
Actix project postmortem - dabj
https://github.com/actix/actix-web
======
tsukurimashou
"Ok... So that was unprofessional. If you don't want to maintain a project
anymore, you give it to someone else and link to that repo in your README.

This just screwed me over big time."

[https://github.com/actix/actix-
web/issues/1#issuecomment-575...](https://github.com/actix/actix-
web/issues/1#issuecomment-575611050)

These kind of entitled attitude is probably exactly why the guy just removed
everything.

More details / discussion here:
[https://www.reddit.com/r/rust/comments/epszt7/actixnet_unsou...](https://www.reddit.com/r/rust/comments/epszt7/actixnet_unsoundness_patch_is_boring/)

~~~
teddyh
> _These kind of entitled attitude_

If you offer code to the public – and present it as an active, dependable
project – professional behavior is _exactly what you implicitly promise and
signed up for_. If you can’t offer that (at any time, and for any reason),
then you should immediately make that clear, front-and-center, to any current
and future users.

It isn’t “entitlement” on part of the users – the users are making reasonable
expectations based on promises implicitly made by the the project as it is
presented.

~~~
Macha
Or to put it another way:

As an open source maintainer, you're perfectly entitled to just walk away. Hit
that archive button on github so nothing new can come from the repo, and enjoy
your life. Nobody could fault on you that. People would prefer you work out a
clean transition to a new maintainer, but you have no obligation to do so.

Deleting the repos is the equivalent of setting the house on fire on the way
out (especially when they're under their own org). Unlike in reality, it turns
out it's totally permitted, but people will still view it as a dick move.

~~~
z0mbie42
The repo has not been deleted! [https://github.com/fafhrd91/actix-
web](https://github.com/fafhrd91/actix-web)

~~~
Nullabillity
From the bottom of the postmortem repo:

> At the moment I am planing to make repos private and then delete them (will
> remove benchmarks as well), unless others suggest better ideas.

~~~
LoSboccacc
so it's not deleted. it's the last call for all the people that wanted to
profit from his work to take up the mantle and drive the project

something anyone can do right now, I would add

but people just prefer directing the guy work

------
StavrosK
Whatever drawbacks Actix may have had, this entitlement has gone too far.
There is no defensible reason to tell someone "never write Rust again" because
you don't like the code they're making available to you. We need something to
remind us that we should be civil and grateful for FOSS contributions.

I recently saw a talk by Atwood about good discourse and how you should remind
people of your values before they write their comment, which I think applies
here. I'm going to make a single-page website reminding people that FOSS
maintainers are volunteers performing a service to everyone else, and that we
should keep that in mind.

If nothing else, it'll be an easy think to link people to in my issues
sometimes.

EDIT: It's going to go up on
[https://www.osscoc.com/](https://www.osscoc.com/)

~~~
smashedtoatoms
"We need something to remind us that we should be civil and grateful for FOSS
contributions."

You mean like having the legitimate risk that maintainers will take their ball
and go home when people are cruel and others stand around and let it happen?

This is everyone's fault who didn't dogpile the people who were being
terrible. We all need to be calling out people being horrible, and provide a
little emotional support to maintainers. We worry too much about the feelings
of people who contribute nothing, and not enough about the people who build
the things upon which we rely.

~~~
StavrosK
No, I mean something less remote and which looks less like a random act of
God, something that people can read before engaging in discussion and not
easily dismiss because "it probably won't happen". We need to raise the level
of discourse across the board, not just prevent the most egregious of
negativity.

I want people to enter the discussion with the mindset "this is a volunteer
effort so I will aim to be productive in my disagreement", rather than "fuck
this guy".

~~~
smashedtoatoms
Ahh, yes. That would be fantastic.

------
fraktl
Open source maintainers have a hard time - especially when they're under
criticism and receive zero positive vibes. Author mentions it, here's the
excerpt:

 _Be a maintainer of large open source project is not a fun task. You alway
face with rude and hate, everyone knows better how to build software, nobody
wants to do home work and read docs and think a bit and very few provide any
help._

This a big problem with open source - I, as a programmer, like when someone
commends me. It might be childish, but if I invest a few days into code and
someone finds it useful - I would love to hear it, it would make the day for
me. Instead, I had similar experience like the author of actix - hatred,
rudeness and a lot of people who don't read the docs, they merely expect
everything to work if they drop the library into their project.

Sadly, we're way too negative and don't appreciate OSS maintainers. This trend
should change. It's sad to see yet another project go because author was
mentally drained due to negativity. We should take care of our own "brothers
in arms" (we all write code or deal with tech, don't we?).

