Hacker News new | past | comments | ask | show | jobs | submit login
“Please don't add any of my stuff to this project” (github.com/nixos)
280 points by waon 48 days ago | hide | past | favorite | 348 comments



Seems like an author that doesn't understand the spirit of FOSS. The nixos team was clearly allowed to use it and include it when asking for some technical merits as to why, and even offering many alternative options to appease the author the author seemed to just childishly stamp their feet and say, "because I said so". Eventually the author took the position of "taking my ball and going home". Why is a person like this even engaged in FOSS if they don't have a desire to share or even engage in a reasoned discussion?


When they offered to fork it completely to avoid the issue and he rejected that, it really just looks bad.

I get being done with something when you've had a bad experience, but the maintainers here went to every effort to accommodate, and did so in a friendly way.

It reads like this guy wanted a fight and an excuse.

I think the correct answer is to just make the fork as proposed and use that instead, it solves the problem and removes the guy from the equation entirely. The fact he rejected it doesn't matter and he can be angry all he wants.


From what I can see in the thread (and I'm not very familiar with the tech so I'm working off of inference here) it looks like the library fetching tool is well equipped to fetch the freshest branch from his repository directly. His responses are very minimal but it sounds like he's objecting to older versions of his library being bundled in and causing breakages on the client side - forking would potentially just make this problem worse from his point of view if his primary concern is the fact that users get out of date code - compared to the concern of code maintenance.

Daniel Stenberg creator of cURL has famously gotten a lot of weird support requests and emails over the years due to his license being shipped with an insane number of different utilities. He has handled them gracefully and with good humor from what I've seen, but not everyone is comfortable with fielding questions from random non-technical users - if that's where this dev is coming from then forking the project would probably let him dodge a lot of the responsibility. I just can't clearly tell due to how terse[1] his replies are.

1. I would say succinct here due to the fact that it lacks the negative connotations of terse, but it also implies a completeness of information which sadly isn't here. Please don't read terse as insulting or negative in any way.


It seems to me he states pretty clearly that his issue is the support burden, not some paternalism over users:

> If users experiencing issues with the ambee library in this package, they will knock on my door. And I'm not willing to support that or accept that burden. Especially as I don't see a good repacking reason in this case.

I absolutely agree that there is a legitimate reason to say "look, I can't handle the support burden from this", but users aren't going to track down the original project to make support requests if you fork it, rename it and point everything to the new one.

(Obviously you might get one or two, but anyone that motivated would probably be making their own package and run into the exact same issue anyway, at some point you can't really blame the package).


The solution is to fork the project and give it a new name & URL so users don't knock on his door - he refused that option too! Kudos to the maintainers for their curtesy - they didn't have to ask him for additional permissions over and above the current licensing agreement - they have the rights to redistribute or fork the project, Frenck is against them exercising either right.


From the profile https://github.com/frenck He describes himself as "Slightly assholic at first sight. Actually a nice guy that just likes to get stuff done." Very fitting description actually, I wouldn't argue with such a nice guy.


I don’t think there’s any obligation for support. One can even disable GitHub issues. Or let community support itself by appointing comaints.


The point about shipping old versions is rather moot in this case however, because the NixOS package was using the version required by the latest version of Home Assistant.


If anything, the Nix packaging of Home Assistant should (tm) be running on a known good working set of deps.


The nixpkgs/NixOS packaging of NixOS uses packages which work with the tests of home-assistant. We cannot respect every version pin and if package have none breaking updates we happily update them. This is especially important to get security fixes in.


IMO, it's worse than that: frenk does seem to understand the history of FOSS distribution. Most Linux distributions included packaged sources for the software. This is no different. They did not point back to the original repo, not to the source control repo. They had rmps or the equivalent.

The existence of pypi does not mean everyone is forced to link back to it and use it has their own source repo. Frenk insistance that everyone uses pypi and only pypi is just a tantrum not based on reality.

People could use his package from pypi and still have an outdated version. People could use a pinned version from pypi and they would always get an outdated version. People could be using an installed software from long ago and thus have an outdated version.

Thus his concerns are not magically solved by not packaging sources.

Plus, he has an attitude problem, is passive-aggressive, is closed minded and won't discuss. May he have fun with his newly weirdly licensed package,


He strikes me as someone who has been burnt by the packaging issues that have been around in the ecosystem for years.

You're right that the existence of PyPI doesn't mean everyone is forced to link back to it, but damn it would make a lot of stuff a hell of a lot easier if it did. I've been bitten by Debian packages being years out of date, I've seen packages modified by maintainers in ways that are poorly documented and useful for Debian users rather than Python ecosystem participants.

I've managed to work my way out of that now and would never go back to that world if I can help it as the trade of reduced engineering quality (along various axes) for increased "freedom" is not one that I value (personally, or at work). So I can really empathise with this persons position.

I think they handled it poorly, communicated poorly, came to the wrong conclusions, and left the discussion in a bad place, but all of that just screams frustration to me, and I can understand where it comes from.


> I've been bitten by Debian packages being years out of date

I've been bitten far harder by pypi packages trying to download random opaque binaries, miscompiling their own binaries, vendoring and failing to update large packages, having impossible-to-satisfy dependency requirements (relying on pip only ever making a half-assed attempt at satisfying them) and generally making strange assumptions about the target system.


That is indeed also a problem! Essentially it comes down to wrapping sets of dependency management. Thankfully the "engineering" side of Python is fairly good at this in my experience, but I have seen the "data science" side of Python do some of this.


The whole point of nix is to decrease the chances of being burnt by dependency management. This is why packages don't rely on _just installing packages via pip_.


Some people release something as FOSS but don't understand what that means. We had a developer we worked with at PortableApps.com release his software under a FOSS license. He requested we package it portably in our format and release it. His users and ours were happy.

Fast forward 3 years and a bug impacted a user's data in the portable package. The developer became increasingly irate even after it was fixed and demanded we stop publishing it. To avoid confusion, I even renamed the portable package to a new app name, forking it. That made him even more angry and he started publicly claiming we were "stealing" his work, despite following the license, maintaining his copyrights, and directing users to donate to his donation page to support development. He put up banners on his website and documentation pages about the "theft". As his emails to me went downhill, I got the feeling he might poison the code itself upstream to mess with the fork. I didn't want to deal with that just for one small app, so I abandoned it.

So, yes, this does happen. And some people thing "because I said so" is a valid position.


Fascinating story. I think it's hard to anticipate consequences of actions, for some harder than others.


Yeah, they went above and beyond trying to mollify the original author, in my opinion.

I would have forked his repo, and said, "We'll be happy not to include any of your code. We'll just use this forked repo which is now our code."


I agree. This is kind of bizarre behavior from someone who is such an important contributor to Home Assistant, a large scale open source platform. I can’t imagine most of the leaders in Home Assistant would share this attitude, but maybe I’m wrong.


Unfortunately, the founder of Home Assistant has acted similarly too. When NixOS maintainers raised concerns, he accused them of having "no intention to contribute anything positively." This was despite NixOS maintainers' best efforts to engage in a civil discussion.

To make matters worse, he even used the fact that the NixOS discussion was temporarily locked down due to high tensions and accused NixOS maintainers of attempting to shift the maintenance burden on Home Assistant, which is hardly what all this is about.

https://community.home-assistant.io/t/consider-to-avoid-addi...


It seems like HA has its own plugin distribution model, whereas NixOS is trying to work around that to provide reproducible builds.

Aside from how this issue has been handled, poorly, that seems like a reasonable technical decision for HA to make, particularly given that their main use case is semi-technical user installing on a Raspberry Pi, and in that case is it something they should be forced to support? A fork seems like the right option there?


Nobody is actually asking them to support anything. And they “refused” a fork (which is pointless as nothing stops one from happening). They seem to want to hold some control over their software that is against the usual rules of the game for OSS.


