9

Somebody who was previously active on the kbin codeberg repo has left that to make a fork of kbin called mbin.

repo: https://github.com/MbinOrg/mbin

In the readme it says:

Important: Mbin is focused on what the community wants, pull requests can be merged by any repo member. Discussions take place on Matrix then consensus has to be reached by the community. If approved by the community, no additional reviews are required on the PR. It's built entirely on trust.

As a person who hangs around in repos but isn't a developer that sounds totally insane. Couldn't someone easily slip malicious, or just bad, code in? Like you could just describe one cool feature but make a PR of something totally different. Obviously that could happen to any project at any time but my understanding of "code review" is to at least have some due diligence.

I don't think I would want to use any kind of software with a dev structure like this. Is it a normal way of doing stuff?

Is there something I'm missing that explains how this is not wildly irresponsible?

As for "consensus" every generation must read the classic The Tyranny of Stuctureless. Written about the feminist movement but its wisdom applies to all movements with libertarian (in the positive sense) tendencies. Those who do not are condemned to a life of drama, not liberation.

you are viewing a single comment's thread
view the rest of the comments
[-] density@kbin.social 5 points 1 year ago

I cant follow the convo to tell if this is the actual state of things or just something thst was being discussed but:

16 Maintainers MAY merge incorrect patches from other Contributors with the goals of (a) ending fruitless discussions, (b) capturing toxic patches in the historical record, (c) engaging with the Contributor on improving their patch quality.

What an idea.

[-] cacheson@kbin.social 3 points 1 year ago* (last edited 1 year ago)

From the PR comments:

Maintainers MAY merge incorrect patches from other Contributors with the goals of (a) ending fruitless discussions, (b) capturing toxic patches in the historical record, (c) engaging with the Contributor on improving their patch quality.

I asked around and asked in the C4 specification matrix room.
And the reason is actually simple. If you merge bad code, have a record of proof in git (pull requests aren't forever it's only a github/gitlab thing).

So the idea is if you merge bad code you have proof in the git record that there is a bad actor. You can always revert the commit again or fix it. And the record can act as a proof in case the community want to get rid of bad actors.

this post was submitted on 09 Nov 2023
9 points (100.0% liked)

Fediverse

17 readers
2 users here now

This magazine is dedicated to discussions on the federated social networking ecosystem, which includes decentralized and open-source social media platforms. Whether you are a user, developer, or simply interested in the concept of decentralized social media, this is the place for you. Here you can share your knowledge, ask questions, and engage in discussions on topics such as the benefits and challenges of decentralized social media, new and existing federated platforms, and more. From the latest developments and trends to ethical considerations and the future of federated social media, this category covers a wide range of topics related to the Fediverse.

founded 2 years ago