I haven't used Actix-web, but I can sympathize with the author. Keep your head
up, recharge your batteries and remain creative. Good luck with your future
products!

~~~
kmike84
A data point: I've been involved in Open Source for 10+ years, developing
projects myself, helping to maintain very popular projects, contributing, and
I don't see a trend like this. I've interacted with hundreds of people over
the years, and the vibes are overwhelmingly positive; I haven't noticed any
hatred or rudeness towards myself. I can't think of a single time interaction
with OSS people afected me negatively, but there were a lot of positive (or
neutral) interactions.

Over time projects I'm contributing to were changing, and so I was exposed to
several different communities (Python web development, data science, web
scraping), and all of them turn out to be awesome. Maybe that's just luck, but
not all OSS maintainers have it hard - no idea why :)

+1 to recharge the batteries!

------
thrownaway954
I use to do a TON of open source back in the day. i quit cause of the same
reason, people suck and feel they are entitled.

i couldn't count how many times someone would yell, kick and scream about an
issue they were having and demand that i fix it right away (ain't gonna happen
dude). i finally got to the point where i told people that i would only
participate in pull requests and nothing else. you could still file issues,
but i wasn't gonna even look at them. if you wanted something fixed, open a
pull request and i will help you fix it but i'm not wasting my time with an
issue that i didn't personally have an investment in. was i being a jerk for
doing that? maybe, but my own personal serenity was worth more to me than
pleasing you.

i think every open source author starts out with this fire in their heart to
make the software world a better place for everyone only to get beaten down by
every moron out there. when you are getting paid to do something, you put up
with the idiots in your life (how many of us are still at the job that pays
well, but HATE the people there?), but when you are doing it on your own time
and not being compensated for it, what's the point?

i applaud this dude for doing what he did. i hope his actions has put the
people using his project in a position of panic to the point where they
reflect on how they treat people and participate in the open source community.
pain is the only way we learn and change things about ourselves. i hope the
people who caused the author to quit open source change the way they treat
people in the future.

~~~
CapmCrackaWaka
Maybe it's because I work on more niche projects, but every time someone
contacted me about an issue in one of my repos they were always exceedingly
apologetic about "bothering me". My projects only have ~400 downloads per
month, so I'm sure it's a matter of sample size. If anything, working through
issues with the community has made me enjoy the work more.

~~~
jopsen
Yeah, it's important to remember that most of the time people are very nice.

Of course there are "problem kids" out there who screamd about an opinion they
disagree with or tries flirt with female contributors on IRC..

Having co-workers, a code of conduct, and a community organizer you can
escalate to can help a lot.

------
CDSlice
For context, this comes after yet another unsoundness bug has been found in
Actix-web. Normally people in the Rust community don't get very worked up over
these because we know that everyone makes mistakes, but the Actix project has
had a consistent history of introducing unsoundness through the use of unsafe
for dubious reasons like nebulous performance increases or bypassing Rust's
safety guarantees (which is what this last one was about). Furthermore, when
someone raised this issue and provided a patch to fix it the actix-web
maintainer called the patch "boring"[1]. He also censored comments that talked
about the unsoundness and eventually deleted the entire issue. This sort of
behavior should not be acceptable from any open source maintainer that runs
such a large, foundational part of the ecosystem.

[1]
[https://web.archive.org/web/20200116203731/https://github.co...](https://web.archive.org/web/20200116203731/https://github.com/actix/actix-
net/issues/83)

~~~
jmiskovic
I completely disagree with your last sentence. Think of actix-web as a gift to
the world (and judging by its popularity, a very nice gift). Being verbally
abused by vocal majority of freeloaders would drive anyone furious.

I think I understand your perspective, though. It would benefit the community
to have projects of great importance properly maintained. How to ensure it?
Well, by paying people to do it, not necessary developers but active project
mantainers. Only then you are entitled to complain about somebody doing a
lousy job. To sponsor it, introduce micro-transactions for dependencies.

~~~
CDSlice
Obviously being vocally abused is not OK no matter what the victim has done.
This is a big problem and I think Steve's article that is currently on the top
page of HN gives a good overview of that part of the situation.

My problem with viewing all open source as a gift to the world, take it or
leave it, is that when people create open source packages, market them as
being ready for production use and as the best option for said production use,
and then act unprofessionally towards security issues and reject patches that
fix the security issues for no reason other than being "boring" and "not
creative enough" people should be able to call them out on it as unacceptable
behavior for an open source maintainer. If actix didn't claim to be production
ready and instead stated that it was an experimental code base designed to
advance the state of the art in web server performance I wouldn't have a
problem with how it was managed. However, once you claim that something is
production ready I think you need to be ready to take responsibility for it.

~~~
howeyc
I strongly disagree, with extreme passion.

They could have marketed it as the greatest gift to humanity for all I care.
It's your responsibility to handle your use of code. Sure, you may find
issue's in your dependencies, and you're welcome to submit a bug or provide a
fix, but if you expect anything more than the code as it is, it's still your
problem how to deal with it.