This and the OP seem to suggest there is something else going on behind the scenes than just abrasive personalities. Do the people who work on Home Assistant have some issue with NixOS?


It's sad to know that Home Assistant is such a project. I should consider alternatives. Partially I can grasp them, but the attitude in reply is really looks bad.


> I can’t imagine most of the leaders in Home Assistant would share this attitude, but maybe I’m wrong.

I'm afraid they do[1] (that's from the project founder, and current CEO of the company supporting HA development).

https://community.home-assistant.io/t/consider-to-avoid-addi...


oh gosh. i am afraid i need to get rid of HA now. Whats that attitude about for gods sake?


It seems like the reason is (paraphrasing) "because I can't meet the resulting burden of support."

which is something I haven't really seen anything in the open source world manage, though that might be because I'm not much of a contributor. What happens if a utility explodes in usage and the author can no longer effectively support it as a result of being buried in overhead?

Are there any mechanisms for limiting how much of one's life an author signs away to their project (without feeling compelled to grow an operation) while still retaining an Open Source designation?


I guess I've always struggled with this, because this seems like an extremely easy problem to solve.

In this particular instance, if you think the problem is "nix users are overwhelming me" - then you have a hard and fast requirement of: if you want support fill out this form that includes OS version. If someone lists NixOS as their version you give a canned response linking them back to the Nix github page.

If the issue is just a generic: my package is so huge there is just an unending list of people asking for help. Ignore them? I get as a maintainer you may have a desire to help folks, but nobody is forcing you to. Browse github and respond to the things you feel like responding to, and ignore the rest.

I mean this with all due respect, but part of being an adult is knowing when and how to say no.


It's just a small dependency for Home Assistant. I don't think the author will receive a lot of reports.

https://github.com/frenck/python-ambee

The project has zero issues right now. I think that is not the real reason.


The project is barely a week old so that might explain the lack of issues. Also Homeassistant is a big project with a big community, there are going to be a lot of people getting into edge cases. The Homeassistant project does do a lot of damage control on this because they promote standardised deployments like the Home Assistant OS. But I can't image why a NixOS repackage would add a lot more issues the author doesn't want to deal with.


Sometimes when a package gets very popular other people step up to help, or take over. Other times the maintainer has a mental breakdown or just disappears.


> Sometimes when a package gets very popular other people step up to help, or take over. Other times the maintainer has a mental breakdown or just disappears.

It sounds like this author is looking for a third option, one that doesn't involve people management (1) or ghosting (2), and as far as I can tell, no mechanism for this exists that doesn't violate the current tenets of open source.


Correct. There's basically nothing in either the mechanics of open source nor the dominant open-source philosophies that says "We need to be able to throttle use of the software to provide good user experience."

A direct consequence of open source is that the good user experience burden falls to the consumer, not the producer. If someone wants control over the user experience, they want a closed-source model.


> Are there any mechanisms for limiting how much of one's life an author signs away to their project (without feeling compelled to grow an operation) while still retaining an Open Source designation?

You don't have to do anything to keep it open source. The source is already open, others can use it, fork it, etc. There is no formal obligation for you as maintainer. However as a maintainer you can feel a moral obligation for whatever reason (pride, guilt, peer pressure, etc).


I lost the blog post I learned this from, but one way to do it is whenever someone opens a PR on a project you don't want to maintain anymore, make them a maintainer!

That way, the project lives on with minimal disruption to its users.


I think that's the famous blogpost that eventually led to the event-stream malware.


At least he’s up front honest. Most people just get shitty with you when you volunteer PRs for their project or ignore you I find.


> Are there any mechanisms for limiting how much of one's life an author signs away to their project (without feeling compelled to grow an operation) while still retaining an Open Source designation?

For distribution repacks specifically, there’s the old device of providing a configuration-time option to change the web and email addresses in the documentation (e.g. GCC does this), but I’m not sure if this will work when Google results for the error message will still point you to the upstream. There’s also the bug report checklist with “I have verified I am running the last development version”, but that comes with its own limitations.


I've observed basically 2 sustainable patterns here.

1. Some kind of forum/wiki starts providing community support and increase community contributions pick up the burden

2. Some business starts supporting this component and picks up a lot of the burden because they fix things that cause them pain in their business.

I've never seen a single person passion project be both open source and well supported for a long period of time without healthy community engagement.


>Are there any mechanisms for limiting how much of one's life an author signs away to their project (without feeling compelled to grow an operation) while still retaining an Open Source designation?

Yeah, it's called setting realistic expectations. If I release something open source, I don't owe you anything. Support, help installing, fixing bugs, spending time implementing your specific feature...


It's not about popularity. Distributions often ship outdated or modified code, link it against unsupported versions of dependencies, etc. When this causes problems users will contact or blame the author of the code, instead of the distribution which broke it.


> It seems like the reason is (paraphrasing) "because I can't meet the resulting burden of support."

Exactly. He made that point a few times, but the replies don't always seem to address the issue he raises.


I think they proposed this:

> Would you be happier if we forked your upstream source to provide our own, or provided a similar Python package with an identical API that we can use as a drop-in replacement?

Wouldn’t this remove the burden of support from the author? Or it might be that I don’t understand exactly their proposal.


It would only remove the burden if users of the NixOS package know to go to the fork for support, as opposed to the upstream.


How would they even know to ask upstream for support, rather than the fork? If you use package bar and have a problem, you would have to do a lot of digging to even find original progject foo and ask them for help (which wouldn't even make sense since it's a separate thing)


I guess that depends on how users go about finding projects on github to file issues. If, for example, the user has an issue with this NixOS package (or debian package/any other repackaged example), and they start by just searching "python ambee github" or "Home Assistant ambee github" (seems like a reasonable first attempt to me) they will likely find the upstream near the top of the results.

Now, some users will perform due diligence and maybe find the NixOS issue referenced in OP and look elsewhere, but many will find the project and immediately file an issue there in the upstream, leading to the author's main concern of "I don't have time to support NixOS issues".


That's fair; I was assuming that the fork would be renamed substantially enough to obscure the origin.


Ah I think you might be right with this case where someone will just google that. I am not doing that but prefer to go to the package manager list find there there the project URL.

I was thinking that people will do the same or else how will they know if the github repository returned from search results is truly the one installed?


I am not using NixOS but in general every package manager links to the project homepage let’s say (or name of the project which for example in a GitHub fork is clearly different than the original) which in this case would be the fork.

So for example if this will be the case with a package I use I will report the bug to the fork because the package manager showed me their link.

I will not search for name-like projects or the original one and report there if a fork was distributed to me.

This is why I am confused why a fork is not solving the burden of possible bug reports. Also the fork assumes its own maintenance this is the purpose of the fork.


He doesn’t understand the letter of OSS either. Limiting who can distribute a project means it no longer meets the Open Source Definition and is therefore not OSS.


No, he acknowledges explicitly early in the thread that the license allows the code to be redistributed with or without his approval.


And later he states "Unfortunately, you are wrong there. I will explicitly and publicly list parties that are allowed distribution in the license and allow for requesting distribution requests."

The "fine article" always contains the correct bits.


In that context he was talking about for future releases of the project, if the others in that thread forked the project right this minute, it would still be MIT.


Yes this is precisely the section I meant.


He later says he will relicense it so only specific projects can use his code. I think that would likely invalidate their own licenses, so I'm not sure how that would work.


Not retroactively. They can stay on the old version forever / maintain the new fork but any new code will be under the new license.


?


I think there’s some emotional nuance here. After a certain point he basically said all of his technical justification and the request does boil down to “because I said so and I’m the author.” The Nix maintainers explicitly do not want to respect the author’s wishes (which is fine) but that makes the whole thing turn adversarial because “okay we won’t include it” wasn’t even something the maintainers considered for even a second. It was pretty level headed discussion until it was clear that their only motivation was getting to yes or enough justification to ignore him.


