Regarding the review process ... one thing that I find challenging and don't know a good solution to is documentation. I've received many PRs where the change itself is fine, but the PR is dragging out because the documentation is lacking, and getting the PR author to improve it sometimes takes a lot of review rounds.
What would you do to avoid this?
Sometimes the same situation comes up with tests, but it is not as common in my experience.
Get people to write the docs first. Not many people like writing docs after the fact, and much of the value of working documentation is lost if you do it after the implementation.
Assuming we’re not taking about user guide kind of docs, then a major benefit of writing docs first is to clarify your thinking. Being able to explain your intent in the written word is valuable because you will often uncover gaps in your thinking. This applies to a specification, or to acknowledging problem reports and updating with theories on what the cause of said problem is and an approach to confirming or fixing it. You can even reference that problem report in commits and merge requests. It pretty beneficial all around.
And docs don’t have to me masterpiece works of art. Just getting people to clarify intent is a huge win. Peer reviewers don’t have time to do a super deep dive into code. If they know what you intended code to do, that’s something many reviewers can check pretty quickly without having to know much context.
It’s selfish and naive to disregard basic documentation of intent.
One option would be to take an initial stab at the documentation yourself - that makes it clear to the submitter where things are unclear, because you made mistakes or omitted things, and they can just correct that, which is a lot more feasible to do than figuring out what's important while your head is in the code.
It's well known that what is being stabilized today is lacking the Send bounds stuff. In fact, there was a lot of discussion about whether they should completely block this feature until the Send bounds stuff was ready. Ultimately I think it is good that they shipped this part of the feature even though the other part isn't ready yet - Tower isn't able to use this yet, but other crates can.
Yes Alice fully agreed. I do understand this. I just want to share my experience as a warning to others. As what is shipped is nothing less than amazing. It would be ashamed if this results to disappointment due to wrong expectations, as happened to me. I’m however very grateful for what is already there.
If you pay too much in bounties, you risk having your own red-team employees leave so that they can report bugs externally and get paid much more via bounties.
I'm surprised that CLN-003 made the list even as low severity. It's intended to make reverse engineering of the binary harder, but the code is already freely accessible (and CLN-003 also acknowledges this).
That vulnerability seems like something added to adhere to the rule of 3. In at least Western culture, we have this ingrained thing for groups of 3 - for example Trinity, 3 point outline, 3 sentences in a paragraph etc.
It seems like this was picked to end up with 3 vulnerabilities so the security researchers can feel they did a complete job.
I see it as a note to be exhaustive. It’s the kind of thing if you don’t add it to your report, some smart ass WILL say something like « actually they forgot about the bin symbols, how could they miss this? ». There’s always someone like this.
In Denmark, there's a national system for authentication used for government sites and banks. I have a small device with a single button on it that shows a 6-digit code when you press it. I enter that code along with a password any time I make a purchase online.
(There's also an app that most people use. But I like the hardware thingy better.)
No, that's a bad take. The unlicense makes your code impossible to use for many people e.g., those in countries like Germany where you're not allowed to dedicate works to the public domain. Similarly, many companies don't allow you to use code with the unlicense because of its unclear legal status.
See [1] and [2] for more discussion on this.
If you don't care about licenses, the MIT license is a much better choice.
>many companies don't allow you to use code with the unlicense because of its unclear legal status
I'd argue that this is an advantage of "funny" licenses: any megacorp can use your MIT code without giving you anything in return; if the same corporation really wants to use your funny-licensed project while being legally in the clear, they are now incentivised to approach you, potentially offering some compensation for a more "serious" license.
At the same time, funny licenses don't stop enthusiasts from working together, and that's what makes open source software good.
While requesting The Unlicense to be officially OSI approved [0], I've approached a German Lawyer specialized in Licensing and from his PoV the terms are also clear in Germany.
That's an interesting counterpoint, to a common conversation here.
I suppose it's important to realise that even if a public domain declaration isn't possible in Germany etc., that doesn't mean the Unlicense is unusable. Unlicense, as you know, explicitly grants certainly permissions; it doesn't simply say "this is public domain".
There was another interesting point in the thread you linked. Even if Public Domain isn't possible, courts will tend to consider the clear intent, whilst reading the legal text in a way compatible with local law. https://lists.opensource.org/pipermail/license-review_lists.... So maybe you cannot waive certain moral attribution rights, but the intention is clearly to allow use, copying, and modification, without payment to the author. Worst case, that's an MIT style license.
> Guess what? There's a worldwide default-copyright regime, opting out of it is simply problematic, and attempts to do so risk creating non-deterministic effects that depend on the jurisdiction and judge.
This is true, but guess what? Everything you do legally depends on jurisdiction and judge. That's how the law works. I get that some licenses are more broken than others, but using that specific reason for saying you can't release software into the public domain is particularly empty-headed.
This doesn't even get into the fact that clickwrap contracts of adhesion are on even murkier legal grounds than something which tries to place a piece of software into the public domain, as an over-reaching contract of adhesion actually attempts to do something, and contracts of adhesion are subject to special scrutiny under the law.