The entitlement is astounding. A person providing free code doesn't owe you
anything or "need to take responsibility" or whatever else you may want.

~~~
temac
While that's true, expecting bad maintainership to not have any effect and
third parties not discussing about the quality of the software is also
delusion. (And in practice, maintainers maintain, and I'm glad they do,
because otherwise e.g. Linux distro would be complete absolute crap.)

What is also a in the realm of possibilities is that a project gets a bad
reputation and for indirect effects or others, dies. That happened here.
However, in the effects we saw here, while the people proposing patches and
debating in a civil way about technical flaws (or at the very least widely
perceived as such) were fine, the brigading was absolutely inexcusable, as
well as the unproductive/nasty comments.

------
gfodor
I’m not sure why people are so fork-shy. Forking is the greatest gift of open
source. It’s basically the point and the core of what it means to have
software freedom. I think the anxiety around forking is unwarranted,
especially in scenarios where the author clearly has divergent goals and
values from a large number of people.

It seems the forest has been lost from the trees: exercise your freedom, fork,
and let diversity lead to longevity. I think a lot of the aversion is because
forking and fragmentation is messy. It doesn’t surprise me that the Rust
community in particular would abhor such disorder :) (see the JS community for
a counter example.) But such disorder is a key element of so many good human
systems, like democracy and free markets. Better to embrace them and relish
the freedom they bring, than dive deep into conflict with others only due to
imagined chains binding you together, chains deliberately lacking due to the
selfless altruism of the project creators who bound their work to a free
software license, to whom you should be thankful, not resentful.

~~~
okareaman
This whole issue is confusing to me. It's like no one ever heard of fork. It's
hardly mentioned in the comments. The author owes people what they paid him to
do, which is nothing. If he wants to go unsafe and fast that's his business. I
don't have to ride with him. I can make a copy of his car for free and drive
it the way I want.

I think this is a case of the end justifies the means. The end: get the
maintainer to change his code the way I want. The means: bully and abuse him
to force him into it because that sometimes works.

~~~
gfodor
At some point open source got morphed into being about free as in beer and
gratis volunteer work by generous souls. But its origin and what the licenses
themselves are about are _freedom to read_ and _freedom to modify_. The
entitlement that has crept in and the social contracts that seem to have
formed around expectations for people writing Free code are concerning.

Shame on people who forget this, and demand more than those freedoms from
authors who so generously grant them to others. Based upon what I’ve read, I
would have checked out from this project as the author well before they did
given the harassment they’ve apparently been getting for not merging PRs into
their repo.

------
toyg
I'll save this link for the next time someone tries to argue that the Rust
community is somehow "more welcoming" than some other X community.

All internet-based communities contain some assholes. All of them. Sadly some
maintainers don't seem to have the werewithal to tell them to go away. I mean,
when you get "asked to change coding style", it's the time to put the
banhammer down, because there is no way to please these people without
humiliating yourself.

~~~
lifthrasiir
> I'll save this link for the next time someone tries to argue that the Rust
> community is somehow "more welcoming" than some other X community.

It's deeply disappointing to see this outcome (and r/rust is literally divided
into two halves on this drama at least for now, ugh), but I believe it is the
statement about the _average_ atmosphere. Not that I have an argument for or
against the refined statement, but it doesn't automatically get rejected with
a single counterexample.

~~~
toyg
Nah, it's just the usual delusion of small-but-growing communities. The Python
community was great in 2001, a bit less so these days. The Lisp community was
probably great at some point in the '70s too. It's just that, with size, the
likelihood of attracting undesirable elements inevitably grows until their
presence simply cannot be denied. At that point, you either deploy heavy-
handed moderation and get branded "unwelcoming" by the assholes, or leave it
free for all and get branded "unwelcoming" by the most sensitive not-assholes.
Then someone or something will spawn a new community, and the cycle will
repeat itself.

This process is basically inevitable, and it has been observed in internet
communities for so long that it's basically a science by now. It's just the
nature of the (human) beast.

~~~
lifthrasiir
Of course I don't disagree to you, I too think that that reputation is
extremely hard to retain. However:

1\. It seems that there are/were some language communities noted for their
relatively more welcoming atmosphere. If small communities are usually great
until it aren't, why don't we see many such communities? There seems to be
some truth in this (albeit ultimately fragile) reputation.

2\. For this reason, in order to claim that some community is no longer what
it used to be, you need multiple anecdotes at the very least.

~~~
toyg
If a small community is great and the tool they push is valid, it will grow
until it's not great anymore. Try mentioning any tool that has grown in
popularity, stood the test of time, and still has an exemplary community.

If a small community is great but the tool is not particularly good, they will
stay small and simply get ignored. That's the average scenario for most
languages not pushed by a wealthy vendor: you just don't hear about them
because you don't need the tool.

 _> you need multiple anecdotes at the very least._

Meh, this is just the first of many to come, if Rust is to keep growing in
popularity. It's on the same trajectory as Go, just a bit behind because it
got usable a few years later.

~~~
lifthrasiir
> Meh, this is just the first of many to come, if Rust is to keep growing in
> popularity. It's on the same trajectory as Go, just a bit behind because it
> got usable a few years later.

If you originally meant that the Rust community is _on the way of_ becoming
less welcoming, well that works for me.