> It was pretty level headed discussion until it was clear that their only motivation was getting to yes or enough justification to ignore him.

No, they offered solutions and only gave up when the author refused to provide any actual objection other than that he didn't like it. "Doesn't want people to file bug reports because downstream broke something" is a reasonable objection, but it's also a fixable problem. "The only thing that will ever make me happy is you completely removing this package from your distro" is neither.


The only solution Franck gave is to not re-package for any emotional reason he had. The Nix developers gave their reasons why they need to re-package. Franck just ignored everything and gave no reasons to justify his request.


they have good reason to not not include it.


In totally agree but in the case where the Nix maintainers don’t think the author’s reasons are good enough (which happened) that’s where we’re left with “because I said so and I control the license.”


I would agree that the author's reasons aren't good enough, because when they proposed a solution that would mitigate the reason, he rejected it. That implies that there's far more to it than the reason given.


The broader issue here, again, is that maintaining FOSS software seems to be becoming a shittier and shittier proposition.

I can fully empathize with him that he doesn't want some other project shipping an old an broken version of his project even though it is allowed by the license.

FOSS is really quite ill at this point. If you don't recognize what is happening, you're going to see this happening more. Continuing to blame maintainers that are burned out and frustrated and broke won't fix the systemic issues.


Just because you are legally allowed to do so doesn’t mean that you should. Hopefully you have a similar stance towards Amazon’s behavior in the OSS community.


It's not an issue of legally allowed. It's the very spirit of the community that allows for this. The FOSS community has worked very hard to create a system where permission isn't needed because it's already there, baked into the system. So while yes, some large corporations abuse this, I also don't consider Amazon to be part of the FOSS community, and I definitely consider NixOS to be a part of the FOSS community. To declare that you will go so far as changing the license to prohibit certain persons or projects from using your software is an affront to the FOSS community itself. If the whole FOSS community degraded into "It's free for everyone except you and you and you because I don't like you or maybe you're gonna make my life difficult" then we would have no FOSS at all.

I can understand the author's concern, and NixOS offered to maintain it's own fork to mitigate it, and the author rejected the idea. That tells me that it was more of a temper-tantrum stemming from some other deeper issue than just a concern about support.


If that's the case then it's no longer FOSS.


Except the part you are including a company to "prove" your point when NixOS is a FOSS project and they give their part back to the community.


Reading through all the comments that was my take as well.


None of the alternatives were something like "rename, so it isn't attached to them any more". I understand their issues, at present they can push new releases via pip, with this many nix users could have very out of date packages.


If I understand you, they offered that very thing in https://github.com/NixOS/nixpkgs/pull/126326#issuecomment-86... and it first wasn't answered, and then was dismissed with "This was already answered. Please don't repack my source in this repository was my request. I don't see how your suggestion is changing that."

That response was what confused me as to the problem with packaging the library, as it seems like that would fix the inundated-with-support-requests issue.


I missed that bit, thanks. I find it weird they seemed to suggest they would also consider reimplementing the whole package, with the same API.


Legally yes they are allowed and can ignore the author as they like.

They can also act as a bigger person and say "Sure, we understand, respect your wish and will find an alternative."


This is a subdependency of a larger project (homeassistant) so doing so would involve nix maintaining an entirely separate fork of homeassistant, which is a completely unviable ask.

The author's conduct in that thread is certainly not what I'd call "acting as the bigger person".

If they were serious about their request they'd be looking into having the homeassistant guys removing it, or PRing to homeassistant. Or changing the license to make it closed source.


They appear to have done that last bit after getting nowhere with the Nix maintainers. Does that prove their seriousness?


Which last bit?

From looking at the ambee repo the license appears to still be MIT; can't see any relicensing anywhere.

(And actually, as has been mentioned elsewhere, it seems like it wouldn't be possible for him to relicense in reality as the package is explicitly developed for homeassistant and as such would need to comply with homeassistant's licensing to be included as a dependency of it)


It's being added as a dependency to home assistant, a popular package, so they are pretty much between a rock and a hard place. Ultimately, if the author of the code doesn't want it redistributed by distributions, I assume home assistant will have to remove it from upstream. It might be good for someone to raise the flag with home assistant since this is apparently becoming a point of contention with two different distros now.


It appear this has already been done, and the founder of home assistant seems to be supporting the developer. [0]

I'm starting to get the feeling that home automation might be somewhat hostile to repackaging.

[0] https://community.home-assistant.io/t/consider-to-avoid-addi...


This is unfortunate, but I suppose it joins the growing list of open source things that I have to avoid because I don't want to support behavior that's hostile/antithetical to the health of the open source ecosystem. It's a damn shame, but nothing new.


What you're describing would be to comply with what are effectively shadow terms in an apparent open source license, which is not something that should be tolerated as it makes a farce of the whole purpose of licenses.


He understands it perfectly. That's why he asked nicely at first. Nixos just "request denied" him after rounds of requests and discussion. With that he's roiled up to change the license to exclude Nixos.

He just doesn't want the extra work to support another distro which would include an outdated version of his package.


It's not because he asks nicely that people have to agree or accept. This is literally the nice guy meme.

If you make a license FOSS then people are free to do what they want. Just don't make it FOSS if you don't want.


If you look at his bio on github, it's the epitome of the nice-guy meme.

"Slightly assholic at first sight Actually a nice guy that just likes to get stuff done."

If you have to warn people that you're an asshole and then try to convince people that you're actually a nice guy, then you're probably not a nice guy.


I have no specific opinions on the author really, but:

  > Seems like an author that doesn't understand the spirit of FOSS.
The author states he understands the licensing and the project's rights to use his software earlier in the thread. He was simply making a request.

  > Why is a person like this even engaged in FOSS if they don't have a desire to share or even engage in a reasoned discussion?
Again, he stated his reasons in the thread. He didn't want to have to potentially support their repackaged and/or old versions of his software. His software being OSS did not give up his right to make nuanced requests.

That said, the thread ended with something to the effect of "well, we can include instructions on how to install his software" -- an option which wasn't presented until the end, yet it fully complies with his request.


What's worse is this frenk guy seems to be the reason his packages are being added to nixpkgs

He added the dependency himself https://github.com/home-assistant/core/pull/51645

Nobody gives a shit about frenk or his code directly here - they want to use Home Assistant. But now that frenk added his code as a dependency, he has the right to transitively make Home Assistant un-packagable on NixOS?

EDIT: On top of that, the way NixOS works is philosophically in-line with Home Assistant

> Open source home automation that puts local control and privacy first

Pinning every Python dependency instead of fetching HEAD is how you get local control and security!


I’m no expert, but I’m fairly sure that Frenk’s license has to be compatible with home assistance’s license for it to be included. If home assistance has a normal OSS license, I doubt it can use a dependency with a very restrictive license. (Such as one with a list of what can use it!) In other words, I don’t think it’s possible form him to transitively make home assistant’s license more restrictive.


Home Assistant itself uses the Apache 2.0 license, which is pretty permissive. It doesn't impose much requirements on derivative works, so it can use a dependency with a restrictive license without problem.

However, this would become problematic if Home Assistant also uses a GPL dependency (which it probably does). That dependency would impose a requirement that all other libraries used by Home Assistant use a GPL-compatible license (which his license likely wouldn't be).


> Pinning every Python dependency instead of fetching HEAD is how you get local control and security!

yes it is? they make sure the user get a specific version that is (hopefully) vetted and know as working properly; this is much safer than pulling HEAD for a 3th party repo. As long as the libs are updated regularly and when security issue are found, I see no problem with this approach

> he has the right to transitively make Home Assistant un-packagable on NixOS?

