"Sorry I opened a PR and merged it without discussion" is not an honest description of what happened (https://github.com/reactiveui/splat/pull/778), and therefore the apology seems very insincere.
You can't apologize and at the same time minimize the thing you actually did. It's pretty much like ending your apology with a "but". And this (not really) apology is a big "but".
More to the point though, this apology attempt made it worse. It starts off with a dishonest apology, and then goes into a big policy and contract debate.
Why would you conflate the two? Whatever point you're then trying to make about policy and ownership is tainted by both the personal misstep (I call it that unsarcastically) and by the insincere apology.
It's needlessly ineffective.
1. It makes your apology sound like "I'm sorry, but I'm the dictator here"
2. It starts you off from a position of "I was wrong, admit I was wrong, but here's how actually I'm right"
It's going to be hard convincing anyone if you start from a position of being wrong. And not just wrong but also really rude.
It seems to me that it would be much more effective to just apologize for the obvious process mis-step and arrogant rudeness (it happens to the best of us), and let that sink in. And then start a new conversation about policy.
Whoever raises "yeah, well weren't you the one who went around PR policies?" in that thread will be the unproductive one, and it won't go anywhere.
As-is the policy points can't be taken at face value.
Coming into this as an outside observer, I don't really understand the original infraction and can't judge it's severity.
But reading the apology, I still had the reaction: Wow, they really don't understand community management if they think this is going to work for anyone, which they seem to be telling us is in fact their whole job?
> Wow great conversation! Let's lock it to contributors just for a laugh and not because someone on Twitter just unhelpfully sent 27.3k Looky-Loos over to drop their $0.02 on my repo
> @reactiveui reactiveui locked as resolved and limited conversation to collaborators 6 days ago
Either I'm out of touch (quite probable) or sarcasm doesn't translate too well, since... I think they're unhappy with someone tweeting a link to this PR, but it also seems unclear why discussion was shut down.
If this is not desired behavior it should be enforced by requiring a reviewer to sign off on the changes before merging. By not requiring this it means it is okay for pull requests to be merged without discussion, even if it is a rare occurrence. This is one of those occurrences.
I am not versed in all the details here, but it is clear there is a diverge of expectations between MS and some of the repo owners. This is just part of business. Legal agreements and projects are complicated. Not everything is going to be spelled out. In a good business relationship you acknowledge this and work in good faith to resolve differences when they occur.
However, top comments make clear there is a dire need for professional communications training among these programmers. There is entirely too much emotion on display here. Stuff like this:
While I appreciate that this must have been hard to write, this is a total non-apology and just about meets the incredibly low expectations I and others had for the .NET Foundation's public statement.
.. and the other comments like it, are not productive. There is a difference in expectations, so resolve it by making offers to MS for proposed changes. Ultimately there is a negotiated settlement or you walk. That's it. Don't bring emotions into it.
I don't see anything wrong with that quote. Can it be expressed more "softly"? Sure. But that person is expressing his opinion and I don't see any problem with that. You could also argue it lays the foundation for further escalation but that's on whoever chooses to engage in it IMO.
There seems to be a more general trend going on, some think themselves or others must be protected from "harshness" (even though I consider the above quote to be only a mild example - see the rest of the internet...). For example Linus Torvalds gets a lot of flak for his opinions on some pieces of code he doesn't like but every time I read those emails, I feel like people are blowing it way out of proportion. I'm sure it's not fun to be on the receiving end but his arguments are typically sound and likes to write a lot to really drive his point home. I'd rather be told I'm working on a dead end than a "nice comforting letter" explaining how my patch can't be accepted _right now_ because of x and y with wording that could be interpreted as "it could be accepted later" just to be friendly even though the code is structurally bad and needs to go back to the drawing board. It would give hope where there is none and I think that is worse than "no your code sucks because of x y and z".
I think in this case here it was ok for disappointment to be expressed.
Excuse me? The post is a non-apology. It starts with a minor PR while in fact it turns out to be about the whole organizational structure which was a surprise to people that joined it?! This is a fundamental problem, not a minor PR and how the process for merging that is.
As for emotions and business you are also quite wrong. Emotions will give you some pretty good hints about reality. Ignoring those and trying to be 'productive' is a sure way of being tricked all the way to the bank. There's a reason emotions exist and to lobotomise yourself won't make you a better business person.