------
dhbradshaw
What he created and did was and is amazing.

He wouldn't have had the attention or the criticism that he got if it hadn't
been so impressive. I think when something's good enough, people may actually
criticize more freely. Some of that is because the project becomes worth the
scrutiny. But some of it is also a status thing. If your work is good enough
to give you a high enough status, you change categories a bit in peoples
minds. They start to criticize you in the way that they'd criticize other
entities that seem strong enough that they don't need to be protected any
more.

I hope that the actix ecosystem can stick around and keep moving forward. But
even if not, I think fafhrd91 made impressive contributions and I'm glad to
have used and learned from his work.

~~~
guscost
Agreed, nice work fafhrd91!

-from another impressed but silent user of your project

------
Dowwie
I've been using actix-web for my work for some time, contributing however I
can while learning Rust and myriad other subjects. This was the _third_ major
public event involving controversial design and implementation decisions. A
great number of people in the Rust community have refused to accept that not
everyone subscribes to their ideology about use of unsafe. They've repeatedly
tried to impose their values and priorities upon someone who has been more
than capable, if not more capable, of reasoning about legitimate issues and
risks and who has his own priorities. The author has not been kind towards
those who challenge his decisions, and this has not helped him navigate social
issues. It's not just that he struggles with English but has a very different
value system and set of priorities than those who he's had to interact with.
Further, these contributions weren't from neutral parties but rather a group
of long-term adversaries who have taken it upon themselves to hold Nikolay
accountable for having differences. They blog, they control the narrative in
message forums, they basically do everything in their power to cancel Nikolay
and his tremendous work, shaping the public narrative as one that suits their
goals.

It took great strength to go as far as Nikolay did in spite of these
challenges. I understand why he doesn't want to participate in this culture
any longer. It comes at a great cost. Unfortunately, the actix projects and
its author are not the only ones who have been targeted for having
differences. The next example is Ferrous Systems, who have authored a new
ecosystem for asynchronous development. The team has been attacked in all
sorts of ways and are going to great lengths defending themselves and to help
shape the public narrative. Eventually, they will tire from constantly
defending their decisions. Some will lose their patience and tempers will
flare. Then, an angry mob will re-emerge and do everything in its power to
cancel the momentum of their work and attack the reputations of the authors.

I don't know whether this social behavior will change without the culture
changing as well. It requires a respect for viewpoint diversity and acceptance
of people unlike ourselves, not just in gender orientation but in opinions and
values. It includes tolerating disrespect and leaving people alone rather than
trying to destroy them. I doubt these social issues are unique to the Rust
community. Cancel culture seems to exist in all shapes. We aren't better for
it.

~~~
lidHanteyk
I wonder to what degree the entire incident happened because Rust has unsafe-
blocks.

~~~
Matthias247
There are only 2 outcomes for Rust not having unsafe blocks:

1\. Everything would be unsafe. Same as C/ C++

2\. You could not use it to write real software, because not all constructs
are expressible in safe code. The std lib requires unsafe to a bigger extend.
Talking to the OS does the same.

Unsafe blocks are required to write software. And they are good, because they
minimize the amount of code which can not be automatically audited by the
compiler.

Unfortunately unsafe blocks seem to get more and more misused as a metric
around the quality of software. Which is certainly not their intention.

------
christiansakai
I am a Rust beginner, and have made a few small projects with Actix Web. Actix
Web is the only framework I use in Rust and spent some time learning about it.
During that learning process, the docs constantly get updated but there are
examples in the repo. Sometimes there aren't examples and I go to their chat
room and ask the maintainer directly, and to my surprise, he always answered
my question.

He is a busy guy with a life that already put immense effort to create this
library and helping people to use it. He is free to do whatever he wants.
People who complained, did they even give him thanks? Or donating coffee
money? Grow up and stop spending your SWE salary for your vices.

~~~
xtf
Tried to write it down and help to enhance the documentation, or written an
own documentation? So that reoccurring questions could be reduced.

~~~
christiansakai
During that time the actix web library was planning to do some breaking
changes because of 1.0 target

------
capableweb

      THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
    

This is part of the MIT license. Many other open source and free software
licenses contain the same thing. It's simple, people provide software they
write in their free time or "sponsored" by their company, in return they get
nothing and you should expect nothing more than the piece of code that gets
published.

People have started assuming that free and open source software is not "true"
open source if you don't build a community around your project, gain a
following and can take advantage in it professionally somehow.

It's a shame, as it puts a lot of pressure on people, instead of all of us
just sharing code because we love coding and want to share it with everyone
who also loves it.

