azorius.net

Pretty critical PR for rust-msi is getting held up because the maintainer understands the intent but not why this works (github.com)
from Aatube@kbin.melroy.org to rust@programming.dev on 18 Apr 20:49
https://kbin.melroy.org/m/rust@programming.dev/t/220113

Not to throw shade, just wishing that somebody here can understand. Whenever an input is reasonably long, an analyzing function will crash, and this PR aims to fix that with a mechanism that contradicts the maintainer's understanding while a similar C implementation does not need this fix. ~~Clearly, the maintainer has not heard a certain programming mantra...~~

#github #msi #pr #rust

threaded - newest

jwaters42@beehaw.org on 18 Apr 22:03 next collapse

After the xz debacle, I think we should resist the temptation to rush maintainers into accepting code that they don’t fully understand.

Aatube@kbin.melroy.org on 19 Apr 00:03 collapse

Yeah, I'm just asking if anyone actually understands this facet.

towerful@programming.dev on 19 Apr 08:26 next collapse

No you aren’t.
The title is demeaning.
“don’t want to throw shade” as if we all know what’s going on except the people involved in the link.
“Clearly the maintainer hasn’t heard of a certain…” Haha, we are in the same group, right? We know what’s up, guys… Right? Haha, look at these losers.

Never mind that you are applying a time pressure on open source maintainers to try and merge a change they don’t understand. Not very respectful. And quite frankly, in extremely bad taste considering the recently revealed xz social engineering.

Where is the question?
There isn’t a single question mark in your post. You frame it as if their problem and they don’t understand.
Even here, where you are so close to asking, you make it sound like you are checking that everyone here understands.

Aatube@kbin.melroy.org on 19 Apr 11:06 collapse

Thanks.

Corbin@programming.dev on 20 Apr 18:30 collapse

There is no evidence that any human understands computers.

gedhrel@lemmy.world on 19 Apr 07:27 next collapse

Which mantra is that? The ellipsis doesn’t offer a clue.

Ogeon@programming.dev on 19 Apr 07:54 next collapse

A “mantra” more programmers should have is to fix the cause of the issue, and not just the symptoms. You have to understand what the problem is to be able to fix it.

Giooschi@lemmy.world on 19 Apr 09:03 next collapse

while a similar C implementation does not need this fix

No, that implementation also needs the fix. It’s just that it was never properly tested, so they thought it was working correctly.

Aatube@kbin.melroy.org on 19 Apr 11:06 collapse

They tested the same strings on that implementation., though judging by the recent comments someone’s found something.

Giooschi@lemmy.world on 19 Apr 13:16 collapse

They tested the same strings on that implementation

The strings were the same, but not the implementation. They were testing the decoding of the strings, but the C function they were looking at was the one for encoding them. The decoding function was correct but what it read didn’t match the encoding one.

though judging by the recent comments someone’s found something.

Yeah, that’s me :)

gedhrel@lemmy.world on 19 Apr 10:05 next collapse

Incidentally, this kind of passive-aggressive pressure is the kind of thing that might be considered a legitimate security threat, post xz. If you need to vent, vent in private. If “it works for you” but the maintainer is asking legitimate questions about the implementation, consider engaging with that in good faith and evaluating their questions with an open mind.

lysdexic@programming.dev on 20 Apr 13:55 collapse

Incidentally, this kind of passive-aggressive pressure is the kind of thing that might be considered a legitimate security threat, post xz.

Yes, OP’s attempt to bully a maintainer into accepting his PR is a very shitty thing to do.

Throwing veiled personal attacks, such as insinuating a developer is incompetent or dumb, is also very bad form.

This says more about OP than anything. I hope I never have to work with anyone like that. What a shit show of a person.

Solemarc@lemmy.world on 19 Apr 10:37 next collapse

What mantra? I think this maintainer is doing the right thing here by trying to understand why this fix works.

You should always attempt to address the root cause of an issue instead of slapping band aid patches onto everything.

To me it looks like the maintainer is trying to find out what exactly is wrong. “this doesn’t happen in our C implementation” implies that there’s something wrong with the rust code specifically.

tyler@programming.dev on 20 Apr 16:31 next collapse

Looks to me like a reasonable conversation is happening trying to find the underlying issue. Where is the PR being held up?

Aatube@kbin.melroy.org on 20 Apr 19:36 collapse

Since I posted it, the conversation has moved forward. Before that it was just two people being justifiably confused.

Maddier1993@programming.dev on 22 Apr 05:53 collapse

You must understand that maintainers need to worry about supply chain attacks ever since the xz debacle. So I suggest you wait.

Aatube@kbin.melroy.org on 22 Apr 13:10 collapse

Thanks. All I wanted was to have someone answer with what's actually going on, and thanks to Giooschi below that has happened, and there indeed isn't anything to do at this point. I've tried to edit the post but couldn't find a proper wording.

Miaou@jlai.lu on 21 Apr 12:15 collapse

OP is welcome to use a patched version in their repo and stop harassing maintainers