Pretty sure a custom license is not compatible with the Apache 2 license of "Home Assistant"; also as the code is in use by a third party, the author should not be able to retroactively change license, only next releases. Probably will be forked or removed depending on the specific of the case and of the code.


> they make sure the user get a specific version that is (hopefully) vetted and know as working properly

This is exactly what nixpkgs maintainers do, using more reliable and explicit tools than the likes of pip. A significant effort is made to enable tests on as many packages as possible, meaning that when you get a package from nixpkgs, it has been tested against the exact dependency chain (down to the libc) it is being shipped to you with. If tests fail, issues are investigated and solved.

This is a far stronger guarantee than you get from almost any other installation method.


there is a reason if pretty much all distribution follow this approach :)


No they don't. Debian etc don't trigger a full rebuild every time they add a patch to libxml2.


Nixpkgs contributor here. One of the misunderstandings by frenck is how Nix operates[0], which is not via mutable site-packages folders but more accurately as an immutable graph structure. What this means is that to have home-assistant packaged properly, we need to also package its dependencies, which includes ambee.

The argument that "In that case you are shipping an broken Home Assistant version."[1] is incorrect, since we also enable tests[2], when possible, on Python packages to ensure they are packaged correctly.

[0] https://github.com/NixOS/nixpkgs/pull/126326#issuecomment-86...

[1] https://github.com/NixOS/nixpkgs/pull/126326#issuecomment-86...

[2] https://github.com/NixOS/nixpkgs/blob/821b34edaf9911481ad4dd...


Isn't the argument that HA has this functionality, thus if it cannot download its plugins/manifests at runtime, then it can be considered not fully functional? (Even though Nix users likely consciously trade off that for reproducibility.)


> Even though Nix users likely consciously trade off that for reproducibility.

Even if home-assistant would download the files at runtime it can't put them at the right location and it would only work for python only packages.


As I see it, the author want his software to be "de facto" not open source while retaining the Open source label. And he tries to achieve that by appealing to the kindness of the people: "I'm the author, please do like I say...".

IMHO the author needs to put the license he really wants (restricting the use of his project) and deal with the consequences. If you put an open source license to your project people make certain assumptions... like they can use your project.

If you want your software to be used in one and only one project and in a certain way, then it is not open source.


It looks like the bigger question here is this:

Is it the official policy of the home-assistant project that their software should not be packaged by NixOS?

frenck is the fourth most active contributor to home-assistant - and it uses quite a few libraries he has authored: https://github.com/home-assistant/core/graphs/contributors

If frenck is saying NixOS can't package his libraries, he's actually enforcing that NixOS cannot package home-assistant. Is this direction agreed by the other maintainers of that project?


> Is it the official policy of the home-assistant project that their software should not be packaged by NixOS?

I have the impression that it is the policy of the home-assistant project that their software should not be run in any way not supported by them, and not redistributed by any distribution or other third party. They're somewhat actively hostile against people not following that.


In which case I think that's the story here - this isn't so much about frenck v.s. NixOS as it is about home-assistant v.s. repackaging.

Though if that's the case it seems misleading of frenck that he hasn't clarified that this is a home-assistant policy in any of his comments around this.


Why is it that projects grant rights to users and then are hostile to us using those rights?


This is what really confuses me! HA/frenk clearly are developing open source software, so they grant downstream users all the rights that go with that, including distribution rights.

So far, so good, until folks actually leverage the rights frenk handed them and he shows up and says "Please respect my wishes and don't distribute my open source code." I can see how this is very confusing for a packaging team.

It sounds like the "correct" approach here is for frenk (and HA?) to signal this lack of flexibility up front and stop distributing HA under an open source license. This will at least prevent other projects from investing in a packaging effort only to be asked to stop somewhere along the way.


If they stop releasing it under an open source license then they lose access to all the free infrastructure that various companies and communities are providing.


You can’t have your cake and eat it too.

There are also a lot of contributors who might have an opinion about closing the license: https://github.com/home-assistant/core/graphs/contributors


That is what is seems like:

https://community.home-assistant.io/t/consider-to-avoid-addi...

For context, balloob is the founder of Home Assistant


Here's the thread NixOS posted to the Home Assistant forums, "Consider to avoid adding library dependencies from frenck."

https://community.home-assistant.io/t/consider-to-avoid-addi...


Wow, that thread is wild.

If the views in that discussion are generally representative of the perspective of a majority of homeassistant maintainers & stewards, I'd be extremely wary of relying on the software long term.

> Just do as he asks

This is the absolute antithesis of the intent of open source.

What an awful community response.


> This is the absolute antithesis of the intent of open source.

I disagree with this assertion (...and with Frenck too). There was no need for NixOS packagers to involve HA here, they are outsourcing work upstream. Imagine some small-time driver author/maintainer asking Debian to remove their driver - and Debian's solution to honor this request is to ask Linus to drop the driver from his upstream tree!

The long-held tradition, when you disagree with upstream, is to maintain your own patch-set that you are responsible for and have to labor to keep current - that is not the antithesis of open source - it is very much in the spirit of exercising the right to change the source code as you see fit.


> Imagine some small-time driver author/maintainer asking Debian to remove their driver - and Debian's solution to honor this request is to ask Linus to drop the driver from his upstream tree!

If their reason is "we don't want our driver distributed from someone else's git repo" then it would be a very good idea to warn Linus about it!


I think you've mistaken my assertion.

HA are perfectly entitled to continue including the package. The NixOS dev opening that thread was doing so with the intent of warning them about a potentially problematic upstream maintainer. There's an argument to be made that that dev was overstepping, but they weren't making any demands: their intent was informational.

The community response was multiple HA admins expressing the opinion that NixOS should remove the package. That's definitively overstepping on their part, and completely against what open source is about.


> The NixOS dev opening that thread was doing so with the intent of warning them about a potentially problematic upstream maintainer.

The "potentially problematic upstream maintainer" being a Home assistant core developer.


Yup. Though I'm not sure the NixOS dev was fully aware of that fact at the time.


I probably misread your assertion (and possibly the subtext), my initial interpretation was that the HA folk were saying "We're not getting involved with your dispute, or make any changes to accommodate you: take care of it", which is a fair thing to say to a downstream project.

To me - the subtext was NixOS still wants to do both: have reproducible builds that match HA and honor lib authors wishes. Lib author "rejected" forks, so one way was for NixOS to ask upstream HA to drop the library as a dependency. It doesn't sound like a friendly heads-up to me, from the thread title.


> the HA folk were saying "We're not getting involved with your dispute,

There are two HA folk (excluding frenck) commenting on that thread. The first demands than nixos devs should "Just do as he asks", which seems to me like they are very much getting involved in the dispute.

The second only comments to close the thread, and—while they do include the phrase "it's not our issue" in their closing comment—the rest of that comment accuses the OP of bad faith posting, and goes on to misrepresent the issue completely, claiming the problem is that NixOS are doing things that are unsupported (Frenck's objection was to NixOS packaging his package at all in any form, not to anything specific they were doing with it). So again, that seems like the second poster is very much contributing to the dispute, not "not getting involved".

> one way was for NixOS to ask upstream HA to drop the library as a dependency. It doesn't sound like a friendly heads-up to me

I guess a lot of this does depend on how reasonable you think that request would be. I thought the post seemed friendly as it was phrased politely. And I think removing the dependency should be reasonable if HA wished to remain an open source project given the dependency is now defacto closed source (perhaps not technically in licence text, but the author harassing anyone wishing to avail of the licence would seem to nullify that).

> from the thread title.

Title opens with the word "consider". Seems polite to me...


> What an awful community response.

You're expecting an entirely unrelated community of users to be invested in the goals and interests of NixOS. They're not, and perhaps they see Frenk's point in a way that people that aren't part of their community do not.


What Frenk is effectively saying is that he doesn't want his packages redistributed by distros. Since this is a dependency of home assistant, this means home assistant (as the whole package) can't be distributed if his wishes are respected.