~~~
geofft
The MIT license isn't the only thing Actix wrote. They also wrote this:

[https://actix.rs/community/](https://actix.rs/community/)

> _Community: The best things in life are to be shared_

> _Join us - Want to talk to others about questions? The actix gitter channel
> or reddit community are your best starting point._

> _If you think you found a bug it 's best to go to the github directly. There
> are two repositories that you might want to report against. actix for issues
> with the actor framework or actix-web for the high level web framework._

> _We 're a welcoming community so don't be afraid to engage. Interactions are
> governed by our code of conduct._

I agree with you that projects aren't required to do this. (And I also agree
that developers often feel pressured to build up a community for their
project.) But still - that's what they wrote.

~~~
capableweb
True, they did write that. But taking into consideration the license open
source and free software is usually licensed under, they are free that change
those opinions at any time, and you cannot blame them for it.

If you had a contract with the project, I would understand the frustration.
But since it's published on a "NO-WARRANTY" and no promises basis, the persons
opinion can change at any time, and that's perfectly fine.

So maybe today I feel like, yeah, my open source project should have a
community! So I publicly write that. But then 6 months later I change my mind
and stop trying. This is also perfectly fine. Annoying, sure, but if you want
to avoid that, start making contracts with the libraries that you include in
your projects.

~~~
geofft
I'd like to live in a world where, if I tell you something, you can take my
word for it and you don't demand a contract for it.

Also, those words are _still_ on the website. If the author is no longer
interested in bug reports - which is absolutely the author's right, to be
clear, and does not make them a bad person - they ought to at least change the
language on the website to make it clear. Otherwise the language encourages
people to waste their time, which is pretty rude.

------
mrunkel
Removing the repos seems to be a bit much especially since he is planning on
making them private and then deleting them.

Why not just leave them in place if you're burned out and see if anyone is
willing to take over maintainership.

Given, I don't know the history, but I always feel a bit of pain when code
gets lost or destroyed in the heat of the moment.

~~~
robin_reala
They have been moved to his personal account for the time being:

[https://github.com/fafhrd91/actix-web](https://github.com/fafhrd91/actix-web)

[https://github.com/fafhrd91/actix-net](https://github.com/fafhrd91/actix-net)

------
dyeje
The entitlement in this thread is astounding. Don't like how the project is
maintained? Fork it. If you don't have anything nice to say to the person who
gave you the code _for free_, then just don't say anything at all.

~~~
Hello71
This argument confuses and saddens me. If I give away free food which I and
others know to be contaminated with foodborne pathogens, is it wrong for them
to criticize it? What if I don't know, but I obtain it from a supplier which
is known to persistently sell contaminated food? What if I put up a sign in
very small print saying that the food comes with no warranty whatsoever and
all consumers eat it at their own risk? What if I put up a large sign? What if
instead of pathogens, I intentionally add lead-based decorations on the basis
that they look and taste good, even if they may be slightly carcinogenic if
consumed? What if I clearly state that the decorations must be removed before
eating? At what point do I acquire moral culpability for the harms suffered by
my customers? These sorts of comments seem to imply that there is no problem
with me doing any of this, as long as the food is provided for free and
consumers have the choice to not take the food. I would vehemently disagree
with that claim. Uninformed choice is not a true choice, and even informed
choice cannot excuse certain foreseeable harms.

~~~
kelnos
That is an entirely specious analogy. This code will not cause someone to get
sick or die. And "contaminated" vs. "not contaminated" is a binary result for
food -- one is the case and one is not the case. With code, there's nearly
always room for reasonable disagreement as to what is the right/good or
wrong/bad way to do things, and often people argue over two (or more)
perfectly fine ways of doing things that just come down to a matter of style.

~~~
smt88
I'm not sure if this will change your mind, but in the Rust world, there's a
concept of "unsafe" code that can lead to vulnerabilities.

The difference here is that a code consumer can check a Rust project for
unsafe code, whereas a food consumer cannot check for unsafe contaminants.

~~~
phkahler
If it's OK to demand a project use only Rust and not unsafe Rust, then it must
be OK to bitch at every C or C++ project and demand they rewrite in Rust. If
that sounds absurd, that's because it's supposed to.

~~~
smt88
That's not really an apples-to-apples comparison.

From what I can tell, actix was using unsafe code to improve benchmark
performance, not because safe code was extra work. That's fine, but it was
misleadingly marketed as more than a toy project, and it shouldn't have been.

Further, rewriting a project is very different from just making different
coding decisions when maintaining an existing project.

I still think the actix critics are showing how irresponsible _they_ are for
blindly using a library without researching it well.

------
mfer
Being a maintainer on a popular open source project can be hard. You put
expectations on yourself, others put expectations on you, people complain,
people trash talk you because they think they can do it better, and so much
more.

I think this highlights that maintainers need support systems to help with
this. We can use GitHub features to mute or block people. We can have CoCs and
try to avoid people who cause issues. But, they still happen and maintainers
need help. Someone to talk to, people who have been there, support groups,
strategies, and sometimes sabbaticals.

I feel for this guy and hope some time away will help him personally.

------
mwcampbell
We did this to him. [1] We drove him to burn-out. We should reflect on that
and make sure we don't ever do that again to any open-source maintainer. And
we should pay more of them for their work.