Yes, laws vary by jurisdiction. Nonetheless, we have a lot of licences which work as worldwide as possible.
As much as I wish otherwise, it does not appear to be possible to dedicate works to the public domain in Germany, and quite possibly other jurisdictions. As such, it's best to offer an MIT-style licence for residents of such jurisdictions. This doesn't stop you making a public domain declaration in jurisdictions where you can.
This is a day later now, but for posterity I'll add that thanks to this thread I learned that there is a concept of "OSI approved licenses"[1], and that those licenses include MIT No Attribution License (MIT-0), and that MIT-0 is also a supported license in the GitHub UI.
It is likely I will be moving from Unlicense to MIT-0 in the future.
> those in countries like Germany where you're not allowed to dedicate works to the public domain
That sounds like Germany's problem. If the system makes it difficult for someone to accept a gift of code from me, is it up to me to fight or work around that system? No matter what license you pick, in all likelihood some territory somewhere will have a problem with it.
> many companies don't allow you to use code with the unlicense because of its unclear legal status
Again, if I particularly care whether commercial entities use my stuff or not then I probably care about licensing enough to not use this the unlicense anyway. They can always contact me to negotiate specific commercial licensing for their use case.
--
There are to (at least) views that head in this direction:
* I don't care about licensing: I want people to use this, and I don't care how.
* I don't care about licensing: I don't care how people use this, I don't even care if you don't use it at all.
The one thing you should take care about, even if you don't otherwise care at all, is that some licences contain accidental traps which potentially enable legal grifters to bully people who use your stuff. The most obvious case of this is version 2 of creative commons licences (newer revisions are not prone to this, v4 (released in 2013) certainly, I've not looked to see how v3 (2007) stands in this regard), see https://doctorow.medium.com/a-bug-in-early-creative-commons-... amongst other places for details.
> is it up to me to fight or work around that system
If you want to make a gift, it's up to you to do it the right way / to allow people to get it, don't you think? You already put some effort to build and wrap it, you could as well stick some small label on it (put some working license), that's quite easy to do in comparison.
The rest of your comment hints at why you should pick a recognized license in any case.
Is it important to me that people can accept it, or is it just important to me that I'm not making it difficult for someone to be able to accept it?
If people have trouble accepting gifts because of local regulations, perhaps it is instead up to them to try get those regulations revised?
[FWIW: I'd not use these licence options anyway. I'm more AGPLv3 for code and CC BY-NC v4 for other content, not that I have any published ATM unless you count long forgotten stuff from a decade or two ago, other terms available subject to negotiation]
> or is it just important to me that I'm not making it difficult for someone to be able to accept it?
I don't know. By writing "Dedicated to the public domain" instead of "Licensed under MIT [or CC0]", you are doing comparable effort but you are definitely making it difficult for some people with no clear benefits.
Getting such regulations revised is very hard work and would probably not happen in our lifetime, and I'm not sure being able to dedicate something to the public domain when you can license your work liberally anyway is that desirable.
(but yes, me too, I'm more AGPLv3 for code anyway - and none of us is right or wrong in this philosophical discussion)
I stand corrected then. I had heard a similar comparison that you should prefer Unlicense over WTFPL, but I had not heard it is impossible to dedicate works to the public domain. What a weird world.
If I want to use Unlicense, can I dual license as MIT and Unlicense?
Actually I read through your links, and they seem to imply, that there does not exist (can not exist?) a license that you could use if you want to release your code to the public domain. That's a bummer if so.
In many countries including mine, willingly putting work in the public domain is not possible.
In France, you have to wait 70 years and then the end of the year for your work to be in the public domain (sometimes, it's 70 years after the death of the author).
So you need a license like CC0 to "emulate" public domain, that does whatever is possible to give as many rights as possible to the extend permitted by law, in each jurisdiction. This is tricky, that's why CC0 is so long.
Public domain is just an area where the author cannot impose anything. If you can give all the possible rights that matter, it does not seem to really matter if you can't just put it in the public domain, or am I missing something?
> that there does not exist (can not exist?) a license that you could use if you want to release your code to the public domain
In what jurisdiction? Yes, it's widely thought it's not possible e.g. in Germany, because you cannot seem to waive your moral rights.
What about the U.S.? There's no explicit law saying you can dedicate your copyright to the Public Domain. True, so some think it's not possible. But others think you can simply abandon copyright, like you can any other personal property. Why wouldn't that be the case?
FWIW, I like the clarity of a permissive MIT or ISC license. But I think you may be able to dual license Public Domain (in many jurisdictions) OR MIT.
If it's like France, moral rights cannot be given up and stay in perpetuity, even when the work reaches public domain.
That's patrimonial rights that expire after 70 years, making the work reach public domain. These are the ones you would want to give up to put something in the public domain but can't.
Perpetuity? Interesting. So, if the moral rights don't end when you die, then I suppose your heirs and successors can nominally enforce moral rights, centuries later. Wow!
> The six planets orbit their central star HD 110067 in a harmonic rhythm with planets aligning every few orbits.