Maintainership of a free software project can be very taxing so it’s refreshing to see attempts to address that that aren’t intrinsically at odds with the free software movement. Remember that users of free software have no entitlement to anything other than source code. There is no requirement in any free software license that a project have maintainers, take bug reports, accept pull requests, offer support, etc.

This proposal could totally backfire though. There will be users paying 5 Euro per month and then demand on the issue tracker that major changes get implemented overnight. Or people who contribute with good bug reports that are unable to pay money, so problems remain unfixed. There might be a way to balance things so it works out, but that will take time. In any case its worth experimenting with different approaches to get open source betterfunded.

It is an issue for the open source projects discussed in the article.

Cache size is limited and can usually only hold a limited number of most recently viewed pages. But these bots go through every single page on the website, even old ones that are never viewed by users. As they only send one request per page, caching doesnt really help.

NLnet. However they only fund specific types of projects, and there are many open source maintainers who are not interested in money (usually they have a well-paid job already).

I havent noticed any problems with instability, at least for web server development it is stable enough. But it may be different in other contexts like embedded. And its true that many libraries still have 0.x versions.

??? Rust 1.0 was released 10 years ago and since then there have been no breaking changes.

https://blog.rust-lang.org/2015/05/15/Rust-1.0.html

Alright Ive added @kevincox@lemmy.ml, @CrypticCoffee@lemmy.ml and @Lettuceeatlettuce@lemmy.ml as mods and removed the inactive ones.

I just opened an issue about it: https://github.com/LemmyNet/lemmy/issues/4744

This, particularly reports are not fully federated.

Well written, it would deserve a separate post.

One of the comments mentions that another app can trigger search through an Android intent. So its better to be safe and close any potential vulnerabilities, but this doesnt seem particularly useful for an attacker.

I dont have time to read all that. The problem with Beehaw is that the admins are extremely entitled, as if we had some obligation to work for them for free. Similar to what is described in OP.

However we are consistently improving the mod tools, and accept contributions in that area. You can see in the dev updates.

What is this “stance on mod features” that you are talking about?

Im a former contributor to F-Droid with various merged pull requests. Looking at the indicated pull request I really doubt that it was an intentional attack. First of all its easy to forget for a new developer to escape SQL parameters, and the docs dont even mention a risk of SQL injection attacks. And of the users pushing for the PR to be merged, one is a long-time F-Droid contributor, and the other also looks like a real human with many contributions in other repos, so no sockpuppets in sight.

It simply looks like standard open source behaviour, for better or for worse. A new user makes a contribution for a highly demanded feature, and users want it to get merged as soon as possible. Maintainers are discussing the big picture of the change and want to avoid breaking changes, without getting into code review yet. The new contributor seems unwilling to make any design changes to his PR, and gets frustrated that it doesnt get merged as is. The potential vulnerability is only noticed half a year after the PR was opened, at which point it was already de facto abandoned. So not an attack, but simply a developer who is new to open source and doesnt understand how the process works.

We applied for funding last August, but unfortunately we are still waiting for it to be finalized. Seems like NLnet is quite overloaded these days.

Has Google never heard of CI to perform such checks?

Someone tried to run a Lemmy instance for that purpose, unfortunately it wasnt successful (and I cant remember the name). Anyway it should work fine with some design adjustments.

If you dont like the moderation here you can use a different instances. Thats the main reason why Lemmy has federation. And our job is to build this software, not be perfect moderators who somehow make everyone happy.

As a workaround you can go into the database and query directly for users with rejected application and email provided. Then write a script to email them. Getting a fix developed, reviewed, merged and deployed will take a few days in the best case. And even longer now because we are busy with lots of things.

Wow this is a great idea. You can make a pull request to link this in the Lemmy docs. Once its a bit more mature we could even merge it directly into Lemmy.