Additionally Frenk didn't react to any proposal to still distribute home assistant and it's dependencies while respecting his wishes. This seems like a pretty clear-cut case of involving the upstream community, to make sure they're aware and ok with their dependencies trying to block distribution or to change something if that's not the case.

The whole saga left me rethinking my home assistant usage, since it seems like this could become a larger issue with other distribution mechanism not sanctioned by upstream.


> You're expecting an entirely unrelated community of users to be invested in the goals and interests of NixOS.

Nope.

I'm expecting an open-source community to adhere to the intent of open-source, which is to provide software in a freely redistributable way to that puts users first in contrast to traditional Berne-convention-based IP approaches focused on author protection & remuneration above user utility.

Any community placing authors as dictators of the distribution of their work at the expense of users are not aligned with open-source in intent.

That's a perfectly reasonable stance if you have no interest in open-source: everyone is entitled to release closed-source software if they prefer.


Arguably the home assistant community is fragmented. What if Debian policy or whatever distro they use is targeted next?

IMO there was no discussion in that thread just "remove from no" "we can't do that" repeat


Are you sure that's NixOS? Perhaps the issue is that NixOS doesn't have an official spokesperson?

I'm sure someone like that would do a little more diligence before blasting on the home-assistant community forums about one of their moderators (and apparently the 4th largest code contributor to the ha project overall).


Which was closed by the moderator..I tend to side with the author here.


Hey Hacker News,

if you contributed to nixpkgs in the last months you have probably seen me already but for the people that don't know me already: I am Sandro, one of the more active reviewers and contributors of NixOS/nixpkgs in the last months.

If you have any question about the situation or NixOS in generally feel free to drop me a comment and I try to answer them to the best of my knowledge. I can't speak for the entire NixOS organization so all my comments on this thread are my own views. I also do not receive any benefits from this in form of money or something else.


I find it quite amusing that the package author refuses to act reasonably and states he wishes to spend no time on the project, whilst being pulled further into the project. If he simply willingly engaged with the project owners to resolve the situation he could avoided:

1. Spending so much time trying to get the project to stop what they were doing.

2. Peacefully come to a mutually beneficial arrangement.

3. Front page HN where I will most certainly be avoiding using any project the author is part of.


This attitude has done a lot of reputational damage to Home Assistant which is unfortunate.


I am considering moving over to alternative already. I don't want to be dependent on a project that actively dissuades people packaging it up.


The more I observe this situation the more I'm fascinated by the dynamic of his releasing an internal dependency to homekit as a "public library" leaning on the public infrastructure provided by python to distribute a dependency that he's actively hostile to anyone else using.

IANAL but it seems to me that even if he switches to some custom no redistribution/repackageing license unless he stops using pypi's infrastructure he's granting all pypi users the right to publish the code independently. By uploading it to pypi he's explicitly given all users of pypi the right to publish it[1].

[1] - https://pypi.org/policy/terms-of-use/


It's interesting since from https://github.com/sponsors/frenck#sponsors he pitches:

> Are you enjoying my work? And want to support me in my effort helping the world to become a better place by dedicating my time & knowledge to create & innovate open source software solutions. Allowing everybody on this earth the privilege to enjoy those things for free?


Seems like he understands the “free” in FOSS to mean free as in beer, not as in freedom.


Yeah the fact that the repo's readme starts with links to money begging links just makes this weirder.

Really looks to me that Mr. Nijhof doesnt quiet get what open source is about.


Looks like frenck plans to file issues against Fedora too:

> I just did notice Fedora redistributing some of my packages because of your question, so will file a similar request with them.

https://github.com/NixOS/nixpkgs/pull/126326#issuecomment-86...


This will be interesting to see how they will react.

Btw speaking of licenses, since frenck said he will be changing it by adding exceptions and making it non-free. Douglas Crockford said in one of the talks that one certain three letter company contacted him and wanted to use JSON format but weren't sure they could comply with "The Software shall be used for Good, not Evil." And he gave them that exception by stating: "I thereby allow ** to use JSON for Evil". My advise to Frenck is to adopt some similar proprietary license if he wants his work not be included in distros like Fedora and Debian. And grant exceptions to his fav projects like HA /s


A very similar thing happened when the folks at flathub tried to package MultiMC. Unfortunately the author threatened to sue for trademark infringement and they backed down.

https://github.com/flathub/flathub/pull/1978#issuecomment-74...


> I'd liken this to rape, actually.

I'm really astonished with this comparison.


Huh, I'd been pretty happily using MultiMC for some time and even thought they were in the right of the Forge dispute. Might have to look for alternatives next time I get back into Minecraft.


Well, Home Assistant's handling of this is well-timed. I was just looking at the possibility of redoing my openHAB config in HA but this makes it really clear I don't want to go within a 150 mile radius of HA.


I've been using HA a lot in the past and written some components. But a while back they moved away from allowing pure YAML configurations and required some components to do setup via the GUI only. So it's not longer trivial to make a immutable deployment of HA since you will always need to manually make adjustments afterwards.


Hah! I guess they don't like the Nix approach on multiple levels :D.


I mean any package team who harasses people exercising rights they've explicitly granted is a bit concerning.


Yeah, while I get the maintainer's point, the conversation rapidly devolved into giving the Nix maintainers a hard time.

I mean, c'mon, Nix is a tiny niche. It's not like the support burden will be colossal.


Plus Nix is a crazy deep rabbit hole. If you're at the point where you're trying to make something work with Nix, you'll know when the problem is upstream and when it isn't.


The package author has gone on to open issues for their other Python packages too - https://github.com/NixOS/nixpkgs/issues/created_by/frenck - currently five open (and locked) issues.


"Upset open source developer spams other open source repository"?


Borders on harassment


"Slightly assholic at first sight" kind of tells you all you need to know about how this developer will go about solving community problems.


^ this is actually in the author's github profile. You can't make this shit up.

https://github.com/frenck

> Slightly assholic at first sight Actually a nice guy that just likes to get stuff done. @home-assistant Herder @hassio-addons Creator


Am I missing something, or is the project in question literally just one week old?

https://pypi.org/project/ambee/#history https://github.com/frenck/python-ambee/commits/main


If the response to someone finding and using your work is the kind of over the top demand to "don't use the thing I just released under a permissive license" with multiple replies that amount to, "Don't use the thing in a way I don't like kthanxbai" how can you depend on it?


The project is written specifically for Home assistant by a core developer, it's not a small time developer who's project got accidentally included in a major project.


I'm not sure how that's relevant.

When we release software to others under an open license we are explicitly allowing them to do exactly what nix is doing.

I'm not sure what other reason we have a component independently deployable other than to make it usable by people in other projects.

AFAICT it's kind of the opposite problem to systemd owning unrelated stuff because it's easier on those developers.


> If the response to someone finding and using your work

That wasn't the issue and it's crazy how much people interpreted it as such. His issue is with how it was packaged with it. He want it to be exclusively distributed using PIP.

If you don't want to depends on PIP, well sure don't use it.


If that's what he wants then he should put it in the licence.

But then the problem would be that it probably could not be on PyPI, since by putting it to there you grant users the right to do stuff with source, including distribution.

"If I upload Content other than under an Included License, then I grant the PSF and all other users of the web site an irrevocable, worldwide, royalty-free, nonexclusive license to reproduce, distribute, transmit, display, perform, and publish the Content, including in digital form." https://pypi.org/policy/terms-of-use/

(first pointed out here: https://news.ycombinator.com/item?id=27507770)


It was just added to Home Assistant, which is why it was being added to `nixpkgs` now.


Funny that the author complains they have no time to support users, but they have time to waste that of other open source maintainers and users as if the wish to package their Open Source software deserved no respect.


