
Chef dependency removed after agreement with ICE - gionn
https://github.com/sethvargo/chef-sugar/blob/master/README.md
======
cousin_it
Can someone explain what the guy's action accomplished? If you yank your code
from the internet, and people have backups of it, and it was under the Apache
license, it seems to me that people can just restore the code and keep working
with it as if nothing happened. The license is perpetual, no? And that's not
just a technicality - if FOSS licenses were revocable by the author at any
time, only idiots would use FOSS in their business...

~~~
Crinus
He removed his repository because it was used by a company that he thinks it
did something he disliked. I don't know why it matters, at least in the grand
scheme of things. For him it probably matters due to his personal views and
it'll probably matter for those who align with his views (assuming they know
about that move).

In any case, anyone is free to do with their code whatever they like. If you
depend on anyone else's code keep in mind that you do not have control over
them and any expectations you may have about their actions may not match
theirs, so take that into consideration when making those dependencies.

------
huntaub
The CEO of Chef responded to this with a blog post:
[https://blog.chef.io/2019/09/19/chefs-position-on-
customer-e...](https://blog.chef.io/2019/09/19/chefs-position-on-customer-
engagement-in-the-public-and-private-sectors)

~~~
mc32
It’s the only logical conclusion. Any other would result in inconsistencies
and uneven application. One cannot continually evaluate and determine
worthiness (as defined by you) of all users.

Moreover this program began under the Obama admin. So the decision itself is
internally inconsistent.

~~~
mcphage
> One cannot continually evaluate and determine worthiness (as defined by you)
> of all users.

Why not? Or even, occasionally evaluate and determine worthiness?

~~~
mc32
How can you go into the private thinking of people? Are we going to surveil
them? It’s impractical.

~~~
mcphage
You could rely on investigative reporting done by others. You won't catch
everything, but you'll catch some stuff—which is better than none.

------
lixtra
Ironically it’s hosted on github owned by Microsoft which certainly works with
ICE.

~~~
dragandj
Even more ironically, it comes from a Google employee, when Google is so much
widespread, that it's guaranteed to be working with morally questionable
actors left and right; or (according to many people) being /the/ morally
questionable actor.

------
KevinEldon
The cited contract is with C & C INTERNATIONAL COMPUTERS & CONSULTANTS, INC.
who purchased $95k of Chef licenses.

C & C INTERNATIONAL COMPUTERS & CONSULTANTS, INC. is listed in the contract
with these business types:

\- Woman Owned Business

\- Women Owned Small Business

\- Economically Disadvantaged Women Owned Small Business

\- Minority Owned Business

\- Black American Owned Business

\- Corporate Entity Not Tax Exempt

\- For Profit Organization

\- DoT Certified Disadvantaged Business Enterprise

\- Small Disadvantaged Business

\- 8a Program Participant

~~~
goatinaboat
Am I reading this correctly: a business owned by a black woman sold a product,
and a white male has responded by sabotaging it?

Not a great look, for him or his employer.

~~~
happytoexplain
This seems like a stretch. What does gender or race have to do with the
grievance?

------
chomp
Am I missing something? It looks like a generic procurement /federal
contractor company entered the contract, and not Chef.

That’s like ICE buying Cisco switches from a 3rd party and getting mad at
Cisco isn’t it?

~~~
nofinator
I originally thought so too, but based on the CEO's blog post, it sounds like
they are more involved with ICE for this project than simply licensing their
product to an independent contractor: [https://blog.chef.io/2019/09/19/chefs-
position-on-customer-e...](https://blog.chef.io/2019/09/19/chefs-position-on-
customer-engagement-in-the-public-and-private-sectors/)

------
derp_dee_derp
Yes, let's get mad at the people enforcing the laws instead of the people who
write the laws.

Then, we can turn off our code, make a big announcement, and feel good about
ourselves without making any meaningful effort to actually help.

What. A. Great. Plan.

~~~
marcosdumay
On this case, I don't think your Law requires children to be imprisoned away
from their parents, nor that it requires that illegal immigrants be imprisoned
instead of deported. If that is really the case, the blame falls entirely on
the people enforcing it.

~~~
whenchamenia
When my parents went to jail, I didnt go with them. There are obvious logical
considerations both sides are ignoring here. While seperation is clearly not
good, the alternatives may be worse in some cases, as they were mine.

------
jchanimal
Best context I could find
[https://twitter.com/sethvargo/status/1174451060263530502?s=2...](https://twitter.com/sethvargo/status/1174451060263530502?s=21)

------
tin-foil-hat
Related article
[https://www.theregister.co.uk/2019/09/20/chef_roasted_for_ic...](https://www.theregister.co.uk/2019/09/20/chef_roasted_for_ice_dealings/)

------
ketsa
Wtf is chef...

~~~
sgift
"Chef is a company and the name of a configuration management tool written in
Ruby and Erlang."[1]

[1]
[https://en.wikipedia.org/wiki/Chef_(software)](https://en.wikipedia.org/wiki/Chef_\(software\))

------
victorbojica
What is the contract about? Can't seem to find any details regarding this.

------
mieseratte
> I apologize for the disruption to your workflow. I will be happy to restore
> the old repository and gem versions if Chef cancels their contract with the
> agency.

Great, take something out on me because of your personal politics!

I, for one, look forward to a future of navigating politicized open-source
constraints of each creator.

And of course, the creator of Chef-Sugar works for Google.

Edit: Here's a mirror: [https://gitlab.openminds.be/mirror/chef-
sugar/-/branches](https://gitlab.openminds.be/mirror/chef-sugar/-/branches)

Edit: Appears Chef itself has taken over: [https://github.com/chef/chef-
sugar](https://github.com/chef/chef-sugar)

~~~
missosoup
If you have a problem with FOSS and authors having ownership of their
creations, feel free not to use it.

~~~
iamtheworstdev
It is a bit ridiculous. Are people going to start pulling things from projects
because they find out that FOSS is used heavily by the intelligence community?

~~~
Crinus
If an author of a free software believes that it is against his own morals to
indirectly assist some organization that they see as immoral then, yes, they
have the freedom to stop working on that software as there is no obligation on
their part to continue doing so.

~~~
iamtheworstdev
I should have clarified my point a bit. I'm not debating ones prerogative to
do it. But we as nerds know the things we make can and are used by "bad"*
actors but typically say it's better for the common good so we should keep it.
Things like encryption, heavy math libraries in the world of nuclear physics,
rocket science, VPNs, etc.

So when we discover one bad person using our software and subsequently yank
it, aren't we being a bit hypocritical?

* I quote that because not everyone agrees that DHS and ICE are bad actors and want to avoid a political tangent

~~~
eropple
YMMV, but to me there's a difference between directly creating financial
benefit for the owners of a largely closed software ecosystem--and Chef in
practice is a largely closed software ecosystem, it's single-source and
they're doing their damnedest to squeeze money out of their users right now--
and more general open-source publishing.

~~~
iamtheworstdev
So what you're telling me is people would be really disappointed if they
noticed Puppet Labs makes money from the same people?

~~~
eropple
Disappointed? No, I'm not naive.

But if I used Puppet I'd be just as ripshit and hold them to the same
standards.

------
notyourday
The best part of this debacle is the author is still getting a paycheck from
Google.

~~~
goatinaboat
Moral of the story: do not do business with Google because you can’t tell when
some random employee of theirs will decide to pull the plug on you. Or maybe
you’re just collateral damage in their country’s internal political squabbles.
Either way you have no recourse, because Google.