[1]: Including me, as I contributed to a comment thread here about cheating on
benchmarks.

------
ww520
Good for him to make a stand!

I can completely understand how he felt. Similar things happened to my open
source projects, admittedly at a smaller scale. Users became so entitled to
open source software and became hostile. Well, i nipped the problems at the
bud by moving the projects off open source license. There were a few people
crying foul and vowed not to use it. Fine. I respected their choices, and
let's move our separate way.

There're requests to open source and hand the projects to someone else. No. I
want to maintain control of the project development and direction, like
directors wanting to maintain artistic control over their movies. If someone
is so fired up, they can always write their own open source software.

~~~
AzzieElbab
would you have declined a patch that fixes a real problem because it is
boring? i do not really get that kind of thinking either. personally i would
have accepted it and replaced with something clever latter on

~~~
ww520
Yes, I would. Because that patch is a "style" patch. It's not important in the
author's roadmap for the project.

People ask for different things and think their things are the most important,
and when they don't get their way, screaming and kicking to force them in.
They can always fork it or create a separate project if it's so important.

~~~
AzzieElbab
I wrote "fixes a problem" explicitly. How is that a "style" patch?

~~~
ww520
Some people treat style as a problem. In the context of “boring” conversation
the problem was the unsafe usage. How’s that not style?

------
yongjik
An argument could be made both ways, but I wish people stopped quoting
licenses to resolve social issues.

For example, the license does not forbid the user of the software from
INSINUATING THAT THE AUTHOR OF THE SOFTWARE IS INCOMPETENT, OR UNFIT TO AUTHOR
ANY SOFTWARE, EITHER IN A PARTICULAR LANGUAGE OF THEIR CHOICE, OR IN GENERAL.
So one can almost say that anyone who's doing it is exercising their right
granted by license.

...But that kind of argument is not really helpful, isn't it? The question is
whether some behavior is socially acceptable. License doesn't enter the
question.

(BTW, of course I don't support the kind of behavior I endorsed(?) above.)

~~~
growse
> ...But that kind of argument is not really helpful, isn't it? The question
> is whether some behavior is socially acceptable. License doesn't enter the
> question.

> (BTW, of course I don't support the kind of behavior I endorsed(?) above.)

Let's say someone wants to release some open source software to the world. But
they also want to retain the right to remove their currently published copy at
any point, their right to reject patches and generally do what they like
without being slurred and berated by everyone else.

Aside from adding a plaintext file alongside the code that explicitly says
(sometimes in capital letters!) that the code is supplied with no warranty or
obligation, explicitly or implied, what should they do?

Isn't it clearly the case that the license explicitly states the social
contract?

------
brobdingnagians
Closed source is more fun to develop. You get full control over your code, you
just have to meet the needs of people who think it is worth enough to pay for
it, you can code in whatever eccentric manner you want, and you get to keep
the nice wads of cash if it becomes successful. If security is a problem, then
the people with wads of cash will leave, but at least there is some incentive
there.

------
gameswithgo
I would advise people who decide to embark on large, hard projects like this
to stop making them free. Make the source open if you want, but charge money.
Either for the product, or for support requests, something. This not only
filters out entitled assholes, but it gets you money, money that you can maybe
use to pay people to help, or at least to buy a beer.

~~~
bob1029
This is an unfortunate conclusion that I also arrived at after much
consideration. I have a proposed dream project in front of me that would take
at least 2000 hours to reach MVP. Do I just give it away for free on GitHub
under MIT? I spent over a decade honing the skills that allow me to even
engage with such a difficult objective. Why should I just give it all away
unfettered? What alternative approaches exist in which I share these wonderful
new ideas openly and also somehow reap the benefits?

I feel that for certain projects like vendor API integration libraries,
opening up the source for all to use freely is the best path. But for others,
where years of intellectual property and personal development exist
predominantly within the code itself... I think I want to keep this kind of
code to myself for now.

------
cttet
I wish that the author have read this "The Hard Parts of Open Source" by Evan
Czaplicki
[https://www.youtube.com/watch?v=o_4EX4dPppA](https://www.youtube.com/watch?v=o_4EX4dPppA)

~~~
jlengrand
I thought about exactly that as well :).

------
3jckd
Asking for a friend - could someone explain what happened there? The README
doc is quite vague - it is more of a personal justification than a rationale
(to me).

~~~
stefan_
It seems like the overarching issue is that Rust is a house of cards. They
added unsafe like Java has null. My favorite part is that you can declare a
crate to forbid unsafe, but that then doesn't have to hold for it's
dependencies.