> There is a difference in expectations, so resolve it by making offers to MS for proposed changes.
Here's some more rude commentary for you: you are showing your hand, and it's a very poor / weak one.
You seemingly operate under the assumption that corporate-speak is some sort of invisibility cloak that gives the denizens of said corporations free reign to exploit whoever they like, and those exploited should politely ask for their soylent green in return.
Well, if I were giving my humanities-grad opinion to those developers in terms of dealing with people like you, I'd tell them to immediately recognize and refuse to deal with people like you, and more specifically to tell you that "if you want me to participate in your HR-speak, you can pay me a salary, until then the discourse is not on your terms. Maybe you should tell your boss to send someone else."
I think more highly of people who are honest about their emotions and express them, instead of pretending that the motivating force behind almost all of our personal behavior isn't "relevant." Emotional ≠ unproductive.
> there is a dire need for professional communications training among these programmers.
Maybe, but probably not why you think.
Once you've read the PR's conversation you'll see this isn't about someone just merging a PR which wasn't approved. This about someone submitting a PR, a maintainer asking for discussion before merging it, ignoring the maintainer and just merge the PR, the maintainer asking why it wasn't discussed and then making a snide remark to the maintainer.
So I agree that the "Sorry for merging a PR" isn't going to cut it here. The merging of the PR was the least of the problem. It's a hollow corporate-style apology where someone is allowed to be called out for. It's like saying: "Sorry I hurt your toe" after you pushed someone of a cliff.
Did you look at the Contribution License Agreement? It appears that the issue at hand was in fact "spelled out". Repo owners aren't unreasonable to interpret this action as bad faith. I would agree that their message would be better communicated with a more amicable tone.
I did not really dive into the details of the legalese that was shared in the comments, but on the surface none of what the .NET Foundation doing seems that odd. How is it any different really from how Apache or Eclipse or many other foundations operate? I think it is less about the Foundation trying to seize the projects from the founders then it is the Foundation doing what it needs to do to apply its legal value to the projects ... which is seemingly why these projects decide to move to the foundation.
Maybe I just missed some nuance that was discussed in more depth elsewhere.
The CNCF and the kubernetes system does do a CLA, so it's not a concept the Linux foundation has never heard of it, but clearly it's not required for every project they support.
It seems the issue hinges on: did a copyright assignment take place in order for projects to join the .NET foundation? It currently seems unclear whether this is the case or not.
Foundation seems of the opinion that assignment did occur, but individual projects differ on whether they think they have assigned copyright or not. There are legitimate reasons for copyright assignment but all contributors need to have the same understanding of whether a copyright assignment applies or not. If projects have not had individual contributors agreeing to a copyright assignment up to now, then it's not possible for a project to assign copyright to the .NET foundation without the consent of every contributor. Which is likely a tricky proposition...
This whole situation is toxic. She literally made a 1-line change in a configuration file with basically no downsides.
She also repeatedly re-opened and then merged the PR despite the other guy telling her to follow the format and wait for a review. Which she shouldn't have done. But then everyone started bashing her and .NET for other (similarly small) things and extrapolating that. Then there's this 1000 legalese word apology, and then people are bashing her for the apology.
Please read this discussion[1]. The issue goes far beyond a pull request.
Project maintainers had their projects moved from their public GitHub accounts to the DNF's GitHub Enterprise account without notice. Some maintainers only found out about the transfers of their projects because of this[1] discussion.
I don’t know enough about this to comment, except to say, gee, isn’t the social and business life of human adults complicated?
Yes it is. It is complicated. How strange, then, that so many people seem to jump with both feet into complicated shared ownership arrangements with near strangers— leading to the absurdity of public messages flying around instead keeping these communications private to the specific people who understand them?
Why am I even seeing this shit? That is auto-fail right there.
Does anyone have a good summary of what happened here? I'm not really following what the foundation did wrong. Did Microsoft do something underhanded? Did they get caught trying to start the extinguish phase of EEE?
The executive director of the .NET Foundation force merged a PR on a project, instead of following project guidelines.
The incident snowballed into other projects discovering they have been moved to the .NET Foundations Github Enterprise account without their knowledge.