> the author complains they have no time to support users

In the github issue, as far as I can see, he doesn't "complain" at any point about having "no time to support users".

What he does say is "I'm not willing to support that or accept that burden" [of supporting NixOS users], and "I have no intention of spending time in this project" [meaning NixOS].

It appears that he just isn't interested in NixOS or supporting NixOS users. That's absolutely his prerogative, and does not mean he is "complaining" about not having "enough time" for it. And regardless, how he chooses to spend his volunteer/unpaid time really isn't anyone else's business.

There are some other valid criticisms here but I don't feel this particular point is a fair take.


I can understand the author not wanting to deal with extra noise. But they did try to accommodate them. Forking and changing the contact info is probably the best tactic. The author didn't like that, but is probably the best outcome.

Don't do open source (especially a very permissive licence) if you don't want others using your code as a dependency.


It seems that the author has posted again on the github issue after it got unlocked [0].

They do finally go into a little more detail about what their issues are with the packaging, beyond the single post with details originally in the thread.

> In the end, I think the way this project distributes Home Assistant (and its integrations, including Ambee) is not providing the intended working and thus may surprise the end user. In the end, those users are likely to knock on the doors of the Home Assistant project and their integration maintainers, not this project. As a matter of fact, most of my packages in this project are outdated and don't match the distributed version of Home Assistant.

They don't seem to address why they don't think that any of the proposed solutions would have addressed their concerns.

[0] https://github.com/NixOS/nixpkgs/pull/126326#issuecomment-86...


His About page https://frenck.dev/about/ looks a bit weird after I read that GitHub thread

> I like to give back my knowledge and time to the open source community.


I think this is a cautionary tale about using social media while in a bad mood.

Considering how unreasonable he was in that thread, I'm assuming he was just in a bad mood or something like that. Except now he's on the front page of HN with tons of comments criticizing him and painting him as a bad person.

99.999% of people will probably forget this by tomorrow, but it still would suck to be on the receiving end of this kind of attention I think.


He also opened issues about four of his packages being used in the project. Doesn’t seem like a spur of the moment thing.


I guess it's not his first rodeo, he simply doesn't want to support whatever version is packaged by NixOS.

However the MIT license dictates what can or cannot be done. No need for further drama.


How so?

Seems like he does give back his knowledge and time to the open source community. Much more than me I can tell you, and probably more than many of people in thread.

What he don't like is people expecting support from him in ways that differ his initial distribution methods, which makes sense when time is a limited ressource and he clearly has expectations on how he want to spend it.


Except literally the Nix folks were making suggestions to ensure there would be no expectations go support.


Is there greater context here that helps explain what's going on? Reading the comments in the thread didn't clarify much for me as someone unfamiliar with NixOS, their apparently unique Python packaging scheme, and Home Assistant.


It sounds like Home Assistant by default pulls the (EDIT: Home assistant specified, not latest) version of the package from PyPI at runtime and loads it dynamically.

The point of NixOS is reproducible builds, that is if you build a given nix environment you will always get the same code. Dynamically pulling from PyPI at runtime defeats that.

The author doesn't want any way of downloading the code other than getting "the supported version" from PyPI, as they don't want to deal with support requests for issues that are fixed later. They are likely worried that packaged versions will become stale, and users will expect support for specific versions, which they are unprepared to offer.

I think the offers from NixOS of having to enable config flags to get this enabled which make it clear it's not supported by upstream should be fair. Part of open source is that others are free to modify your code, and if you have a problem with that you're not really ok with the idea of open source.


Yeah I really wouldn't want to use anything that dynamically pulls a package from PyPI at runtime, because I don't trust this guy not to add a vulnerability to the code at a later point in time.


Okay, so ... I know someone might, but really who will audit any of his existing code?

(Sure, that's slightly different than identifying such an auto-update point and then trying to do a supply-chain attack. But do maintainers look at what they package? In how much detail?)


That's the point of packaging it... you review it at the time that you package it, and then you review it each time you update it in the future. Should always do a simple diff at minimum to see what changed. That's just part of being a responsible open source user.


> Should always do a simple diff at minimum to see what changed. That's just part of being a responsible open source user.

Nobody does this, as this is completely unreasonable thing to expect.


The open source user they're referring to is the package creator, not the package installer. The package creator takes responsibility for the software they package. I sure hope they check the diff. I certainly do for the packages I maintain.


But is that an audit? How much does that worth against a determined and skilled adversary? I mean if they quickly do a lot of big changes they can easily drown packagers/reviewers, and then slipping something through becomes a waiting game.


Home Assistant's core developers really do look at the intergration plugins rather closely before they accept any pull request that updates the dependencies. This is needed as badly coded integration libraries really can negatively impact the stability and performance of the whole system.

It is not uncommon to see them request changes to the bumped library to fix any issues they have noticed.


> It sounds like Home Assistant by default pulls the latest version of the package from PyPI at runtime and loads it dynamically.

Package versions are recorded in component manifests so it will not default to the latest version, someone has to make a code change and PR on homeassistant to update the version. And they are collected in a requirements file for every HA release[0]. So it should not be hard to automate that if needed whenever the HA Nix package gets updated to ensure the latest used version of ambee package is included.

[0] https://github.com/home-assistant/core/blob/dev/requirements...


His project has zero issues created. It's a pretty small and simple library.

Why would users report to his project when installing Home Assistant? That's not usually how it works and Home Assistant has a lot of other dependencies.


This is not true. Home-assistant does not pull the latest version of packages (for integrations) from pypi. They are tracked in manifest files: https://github.com/home-assistant/core/blob/ae28e4934f6d1cdb...


This sounds like NixOS is not ready to handle this scenario and they are bulldozing the issue to get it included.


NixOS is quite ready to handle home-assistant but did not yet package every python package that it could depend on. That is just taking a bit more time and will be eventually done. Until then you should take a quick look at your logs if something is broken/not working and you should easily find which package is missing. If you need help with that you can always jump on the NixOS matrix channel and people will help you with that.


> ... and they are bulldozing the issue to get it included.

What do you mean by that, why shouldn't they include it?


I think the greater context is that the Home Assistant developers are somewhat hostile to people running, and especially packaging, their software outside of their own supported methods (which are Docker containers or their own full OS). It's somewhat understandable as it creates a support burden for them, but especially given the enthusiast nature of the community this doesn't seem like a smart decision. There's been some outrage in the community about the developers deprecating platforms before.


> I think the greater context is that the Home Assistant developers are somewhat hostile to people running, and especially packaging, their software outside of their own supported methods..

The person proposing the Nix package is a Home assistant developer afaik, so that would be weird.


Well, Home Assistant is a large project with lots of contributors, so it's not surprising that its developers don't have a singular opinion. However, this is the impression I get from the official announcements and other interactions I've seen on GitHub.

Another incident was when they deprecated/unsupported installing it on a generic Linux install last year, which they had to (somewhat) back down from after community outrage.


Yes, fabaff is a bigger home-assistant contributor to my knowledge and started to help out packaging a lot of the missing python libraries for NixOS.


He just doesn't want anything of his included in nixpkgs because he doesn't want to deal with anyone opening Github issues against his repos if there happen to be build / installation issues that are coming from some kind of failure in the nixpkgs install / build process.


That's speculative on his part (noone has opened any issues with him, neither coming from nixos nor from any other repackaging).

The nixos guys also offered various proposals to him to completely avoid any support burden on his part, all of which he roundly rejected.

Seems he's just being unreasonable for the sake of it tbh; I can't see any logical reasoning behind it all.


Not sure why I'm being downvoted for what he explicitly lays out from the link above:

    If users experiencing issues with the ambee library in this package, they will knock on my door. And I'm not willing to support that or accept that burden. Especially as I don't see a good repacking reason in this case.
> Seems he's just being unreasonable for the sake of it tbh; I can't see any logical reasoning behind it all.