The obvious implementation is for unsafe to be infectious like const. You have
unsafe code, your crate is unsafe. You depend on an unsafe crate, your crate
becomes unsafe.

~~~
cesarb
> The obvious implementation is for unsafe to be infectious like const. You
> have unsafe code, your crate is unsafe. You depend on an unsafe crate, your
> crate becomes unsafe.

That would mean _everything_ is unsafe, since every crate depends on _core_
(or on _std_ which depends on _core_ ), which has "unsafe" code.

The design of "unsafe" in Rust, instead, is to allow building safe
abstractions on top of unsafe code (or be able to clearly mark when the
abstraction itself is unsafe). That way, for instance, users of `Vec::push` do
not have to worry that it uses uninitialized memory (which is unsafe).

------
droitbutch
Concerning is what message this sends to other OSS developers. One goes into
F/OSS knowing full well there will be little rewards financially - but facing
harassment or attacks on their reputation cannot encourage future projects.

------
arh68
Is it too late to set up a SafeActix project, let him keep the Actix name &
creative control, and resolve things semi-positively? Seems like the community
mistook it as an effort to build something safe, and it was a thousand cuts of
misconceptions/asks. Maybe open an issue and give them a week to decide/vote a
new name. I don't think there's an _obligation_ per se, it would just be
better.

------
stackzero
Poor guy, writing code for fun and maintaining an OSS project long term aren't
the same thing. Nor do they require the same skill set.

With abit of elbow grease we can pick the project up again, "reputational
damage" is not the end
[https://en.wikipedia.org/wiki/Service_recovery_paradox](https://en.wikipedia.org/wiki/Service_recovery_paradox)

------
zelon88
To me, this displays a deep misunderstanding of FOSS on the part of this
projects maintainer. He wants to create a project, promote that project to the
top of it's field, and completely ignore the perception of his userbase. Then
he fell back on "it's my code I'll do what I want with it." That would be
fine, but he "sold" people on this code with the understanding that we were
all going to take it to it's maximum potential. This was marketed as something
which would solve specific needs better than similar products. Most people can
handle regression and bugs and regular ongoing refactors as everyone struggles
to bring this same piece of code to the next level. What people, especially
the dev community, cannot overcome is when they are told that a project has a
direction that it clearly doesn't have. If this maintainer had no intention of
accepting feedback from his users there should have been a clear indication of
that somewhere in the docs.

If you never reconcile your reasoning and expectations with your community
then they will deduce reasoning and expectations that you never implied. This
maintainer wanted to produce a popular piece of software not to contribute to
the Rust community, or because he wanted to make lives easier. This isn't the
attitude of someone who is trying to improve his skills or challenge his
knowledge of Rust. He obviously didn't do it to get rich. I believe he made
actix-web to get famous. He wanted blind recognition for being selfless. He
wanted a community of docile dependents who sit up late on GH hitting the
refresh button waiting for his next push. He seems to have only wanted to make
a product that people revered. When that didn't happen because he never
reconciled his goals with the communities expectations he took his ball and
went home. "What??? No fame? No glory? Criticism!?!? Fine, no soup for you."

------
polskibus
Is this the same actix that won recent Techempower benchmarks? What a pity!

~~~
therockhead
Yes.

------
rehasu
The very normal path of growing up as a leader:

1\. people are good -> trying to do something good

2\. doing good -> realizing many people are not good

3\. stop doing good thing, start being frustrated

4\. realizing one doesn't need to let people pull oneself down -> start doing
good again

5\. helping others to do good things and surviving the first shock of being
visible

6\. $$$

------
fenwick67
Similar burnout happened with Ecstatic, a very popular Node.js static file
serving library.

[https://github.com/jfhbrook/node-
ecstatic/issues/259](https://github.com/jfhbrook/node-ecstatic/issues/259)

------
Steve0
It should be noted that the code wasn't deleted, but forked to his private
repo, where it's still open for anyone to use, download, fork, ...

------
gtirloni
if the issues are so bad and the author doesn't want to fix them, just fork it
and avoid all the arguments that won't lead anywhere.

------
pauldix
Sad to see this. I'm using Actix in a new project and have been watching the
project for a while. Guess I'll be refactoring to use Hyper. If I were farther
along I'd probably try to take ownership, but it doesn't make sense given that
it's only around 40 LOC in my project that depend on Actix at this point so
switching out to another framework is more straightforward than taking
ownership of a codebase I don't know.

I understand fafhrd91's (the maintainer) frustration, but it would have been
much better to just abandon the project and throw it up for some other
volunteer to come in and take it over. Then the project can live on and he can
bask in any success it has in the years down the road. Instead, it's a
complete mess where all the good work and good will has been undone in a
single move.

I've abandoned multiple OSS projects over the years and let other maintainers
come in and take them over. Now over 10 years later I can still say I created
that project that still gets used because other people have seen value in
continuing to contribute and maintain it.

------
didibus
Reminds me of this "Open Source is Not About You":
[https://gist.github.com/richhickey/1563cddea1002958f96e7ba95...](https://gist.github.com/richhickey/1563cddea1002958f96e7ba9519972d9)

------
sergiotapia
Agree 100% with the maintainer, read some of the comments on /r/rust and on
Github, I haven't seen a more rude sanctimonious community in my 12 years
programming. Holy shit!