And even more projects joining the snowball with “we were told the Foundation were just there to help us, not take over project ownership”
And now there is a huge snowball with a lot of projects and people stuck inside.
It seems to me that there is a valid apology present in two paragraphs:
> [...] I made a mistake this last week when I made a PR and merged it to a project without discussion. [...] I overstepped. I failed to consider how the interaction would look through the lens of my current role. [...] this was a mistake. I sincerely apologize.
> To recap, I’m sorry about the PR I made and merged on the ReactiveUI Splat repo. That was a mistake. [...] On behalf of myself as the Executive Director, past and current boards, I’m sorry that we’ve created an environment where maintainers are surprised by their relationship with the .NET Foundation. It will be my and the new board’s number one priority to fix that.
How does one label this as a "non-apology"? Mistakes were acknowledged and corrected; actions were regretted and improvements are identified. Shouldn't that be enough?
I don't know anything about the .NET Foundation or much about this particular situation, but I know a little about open source governance.
It appears that Novotny believed she was acting in her capacity as a (long-dormant) maintainer of the project when she merged the PR in question. It was clearly wrong to do so without following the process set down by the other maintainers, and she was right to apologise.
However, as the Executive Director of the Foundation, she also had the power (perhaps indirectly) to force a merge of a patch in any project controlled by the Foundation. All Foundations must reserve this power to themselves (you can't take on legal liability for something you have no control over), but they also must never use it. To do so is the nuclear option, to be invoked only after all trust and goodwill has been irretrievably lost anyway, because it certainly will be once you use it.
When you wear multiple hats and one of those hats is very powerful, it is critically important to make clear when you are doing stuff but not wearing that hat. Sometimes even that doesn't help, and it's better to just refrain from doing that stuff until you have handed the hat on to someone else.
In this case she failed to make it clear that she was wearing her maintainer hat and not her ED hat. In fact, she accidentally invited speculation that she was wearing the ED hat by referring to the change as a requirement of the Foundation. I'd imagine this is why things blew up.
Note that this probably indicates a problem with the structure of the Foundation. It's more or less inevitable that at the board level these things are pay-for-play, and that the ED's continued employment is at the discretion of the board. But technical decisions should be delegated to a neutral body, preferably elected by the project maintainers. It doesn't sound like that exists, but had it done this situation might have been avoided.
The other issue seems to be a fundamental disconnect between the Foundation and the maintainers of various projects in it about the purpose of the Foundation. For example, I saw one where a maintainer politely declined to give the Foundation access privileges required to enforce the Code of Conduct, instead saying that the maintainers would enforce it themselves. Sorry, but I don't think any foundation could accept that. One of many reasons for joining a foundation is that it gives contributors confidence that there is a CoC backed up by an independent organisation, and that can be enforced even (especially) against powerful members of the community such as project maintainers - potentially even all of a project's maintainers. This is one of many ways that Foundations help build contributor confidence, which is one of the major benefits for a project of joining a foundation, and all of them rest on the credibility of the foundation to act as a circuit breaker and assert some kind of control should dire circumstances crop up. To allow individual projects - even historically well-behaved ones - to opt out of that control would be to effectively render those guarantees meaningless, and in fact reduce the foundation to what would be effectively just a giant fraud against contributors.
It appears that many projects signed up without being made aware of this, and that is an absolute disaster for which only the Foundation can be responsible, and again they are right to apologise for failing to communicate it. However, what many people wanted was an apology for having technical measures in place that would allow them to exert control over projects, which the Foundation cannot really apologise for because it would effectively be an apology for existing. Inevitably people who wanted that will see this response as a non-apology apology.
It looks like a long, hard road back from here to rebuild trust. I'd suggest that the board needs to work collaboratively with the community to clearly document the rights and responsibilities of both the Foundation and the individual projects, that they consider establishing an independent governance body for technical oversight, and that any project that feels this isn't what they signed up for be given the opportunity to leave on good terms.
> For example, I saw one where a maintainer politely declined to give the Foundation access privileges required to enforce the Code of Conduct, instead saying that the maintainers would enforce it themselves. Sorry, but I don't think any foundation could accept that. One of many reasons for joining a foundation is that it gives contributors confidence that there is a CoC backed up by an independent organisation, and that can be enforced even (especially) against powerful members of the community such as project maintainers - potentially even all of a project's maintainers. This is one of many ways that Foundations help build contributor confidence, which is one of the major benefits for a project of joining a foundation, and all of them rest on the credibility of the foundation to act as a circuit breaker and assert some kind of control should dire circumstances crop up.
