in your initial post, appear unlikely to be true, as you seem totally 
ignorant and uncognizant of anything about the project) is everything goes on 
the mailing list, and if anyone can be bothered, they may post a reply, or not;

- you have been advised of your issues, possible causes and remedies: try 
reading and trying them, before posting further, or being more contentious;

- if you dislike the responses and approaches of this community, there are 
alternatives to Cygwin, such as WSL distros, containers, VMs, etc. offering 
communities which you may prefer;

- you appear to be indulging in troll-like behaviour, so I suggest others cease 
replying to you, if such behaviour continues; in which case, you got us: please 
move on to another forum or list!

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer     but when there is no more to cut
                                 -- Antoine de Saint-Exupéry

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright 2019   by DJ Delorie     Updated Jul 2019