Rustaceans my ass! From now on Rudeaceans.

~~~
stjohnswarts
Check out their official channels. Anything on reddit is going to be toxic
unless it is highly curated by the subreddit mods. That's just the reality of
reddit.

------
qwerty456127
People should really learn to ignore the emotional channel of the comments
they receive. Just try to figure out if the message contains any useful
information with a quick glance, extract it if it does and ignore the rest.
People have to shit - that's physiologically inevitable, and there are people
who do it in the streets and there are people who shit in comments/messages.
Why take them serious?

~~~
arcatek
> I used to do tech support and some people (not too many) wrote right out
> rude or nonsensical (like concluding I hate their religion just from the
> fact our service failed to suit their specific needs).

This isn't at all the same thing. You were paid to do your job, and at the end
of the day you could just joke about those weirdos.

When working on an open-source project, everything becomes much more personal
because your motivation is fuelled by your own personal attachement to the
project. Imagine you're helping elderly people cross the street every day, and
every once in a while they yell at you for not doing it better, whatever that
means. At some point is it still worth it?

And of course you can't just put that behind you once you're back home,
because this abuse happens at home. I remember this time where someone
literally told me to kill myself while I was fixing a bug - at midnight - in a
project I handle. Or the time I woke up only to see that during the night
someone public had decided to openly send me literal fuck emojis on Twitter to
right a perceived wrong. Good times.

So yeah - building a shell is the right solution, but it's hard and we really
shouldn't have to deal with that in the first place.

~~~
qwerty456127
I get you point, it makes sense, but I feel like I personally have already
grown over that and everybody can: just know what are doing the job for. Are
you helping the elderly to get their gratitude? No, just because I'm doing the
right thing and I know some of them are jerks because loosing their sanity to
Alzheimer's and because of hard life they had. Are you maintaining a free
project for users' gratitude? No, I do because it's fun, because it expands my
experience, fulfills my own needs, improves my CV and because I'm glad if
somebody can use it for good. Never expect a reward if it's not guaranteed in
the first place.

------
jxramos
Is this sort of action unprecedented?

------
jaimex2
What was Actix-web?

~~~
beatgammit
A web server built on an actor framework and probably the fastest Rust web
server out there for many use cases.

I used it because it was easy to fill my niche case (TCP + UDP + WebSockets +
HTTP interfaces to the same thing) as well as my boring CRUD apps, and it
worked on stable Rust since a long time ago.

The author got a lot of flack for using "unsafe", then fixed most uses of
"unsafe" and it has become something of a meme now. Unfortunately, there's an
odd, almost religious crusade against unsafe in the Rust community, especially
by those who don't really understand the ramifications of using unsafe
incorrectly or how to tell whether unsafe is being used correctly.

It's a cool project and I have loved using it. I'm probably going to use
something else unless someone steps up with a commitment to maintaining a
fork.

~~~
jaimex2
Thanks for the explanation.

It's funny to see history repeat itself with "Unsafe" hooks. JAVA has a number
of projects which also do this for speed and it always freaks people out.

------
tus88
The open source equivalent of the rage-quit hehe.

------
m4r35n357
I don't get it. This is a Git project. So did none of these people actually
bother to clone it?

Probably easier to just rely on binaries . . . suckers!

~~~
beatgammit
There are plenty of repository clones, that's not the issue. The issue is that
people want to contribute back to the same repository so you don't have to
figure out which project is the just up to date. When a project like this goes
away, it takes some time for everyone to figure out which fork is actually
being maintained properly.

The best course of action, IMO, is to state that you're stepping away, perhaps
indefinitely, and ask if anyone wants to be added as an admin to take over.
That's not _required_ , but it's a nice thing to do.

I'm sad about this on a lot of levels, any I hope the maintainer does what I'd
like, but if not, I'll just wait a few months and see how the dust settles.
For now, I'll probably go back to investigating other projects.

~~~
m4r35n357
The Linux kernel has no central repository, they use email & stuff. I believe
that is what the author of Git intended.

~~~
cesarb
> The Linux kernel has no central repository

It does have a central repository, it's this one:
[https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git)

------
zozbot234
In case you're directly impacted by this,
[https://www.arewewebyet.org/topics/frameworks/](https://www.arewewebyet.org/topics/frameworks/)
provides a list of web development frameworks for use with Rust. Just pick one
with a less cowboy-coding oriented attitude than Actix-web, and you should be
OK.

------
Fellshard
Like it or not, it's best to view this incident as having direct parallels to
the NPM left-pad incident.

Ignoring the specifics of what led up to this for the moment, observe that a
single person was able to completely annihilate an entire dependency's source.

I think one of the primary requisites to reliable FOSS development and
adoption will need to be tooling that maintains immutable records to the best
of its ability, so that prior artifacts cannot be revoked; you publish code as
FOSS, it is with the clear understanding that you have disposed of your
authority to revoke it.

There are cases where something may need to be revoked, but make it a multi-
layer process at that point, not a single button and one man's whim.