Which is why those people in your hypothetical rightfully see CoCs as poison-pills meant to silently transfer ownership from themselves as owners/founders/copyright holders to corporate "contributors."
To which the obvious response is "if you want to own my assets, buy them, stop tip-toeing around contracts and trying to get them on the cheap."
This is the exact summary of what is wrong and need to be improved. Thanks for that.
The .NET Foundation needs a revitalization and maybe a split into a ".NET Foundation" and a ".NET Community Foundation" to separate the .NET and the .NET community. The F# community is much better in this separation of community and Microsoft.
There are a number of projects under the .NET Foundation umbrella, all maintained by different teams.
The .NET Foundation, supposedly for billing reasons, switched to GitHub Enterprise. People weren't aware it was happening or that a side effect of this would be that certain people would have increased access to their repos.
The person writing this post, Claire Novotny, merged in something maintainers disagreed with and that she shouldn't have had GitHub permission to merge. This lead people to realize access controls had changed and become concerned about abuse of this power.
There is also the fact that some projects were moved from their maintainers' public GitHub accounts to the DNF's GitHub Enterprise accounts without notice.
If you read this discussion[1], several maintainers only found out today that their projects have moved accounts because reading the thread itself prompted them to double-check.
There's another, slightly confusing aspect which u/vb explained absolutely brilliantly here (https://news.ycombinator.com/item?id=28781621), namely that she wore two hats: one as the ED of the Foundation, the other as a long-dormant maintainer of that particular project.
She apparently intended to merge that PR qua the latter, but didn't make that sufficiently clear, and also made some offhand remarks about Foundation rules which (accidentally?) implied she was acting qua the former.
...so that's how you get a lot of work for nothing... people, please never sign something without at least clearly stating what you think it means. A sneaky way is printing the document and sending it back together with a statement of how you interprete it - best on the page you should sign... A simple (see email 211007) below your signature often is enough... if you did not sign on paper but just by clicking some buttons, your position is even better, especially if you are in a non us legislation and there is no translation...
I'm confused why the correct course of action isn't to revert the commit, ask the author to re-open the PR for comment, and follow the process. Why the tortious apology?
[+] [-] knorker|4 years ago|reply
You can't apologize and at the same time minimize the thing you actually did. It's pretty much like ending your apology with a "but". And this (not really) apology is a big "but".
More to the point though, this apology attempt made it worse. It starts off with a dishonest apology, and then goes into a big policy and contract debate.
Why would you conflate the two? Whatever point you're then trying to make about policy and ownership is tainted by both the personal misstep (I call it that unsarcastically) and by the insincere apology.
It's needlessly ineffective.
1. It makes your apology sound like "I'm sorry, but I'm the dictator here" 2. It starts you off from a position of "I was wrong, admit I was wrong, but here's how actually I'm right"
It's going to be hard convincing anyone if you start from a position of being wrong. And not just wrong but also really rude.
It seems to me that it would be much more effective to just apologize for the obvious process mis-step and arrogant rudeness (it happens to the best of us), and let that sink in. And then start a new conversation about policy.
Whoever raises "yeah, well weren't you the one who went around PR policies?" in that thread will be the unproductive one, and it won't go anywhere.
As-is the policy points can't be taken at face value.
[+] [-] jrochkind1|4 years ago|reply
But reading the apology, I still had the reaction: Wow, they really don't understand community management if they think this is going to work for anyone, which they seem to be telling us is in fact their whole job?
[+] [-] sillysaurusx|4 years ago|reply
> Wow great conversation! Let's lock it to contributors just for a laugh and not because someone on Twitter just unhelpfully sent 27.3k Looky-Loos over to drop their $0.02 on my repo
> @reactiveui reactiveui locked as resolved and limited conversation to collaborators 6 days ago
Either I'm out of touch (quite probable) or sarcasm doesn't translate too well, since... I think they're unhappy with someone tweeting a link to this PR, but it also seems unclear why discussion was shut down.