I agree.


> That's speculative on his part (noone has opened any issues with him, neither coming from nixos nor from any other repackaging).

Which is the whole point of acting on it before it happens...

It's crazy the amount of entitlement I see toward open-source developers. You don't like his stance, then fork it and support it yourself. You are already lucky to have a good base to work on, you shouldn't even be entitled to that!


They explicitly offered to do that, and also suggested 3 other solutions to address his concern, and he shot all suggestions down with what amounted to "I already told you what I want: Don't repackage my code."

The only entitlement form the nixos devs has been using a right which Frenck explicitly chose to provide when licensing his software.

In the end, the will have to fork it, and probably maintain a fork of HM, since he is relicensing it to disallow repackaging.


Also they offered various options to appease the author including code forking and the author rejected them all. Basically the team exhausted all of their options to make this author happy but the author seem not to understand the reality of FOSS. This author shouldn't be in the FOSS if the author is going to roadblock every options despite his licensing explicitly allows including the codes.


Agreed. If he wants to be stubborn like this he just should change his licensing so it can't be included anywhere else upstream and that would put an end to it.


Related context:

https://github.com/NixOS/nixpkgs/pull/126319

In response to "not having the latest": Generally we (nixpkgs) lag behind a bit, as managing ~60-100k packages takes some time. But as long as the process to build a package hasn't changed, we will have a bot which automatically attempts to update packages based on metadata from pypi, github, and repology.


I fail to see why the author could not add instructions to their project's issue tracker, something to the effect of

"If you want to report a bug, please reproduce the issue with the latest pypi package. Reports for any other deployment methods will be closed without further discussion."


A lot of people don't RTFM.


I often have a sinking feeling the free software world is going to fall apart because upstream developers don't know what the distro is even for (curation, consistency, etc.), and legacy distro downstream developers haven't kept up with any of the development rends in recent years (good or bad).

The Nix community is one of the few that has feet in both camps, so it's all the more frustrating to see a stupid reaction like this; a traditionally distro wouldn't even bother packaging any of this stuff or engage at all.


> a traditionally distro wouldn't even bother packaging any of this stuff or engage at all.

unfortunately the library author made a PR to Home Assistant, a program that is packaged in many distro; all those distro will add his package. see https://github.com/home-assistant/core/pull/51645


Is home-assistant packaged in any traditional distro like Debian or Fedora? I didn't think so.

So long as everyone is supposed to just grab some docker container or OS image from the home-assistent people, the traditional distros that should back up NixOS here won't even be looped in.


There's literally a comment in there about Fedora having packaged it.


I'm glad to be wrong! Does fedora package all the python libs separately, or allow the deps to be vendored in this case?


The dev deserved to be treated kindly, by default.

But by being unkind himself, he surrendered that privilege.

So now he won't and shouldn't get what he asked for.

I don't understand how an adult human could fail to understand this.

Asking a favor while simultaneously being a jerk is not likely to work.


This is an extremely odd request for something licensed as MIT.

Especially since the code layer is so thin. The project has existed for a week, and consists of 360 lines of python, most of which are get/set on what I think is JSON.

Edit: Geez. Half the commits are bumping dependencies. The project is incredibly clean and beautifully structured, but gosh...


Totally worth the effort to re-implement/find an alternative when the code in question is so minimal. No need to deal with this guy.


I've seen a similar situation when Ansible were resolving issues with Jinja2 but Ansible contributors simply helped the Jinja contributors to resolve the issue. It wasn't like all the burden was put on the jinja project.

Now those are two very active projects but what I mean is that no one is forcing the author of the repackaged code to support anyone he does not have time to support. If they want support they can ask the nixos project maintainers for it.


It still takes effort to sort support requests into those he wants to handle and those he doesn't. If he thinks that the manner in which is work is being used is going to bury him with requests, whether he takes them or not, it makes sense to try to avoid the situation altogether.

I don't think there's a way to actually do that with an open source project though.


I think he’s so focused on time management (from his about page), that he is catastrophizing about the future. He also clearly wants the fame from having a library in Home Automation, but doesn’t want to provide any support.


He is a paid Home Assistant core developer. (Hired by the company the project's founder created to generate sustainable income for developing the project by offering optional value-add services).

This library was written specifically to be used in Home Assistant, as per project policy the code that interfaces with devices needs to live in a separate python package. So there is no real fame to be had from this particular package.

He surely sees this repackaging as a source of potential headaches. If the nix folks could convince him that the package would never contain modified code (no no untested/unsupportable modifications), and further that the home-assistant package in nix would always use exactly the version specified upstream (so no version mismatch concerns), he would likely be less opposed.

Unfortunately the latter is very much not true right now.


> If the nix folks could convince him that the package would never contain modified code (no no untested/unsupportable modifications), and further that the home-assistant package in nix would always use exactly the version specified upstream (so no version mismatch concerns), he would likely be less opposed.

They did everything possible to try to convince him but he had his ears closed and refused to listen.

> Unfortunately the latter is very much not true right now.

Based on the above, it is very much true.


I mean, if it's written 100% for HA out of the gate as part of his employment by NC, why wouldn't it just live under a namespace for HA instead of a personal namespace. Using a personal namespace is about building a personal brand at that point.


You could put a disclaimer like people on the issue suggested. Nix users are pretty advanced anyway so I doubt he'd get that many useless bug reports.


Can someone elucidate why he is so against "his" code being used in this project?


He says early in the thread:

> If users experiencing issues with the ambee library in this package, they will knock on my door. And I'm not willing to support that or accept that burden. Especially as I don't see a good repacking reason in this case.


I mean, yes, but then when the NixOS folks offer something like:

requiring users to explicitly set config.ambee.acceptThatThisPackageIsNotSupportedByUpstreamDevelopersAndIWillGoToNixpkgsToReportAnyIssues = true to be able to install the package, or they would get an error that would make it even clearer. Would that be enough for you?

the author replies just:

I feel like I'm starting to be on repeat now. Please don't add any of my stuff to this project.


The author may well have plausible reasons but it was obvious from the overly curt tone he wasn't going to treat the discussion constructively


Perhaps forking 'fully', and rebranding the fork, could be another option. That might help redirect the support burden downstream.


But when suggested alternatives to resolve that issue, he simply ignores it and states “sorry, this is my wish” with no further clarification.

The whole chain is a guessing game trying to figure out what the real issue is (and in the end, it’s not even found — the author randomly finds an alternative he likes)


So ye olde "I don't like distros packaging my FOSS project because they won't do it exactly the way I want."


That's an extremely valid concern, but one that seems easily addressed via an FAQ.

"I'm running into some issues with ambee..."

"First, make sure you aren't using the version in nixpkgs. I do not support that distribution and cannot help you."


Seems that he wants pypi and pip to be the exclusive distribution mechanisms for his project. He wants to avoid handling bugs that come from his project being packaged through other means.

He misunderstands how nixos works and suggests that Home Assistant will be able to install his package via pip on nixos.


> He wants to avoid handling bugs that come from his project being packaged through other means.

From his conduct in the thread this seems a red herring. The nixos devs have proposed a selection of reasonable solutions to avoid any support burden on his part, all of which he's rejected outright.


I’m not sure why there are scare quotes around “his”, the code is the author’s property, it’s just they’ve granted a license for it to be used by anyone.


The scarequotes are certainly inappropriate unless it's CC0 licensed, but you do point out that he's explicitly granted a license "for it to be used by anyone". Which seems... of some relevance here.


Python ambee is a simple client library for a proprietary sass iot service. I guess they want to control exactly how their users are using their service.


Yet the author is an admin on the HomeAssistant community forum, one of only 6. Presumably his other contributions to the project justify those privileges, and he did not shut down the passive-aggressive thread some nixOs folks started there, it was another admin (the founder of HomeAssistant).