[+] [-] scns|4 years ago|reply
[+] [-] MrBuddyCasino|4 years ago|reply
[+] [-] xwdv|4 years ago|reply
[+] [-] avsteele|4 years ago|reply
However, top comments make clear there is a dire need for professional communications training among these programmers. There is entirely too much emotion on display here. Stuff like this:
.. and the other comments like it, are not productive. There is a difference in expectations, so resolve it by making offers to MS for proposed changes. Ultimately there is a negotiated settlement or you walk. That's it. Don't bring emotions into it.[+] [-] RedShift1|4 years ago|reply
There seems to be a more general trend going on, some think themselves or others must be protected from "harshness" (even though I consider the above quote to be only a mild example - see the rest of the internet...). For example Linus Torvalds gets a lot of flak for his opinions on some pieces of code he doesn't like but every time I read those emails, I feel like people are blowing it way out of proportion. I'm sure it's not fun to be on the receiving end but his arguments are typically sound and likes to write a lot to really drive his point home. I'd rather be told I'm working on a dead end than a "nice comforting letter" explaining how my patch can't be accepted _right now_ because of x and y with wording that could be interpreted as "it could be accepted later" just to be friendly even though the code is structurally bad and needs to go back to the drawing board. It would give hope where there is none and I think that is worse than "no your code sucks because of x y and z".
I think in this case here it was ok for disappointment to be expressed.
[+] [-] xunn0026|4 years ago|reply
As for emotions and business you are also quite wrong. Emotions will give you some pretty good hints about reality. Ignoring those and trying to be 'productive' is a sure way of being tricked all the way to the bank. There's a reason emotions exist and to lobotomise yourself won't make you a better business person.
[+] [-] RNCTX|4 years ago|reply
Here's some more rude commentary for you: you are showing your hand, and it's a very poor / weak one.
You seemingly operate under the assumption that corporate-speak is some sort of invisibility cloak that gives the denizens of said corporations free reign to exploit whoever they like, and those exploited should politely ask for their soylent green in return.
Well, if I were giving my humanities-grad opinion to those developers in terms of dealing with people like you, I'd tell them to immediately recognize and refuse to deal with people like you, and more specifically to tell you that "if you want me to participate in your HR-speak, you can pay me a salary, until then the discourse is not on your terms. Maybe you should tell your boss to send someone else."
[+] [-] gatlin|4 years ago|reply
[+] [-] jsiepkes|4 years ago|reply
You should probably read the conversation in the PR: https://github.com/reactiveui/splat/pull/778
> there is a dire need for professional communications training among these programmers.
Maybe, but probably not why you think.
Once you've read the PR's conversation you'll see this isn't about someone just merging a PR which wasn't approved. This about someone submitting a PR, a maintainer asking for discussion before merging it, ignoring the maintainer and just merge the PR, the maintainer asking why it wasn't discussed and then making a snide remark to the maintainer.
So I agree that the "Sorry for merging a PR" isn't going to cut it here. The merging of the PR was the least of the problem. It's a hollow corporate-style apology where someone is allowed to be called out for. It's like saying: "Sorry I hurt your toe" after you pushed someone of a cliff.
[+] [-] drfxyjhdyfrhgc|4 years ago|reply
[+] [-] markphip|4 years ago|reply
Maybe I just missed some nuance that was discussed in more depth elsewhere.
[+] [-] Macha|4 years ago|reply
Node: Neither the OpenJS foundation, nor its parent the Linux foundation claims owner ship of Node: https://github.com/nodejs/node/blob/master/LICENSE
Linux: No copyright assignment, just a compatible license required: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...
The CNCF and the kubernetes system does do a CLA, so it's not a concept the Linux foundation has never heard of it, but clearly it's not required for every project they support.
See also SPI's stance, which provides the legal support for projects like Debian and Arch Linux: https://www.spi-inc.org/projects/relationship/
[+] [-] initplus|4 years ago|reply
Foundation seems of the opinion that assignment did occur, but individual projects differ on whether they think they have assigned copyright or not. There are legitimate reasons for copyright assignment but all contributors need to have the same understanding of whether a copyright assignment applies or not. If projects have not had individual contributors agreeing to a copyright assignment up to now, then it's not possible for a project to assign copyright to the .NET foundation without the consent of every contributor. Which is likely a tricky proposition...
[+] [-] armchairhacker|4 years ago|reply
She also repeatedly re-opened and then merged the PR despite the other guy telling her to follow the format and wait for a review. Which she shouldn't have done. But then everyone started bashing her and .NET for other (similarly small) things and extrapolating that. Then there's this 1000 legalese word apology, and then people are bashing her for the apology.
[+] [-] heavyset_go|4 years ago|reply
Project maintainers had their projects moved from their public GitHub accounts to the DNF's GitHub Enterprise account without notice. Some maintainers only found out about the transfers of their projects because of this[1] discussion.
[1] https://github.com/dotnet-foundation/Home/discussions/38
[+] [-] edandersen|4 years ago|reply
It was a change to a .csproj file, changing the project dependencies. Not a configuration file.
[+] [-] sprkwd|4 years ago|reply
Yes, but did she get her t-shirt?
[+] [-] Aaronontheweb|4 years ago|reply
[+] [-] satisfice|4 years ago|reply
Yes it is. It is complicated. How strange, then, that so many people seem to jump with both feet into complicated shared ownership arrangements with near strangers— leading to the absurdity of public messages flying around instead keeping these communications private to the specific people who understand them?
Why am I even seeing this shit? That is auto-fail right there.
[+] [-] kuschku|4 years ago|reply
[+] [-] dgb23|4 years ago|reply
[+] [-] temp8964|4 years ago|reply
[deleted]
[+] [-] gorgoiler|4 years ago|reply
From the commit which started this whole brouhaha:
https://github.com/reactiveui/splat/commit/cd2cbb807b36dd89b...
That’s some grade A hornet nest kicking right there.
/s
[+] [-] ziml77|4 years ago|reply
[+] [-] bingo-bongo|4 years ago|reply
The incident snowballed into other projects discovering they have been moved to the .NET Foundations Github Enterprise account without their knowledge.
And even more projects joining the snowball with “we were told the Foundation were just there to help us, not take over project ownership”
And now there is a huge snowball with a lot of projects and people stuck inside.
[+] [-] drekipus|4 years ago|reply
Effectively, yes, and a bunch of people are surprised about it.
[+] [-] jsd1982|4 years ago|reply
> [...] I made a mistake this last week when I made a PR and merged it to a project without discussion. [...] I overstepped. I failed to consider how the interaction would look through the lens of my current role. [...] this was a mistake. I sincerely apologize.
> To recap, I’m sorry about the PR I made and merged on the ReactiveUI Splat repo. That was a mistake. [...] On behalf of myself as the Executive Director, past and current boards, I’m sorry that we’ve created an environment where maintainers are surprised by their relationship with the .NET Foundation. It will be my and the new board’s number one priority to fix that.
How does one label this as a "non-apology"? Mistakes were acknowledged and corrected; actions were regretted and improvements are identified. Shouldn't that be enough?
[+] [-] pabs3|4 years ago|reply
https://www.theregister.com/2021/10/05/microsoft_net_foundat...
[+] [-] zb|4 years ago|reply
It appears that Novotny believed she was acting in her capacity as a (long-dormant) maintainer of the project when she merged the PR in question. It was clearly wrong to do so without following the process set down by the other maintainers, and she was right to apologise.
However, as the Executive Director of the Foundation, she also had the power (perhaps indirectly) to force a merge of a patch in any project controlled by the Foundation. All Foundations must reserve this power to themselves (you can't take on legal liability for something you have no control over), but they also must never use it. To do so is the nuclear option, to be invoked only after all trust and goodwill has been irretrievably lost anyway, because it certainly will be once you use it.
When you wear multiple hats and one of those hats is very powerful, it is critically important to make clear when you are doing stuff but not wearing that hat. Sometimes even that doesn't help, and it's better to just refrain from doing that stuff until you have handed the hat on to someone else.
In this case she failed to make it clear that she was wearing her maintainer hat and not her ED hat. In fact, she accidentally invited speculation that she was wearing the ED hat by referring to the change as a requirement of the Foundation. I'd imagine this is why things blew up.
Note that this probably indicates a problem with the structure of the Foundation. It's more or less inevitable that at the board level these things are pay-for-play, and that the ED's continued employment is at the discretion of the board. But technical decisions should be delegated to a neutral body, preferably elected by the project maintainers. It doesn't sound like that exists, but had it done this situation might have been avoided.
The other issue seems to be a fundamental disconnect between the Foundation and the maintainers of various projects in it about the purpose of the Foundation. For example, I saw one where a maintainer politely declined to give the Foundation access privileges required to enforce the Code of Conduct, instead saying that the maintainers would enforce it themselves. Sorry, but I don't think any foundation could accept that. One of many reasons for joining a foundation is that it gives contributors confidence that there is a CoC backed up by an independent organisation, and that can be enforced even (especially) against powerful members of the community such as project maintainers - potentially even all of a project's maintainers. This is one of many ways that Foundations help build contributor confidence, which is one of the major benefits for a project of joining a foundation, and all of them rest on the credibility of the foundation to act as a circuit breaker and assert some kind of control should dire circumstances crop up. To allow individual projects - even historically well-behaved ones - to opt out of that control would be to effectively render those guarantees meaningless, and in fact reduce the foundation to what would be effectively just a giant fraud against contributors.
It appears that many projects signed up without being made aware of this, and that is an absolute disaster for which only the Foundation can be responsible, and again they are right to apologise for failing to communicate it. However, what many people wanted was an apology for having technical measures in place that would allow them to exert control over projects, which the Foundation cannot really apologise for because it would effectively be an apology for existing. Inevitably people who wanted that will see this response as a non-apology apology.
It looks like a long, hard road back from here to rebuild trust. I'd suggest that the board needs to work collaboratively with the community to clearly document the rights and responsibilities of both the Foundation and the individual projects, that they consider establishing an independent governance body for technical oversight, and that any project that feels this isn't what they signed up for be given the opportunity to leave on good terms.
[+] [-] RNCTX|4 years ago|reply
Which is why those people in your hypothetical rightfully see CoCs as poison-pills meant to silently transfer ownership from themselves as owners/founders/copyright holders to corporate "contributors."
To which the obvious response is "if you want to own my assets, buy them, stop tip-toeing around contracts and trying to get them on the cheap."
[+] [-] oaiey|4 years ago|reply
The .NET Foundation needs a revitalization and maybe a split into a ".NET Foundation" and a ".NET Community Foundation" to separate the .NET and the .NET community. The F# community is much better in this separation of community and Microsoft.
[+] [-] 9woc|4 years ago|reply
[+] [-] gkoberger|4 years ago|reply
There are a number of projects under the .NET Foundation umbrella, all maintained by different teams.
The .NET Foundation, supposedly for billing reasons, switched to GitHub Enterprise. People weren't aware it was happening or that a side effect of this would be that certain people would have increased access to their repos.
The person writing this post, Claire Novotny, merged in something maintainers disagreed with and that she shouldn't have had GitHub permission to merge. This lead people to realize access controls had changed and become concerned about abuse of this power.
[+] [-] heavyset_go|4 years ago|reply
If you read this discussion[1], several maintainers only found out today that their projects have moved accounts because reading the thread itself prompted them to double-check.
[1] https://github.com/dotnet-foundation/Home/discussions/38
[+] [-] samhw|4 years ago|reply
She apparently intended to merge that PR qua the latter, but didn't make that sufficiently clear, and also made some offhand remarks about Foundation rules which (accidentally?) implied she was acting qua the former.
Oh what tangled webs we weave...
[+] [-] copperx|4 years ago|reply
[+] [-] Aaronontheweb|4 years ago|reply
[+] [-] Aeolun|4 years ago|reply
Don’t trust Microsoft or give anyone admin access to your repos if you won’t want them to do bad shit.
I guess they technically own Github, so don’t use that if you don’t trust them either.
[+] [-] dusted|4 years ago|reply
[edit: I found the commit, the apology should probably include that the file was not beautified before the PR was made..]
[+] [-] f00zz|4 years ago|reply
[+] [-] heavyset_go|4 years ago|reply
[+] [-] Arnavion|4 years ago|reply
[+] [-] aae42|4 years ago|reply
You're sorry? Ok, revert it then.
[+] [-] nazgulsenpai|4 years ago|reply
[+] [-] herpderperator|4 years ago|reply
[+] [-] gego|4 years ago|reply
[+] [-] Afforess|4 years ago|reply