This sucks for nixOs, but it looks like community incompatibility means they won’t be able to support HomeAssistant at all.


Some context: Frenck is a core developer on the Home Assistant project, and was hired by Nabu Casa (the company the project's founder founded to try to create a sustainable funding source via adding some optional value-add services) to develop for Home Assistant full time.

If instead of packing these separately, the home assistant nixpkg for home assistant simply downloaded all the required dependencies from PyPi, and verified them against a maintained list of checksums as part of the nixpkg (for reproducibility), then frenck probably would not object to that, since the last I knew the some of the official home assistant docker images do preinstall the requirements for the majority of plugins like that.

I'm suspect frenck's real concern comes from any possibility of modifications in the packaged version, combined with any possibility of nix allowing home assistant to be used with a version that is not an exact match of what home assistant specifies.

Alternatively If this could be packages as some form of home-assistant sub-package that was guaranteed to always match the PyPi version specified for home assistant exactly, without any mixing and matching, it would likely allay his concerns. Unfortunately he has not spelled out his concerns fully, so I cannot know for sure. I also have no idea if this is at all feasible in the nix packaging system.


> If instead of packing these separately, the home assistant nixpkg for home assistant simply downloaded all the required dependencies from PyPi, and verified them against a maintained list of checksums as part of the nixpkg (for reproducibility), then frenck probably would not object to that

From what I can tell the Home assistant core team doesn't not want to deal with any other installation variants than their own supported ones. Their user base consists of a lot of technical tinkering people (hobbyists, electricians, etc) but those who don't necessarily have Linux sysadmin skill's. So you could say they are skilled enough to get themselves in any of a hundred different configuration scenario's that would then need to be debugged by the HA developers for each support ticket. For a developer knowing the installation environment is at least sane is a great help.

That said, Home assistant does lend a lot of its growth to open source contributions, collaboration and being free software. If it was not as open in the beginning it might not have gathered enough attention to grow its current size. Cutting off developments in other directions like this to me feels against what FOSS stands for.


If users experiencing issues with the ambee library in this package, they will knock on my door. And I'm not willing to support that or accept that burden. Especially as I don't see a good repacking reason in this case.

https://github.com/NixOS/nixpkgs/pull/126326#issuecomment-86...


I am not the author so I can only speculate. He's anticipating that they will be distributing an out-of-date package and it's simply another place that has to be synchronized. He's saying that there isn't actually a need to host it elsewhere as it can be installed via pip through pypy (his preferred host) which will have up-to-date code. He doesn't want to get bug reports for outdated code.


This is incredibly legitimate reason. Could these repacking be replaced with some type of just proxy/clone that is still the original source?


NixOS doesn’t work like that apparently. The point is to be reproducible.

Honestly sounds like they just cannot have his project or anything that depends on it.

Luckily that ambee code looks trivial to duplicate.


the author of the lib pushed the code by a PR to Home Assistant, a project that is packaged by multiple distribution, including ubuntu, fedora, arch and more, all of which will repackage the library. The author should ask for removal from HA, not going to all packager for all distro requiring to be removed


The author is a core contributor of HA, so he will have a strong opinion about removing his own package I think.


I don't have any experience of nix packaging, but I work on a couple of programs when Debian applied some broken patches while packaging, then "we" (upstream) get the bug reports. It's annoying as we don't have any way of fixing it, just have to tell users to uninstall the Debian version.


I mean this very famously happened with OpenSSL - Debian started producing the same keypairs for everyone!


Apparently not, since the author couldn't/didn't want to either.


> If users experiencing issues with the ambee library in this package, they will knock on my door. And I'm not willing to support that or accept that burden. Especially as I don't see a good repacking reason in this case.

Users will contact the author for support, but users are getting the software indirectly via a packager, which means a) there might be changes from the packager b) they might be getting an older version that appears to be the "latest" and c) they don't have a way to install a modified version provided by the author to test out a fix in the same way that they installed their current version.

(It's true that with nixpkgs these problems are much more solvable than in basically any other distro, but the risk is stil there.)


This is the case with literally every piece of software packaged for linux, it seems that nix is just the first place to attempt to package this. The project looks to only be a week old anyhow.


The package author lays out the reasons in his comments


The reason is the concern that users will confuse issues with the project with issues with how the project is distributed in Nixpkgs. He doesn't want to have to support nixpkgs.

There are likely multiple root causes. The whole space of issue management around libraries and applications using those libraries is a horrible and abusive mess. In my experience, between an application using a library and a library users will target whichever is easiest; not most applicable. Plus, most opensource user support is a fucking chore (you'd need to pay me for these days) that's unsustainable.

Another cause is likely the cost of nixpkgs contributions themselves. Personally, I no longer contribute to nixpkgs because even for tiny changes the process is ridiculously expensive. That's not including the cost of getting up to speed with nix/nixpkgs and the, often, highly opinionated packaging.

nixpkgs needs to be broken up into multiple independently distributable packages.


If you don't understand the authors frustration, read Daniel Stenberg blog about what kind of requests he gets about curl. It's insane and ridiculous, not everybody is capable of/wanting to deal with all kinds of shit and hostile users like Daniel.


I understand the worry.

But he hasn't had to face any of that, and a couple different methods to avoid that happening were suggested and rejected offhand.


That's entirely reasonable if it's happened/happening to you AND you have no means to stop it from continuing.

In this case it clearly hasn't happened to this author (yet) AND the nixos devs have put forward a selection of reasonable proposals to prevent it happening to him. All of which he has rejected without and real justification.

If you read the full thread it becomes clear that his citing fear of support burden is not made in good faith. His acts of blocking redistribution of his package in any Linux distro (here & Fedora at least) is clearly a bigger burden for him to take on than he would take on if he allowed the redistributions.


So...don't publish software? That's part of the game, no?


No! You are not obligated to receive support for software just because it was written by someone else.


There is a considerable difference between getting requests and providing support. You don't have to provide support, but it's a little hard not to get requests.


> it's a little hard not to get requests.

Well, you can disable the issue tracker for a project on GitHub. You're not even required to publish a project on GitHub, you can host it somewhere that doesn't offer any way to contact you.


I don't think GP was saying that anyone is obligated to provide support, just that receiving support requests is intrinsically part of publishing software as source. The only way to avoid receiving requests is to abstain.


To be fair, the reason the curl author is being contacted is because (IIRC) he advertises his name and ways to contact him in curl. The point of advertising yourself is to get people to contact you, and you can't control who does (but can ignore them).


Maybe it comes with it, but I think you have no obligation to deal with it if you don't want to.


That's not related to this particular issue though.


You don't understand the issue then. The author don't want to deal with all kinds of requests unrelated to his own package. NixOS is an operating system, totally understandable he doesn't want to deal with OS issues.


But people on NixOS may use his software...if not in nixpkgs then someone will just maintain their own overlay that many people use. It's impossible to stop - if there's demand by NixOS users for this software, they're gonna package it up and patch it in order to keep Nix Nix..

Hell, I could go make that overlay right now and link it in a nixpkgs issue for discoverability. What's this frenk person gonna do? Cut me an issue saying "pls delete this code from the internet"? Hah!


Why would users report to his project when installing Home Assistant? That's not usually how it works and Home Assistant has a lot of other dependencies.

His library was written specifically for Home Assistant and it's an internal dependency that no one usually sees. It's a 300 lines wrapper for Ambee API.


That's exactly what came to my mind too. I think the sqlite folks have similar struggles.


Do you have a link? I'd love to read this.


For example NASA https://daniel.haxx.se/blog/2020/12/17/curl-supports-nasa/

I think he also posts some of the funny ones on Twitter


God, tiny piece of code. Rewriting would take less time than arguing.


Or just fork it. Obtuse developers getting their projects forked out of their control is a tale as old as FOSS


Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: