As I have no idea about .NET development, I don't really understand the relation between these projects and .NET Foundation.
Is .NET foundation paying them money? Or what is the relationship between the projects and Microsoft/.NET Foundation?
Reading the "apology" on github, it seems that .NET Foundation/Microsoft thinks those projects are essentially theirs, and they are free to put them under their enterprise account to "simplify billing"
There are also some notes about copyright that I don't understand. Who owns the copyright? Microsoft or the maintainers?
edit: From the github "apology":
> Projects might not fully understand what joining the .NET Foundation means. We share a checklist with project maintainers on project changes they accept as part of becoming part of the .NET Foundation. That’s obviously not sufficient. We will post a new document that describes what you can expect when your project joins the .NET Foundation. This will include changes (observable or legal) and new benefits. It will also include changes that could occur later.
Anyone here old enough to remember when SourceForge was The Place(tm) to stick OSS code and then how it fell from grace?
I’m curious in what ways the MicroSoft take over of GitHub is and is not starting to feel like that.
For me, one is just the difference in scale. GitHub is vast in both content as well as tooling compared to SourceForge at it’s highest points. And a commercial entity orders of magnitude smaller than MicroSoft took over SF. The rate of descent into Not Good(tm) territory also seems slower and more ponderous.
But while the magnitudes differ, the vectors look similar. Not exactly the same, because history rhymes with itself before it repeats itself.
Curious what other similarities and dissimilarities other old timers see.
I'm not trying to be lazy (ok maybe a little bit), but can someone please provide like a 3-4 sentence summary of what happened? Everything I've seen on this either assumes you already know, or is very long and rambly, or both.
Many projects joined the .NET Foundation after it was created. It didn't really do anything for them (I think they basically sponsor meetups), but it wasn't harming anyone either.
The .NET Foundation asked for owner access on the author's repository (for a CLA bot). The author declined and a workaround was organized.
Years later the .NET Foundation asked for "owner access" on the author's repository (to allow them enforce Code of Conduct across all repositories). The author declined.
The CLA bot stopped working. The author was told it would work if he gave it owner access. The author was annoyed because they previously had a workaround. They gave in and gave @dnfadmin owner access (temporarily, it was later revoked after the CLA bot was set up, thanks /u/ethbr0 for the correction).
Some time later the author realized that the project had now been silently moved to GitHub Enterprise (likely in the short window @dnfadmin had owner access). The author states that projects in GitHub Enterprise can be entirely controlled by the owner of the account (the .NET Foundation). This transfer happened silently.
Independently, this happened to another project (who had coincidentally had an issue with a Microsoft employee and former contributor force a pull-request into their project: https://github.com/reactiveui/splat/pull/778). The change itself seems innocuous, but the approach bothered people.
People are upset because of how tone-deaf all of this is. They would like the .NET Foundation to stop trying to gain complete control over the member projects. They would especially like for their projects not to have their ownership changed silently.
Edit: For the record, I do not believe this is part of some embrace, extend, extinguish plan on behalf of Microsoft. I think these accusations actually cheapen what has happened here. I suspect this was more of a "can we make this process easier and more convenient for the .NET Foundation"-type thing.
The people involved with this will have to do some soul searching. The .NET Foundation should operate in service of its member projects, not the other way around.
Project maintainers had their projects moved from their public GitHub accounts to the DNF's GitHub Enterprise account without notice. Some maintainers only found out about the transfers of their projects because of this[1] discussion.
Extremely bizarre that the main concern in this thread is with GitHub, even though they did absolutely nothing here: the repo that was transferred had given admin rights to the DNF account for a bit. What the DNF did here is questionable, no doubt, but seeing people here claim this portends the death of GitHub is disappointing.
Clearly the org is far too gone at this point. It's a dead project people are funneled into that doesn't serve a purpose. Maintainers should do like the history of software has. Drop it and organize anew.
A massive red flag for all this are the words "code of conduct". They're not "bad" to have, generally projects already have them, they were previously called "rules". But if the "code of conduct" is filled with title 9 speak then you know you're dealing with corporate types, not developers. For those that haven't taken title 9 training, you're told to be the gestapo morality police and actively go out of your way to vocally suppress any discussion that might involve something that could have the potential to be discriminatory. This is done for liability protection, for the company. Not because it would actually be discriminatory/immoral. Yet somehow its made it's way into software repos.
If they used some special microsoft insider access to github to move these projects... that's gonna really harm trust in github. They really oughta make it clear that they did NOT do this, or make it clear how it can never happen again.
I mean, they’re clearly heading toward stealing control of associated open source projects away from the founders/maintainers so I don’t think there’s even room to discuss “repairing trust.”
You might discuss repairing trust with a burglar you caught in your house after his criminal trial. At this point, Microsoft is the burglar and he’s still in your house with the ski mask on (unless you would prefer for the burglar to be a she).
There is no "special" access in GitHub, and no person as far as I know has such an access. I work at Microsoft, but GitHub side is very detached so I don't think there was any collaboration.
There is no reason to suspect that they did. As I wrote, I granted admin access to my GitHub organization. No other special access was needed after that.
Arguably, for those who want to / have to work in the .NET ecosystem, it is better that .NET is adopting an open source model, even if imperfect.
This actually lessens the vendor lock-in problem and also means less of a risk of Microsoft pulling out of providing security updates for key components.
So far as I can observe, C#, F# and .NET Core as a platform for web development have benefited from the OSS-ification in the form of more dynamic and transparent progress/evolution.
This doesn't make sense to me. My company (FireGiant) sells support contracts for the open source project for companies that want guaranteed incident response times/SLAs.
And Microsoft isn't involved. The .NET Foundation holds the copyright.
They "love open source" because that's what makes most business sense. FOSS is part of the developer zeitgeist so much that you can't avoid dealing with it. MS and others have bashed them for years, but it only got stronger. So it only makes sense to tone down the denial and start accepting that it won't go away.
Some leaders just need to issue “all hands” commands every now and then. These commands often make little sense to those at the receiving end. But those leaders need this to have their leader status confirmed. It serves also as proof of authority to their superiors.
This is particularly frustrating when an organisation switches leadership and goes from participative to hierarchical. I think this is what happened here: .NET Foundation leadership must have changed and with it came a new, hierarchical leadership style.
Does anyone else love these technology psycho-dramas? I really don't have a dog in this fight but I find myself following them more avidly than a netflix mini-series.
It is drama about people, power and emotions. People read books which are classified as drama. And honestly, this conversation is really civil (at least after moderation and ignoring everything which contains EEE and $ as a string) and therefore also a good read.
An open source umbrella organization pulled rank and the member projects are connecting the dots to see that Microsoft views them as unpaid employees.
No, it's not hyperbole. Go check the foundations website and you'll find that Microsoft has exclusive access to the highest level of power in the self-styled "independent" organization written right in to the bylaws.
So... about a decade ago, a guy was found guilty and convicted to 5 years in jail for unauthorized computer access because he scraped a data from open website (see this for details: https://www.zdnet.com/article/jury-convicts-hacker-over-at-t... ). Can somebody explain to me, why isn't foundation guilty of the same crime? Clearly, they were given an access so that they install a bot, not to take over the project.
Might be tangential but I have not seen a word addressing this fuckery from either Jon Galloway or Scott Hanselman or any of the "dev evangelist" type people. Weird
I started a project that I hope to maybe turn into a product (foss/community edition hybrid approach). One of the tech stacks I evaluated was mono-based, using c# and the .net libraries.
I ended up turning down that choice due to a couple of factors, but one of them was the glacial pace of .net process and development. It just didn't look or feel like a healthy ecosystem, if you weren't paying microsoft $$$$. Just a ton of small warning flags around the community, the stack, and the maintenance of core projects.
C#, .NET, and the associated ecosystem doesn't feel good to work with, out of date, and in desperate need of modernization. The alternatives (spring, flask/falcon, lightbend) all seemed much more modern and easy to work with.
I actually have a concrete example of this: one of the features of my project is that you can define yaml based configuration documents, and share them. Using something that was easy to write for small but coherent configurations was crucial - XML was right out. The .NET ecosystem's yaml support is not great, feels kinda janky, and yaml validation is a paid product! That's completely untenable for something that's still in the weekend work phase. And it wasn't just that, but tons of things I had become accustomed to in python were either incredibly immature or paid. Not to mention that the built in build system was horrific, confusing, and had weak documentation. It's probably a lot easier when you just write a check to a contractor to set up a template for your team, but I have no luxury. Sure, some of this is on me, but I wanted to get started building and the .net ecosystem repeatedly got in my way until I was forced to give up.
So, upon hearing that the .net foundation is spending all of its time generating stacks of bureaucracy and causing internal drama, I feel like I made the right choice. At this point, it's unlikely I re-evaluate .net for future projects unless I hear massively good things (like what happened with java, which took a decade).
> C#, .NET/FCL, and the associated ecosystem doesn't feel good to work with, out of date, and in desperate need of modernization.
I recently built a company over the past year with .NET (after not using it for 5+ years) and felt the total opposite. I suspect you may be referring to the old .NET back when you needed Mono to run it on anything but Windows? .NET Core has been out for a few years and is an amazing improvement, the APIs (especially for web dev) feel very complete and modern, and there have been a lot of neat language features added in the recent major versions. The old .NET was definitely clunky though for targeting anything but Windows apps or servers.
Not sure what you are referring to for the paid products - .NET Core is now open source and even accepts PRs. Although there is no official YAML support still, so maybe the third party library was paid? JSON is a great option these days and .NET's new JSON parser is really fast and uses much less memory (Years ago C# got support for the new Span<T> and Memory<T> types which allow type-safe access to the underlying memory, making serialization operations much better since there isn't a bunch of copying and allocating involved any more)
Sadly(or luckily, for the people that haven't had any contact with the ecosystem), you must have missed the semi-recent open source developments around .NET Core. It's open, has a very healthy community and is well supported by Microsoft.
Sure, back in the days when you had to rely on Mono for cross-compact, this is exactly the answer you'd expect from anyone, but it couldn't be further away from the truth nowadays with the modern runtime and ASP .NET Core.
I can't refute your examples, but I think on one hand, C#/.NET has a lot of modern stuff you maybe didn't see, which you'd wish other languages had. The lang has great features (i.e. properties; the libraries for collections/concurrent collections; System.Linq; and Tasks, to name some). VS has great profiling tools (cpu/memory) if you know how to use them. Package and dependency management were bad, but I believe got some needed improvements starting with .NET Core. Things like that.
OTOH, that said, I don't actually prefer C#/.NET, when I think of those techs I don't think of a great OSS ecosystem (more like marketing blog posts by Microsoft MVPs, as opposed to technical deep dives by passionate engineers). I also think of github repos with at least 10x more open issues than stars or forks. These techs have great features, and they're used for successful projects/companies, but there's something about the fact MSFT owns them that makes me not want to use them at all, and just prefer golang/java/etc.
> The alternatives (spring, flask/falcon, lightbend) all seemed much more modern and easy to work with
I never thought I'd see Spring(or any of those) described as more modern and easy to work with than .Net haha. Spring is the Java land web framework bloatlord. It's quickly fallen behind and out of favor in recent years with the hip crowd preferring micro frameworks like Quarkus or Micronaut. Spring abandoned hot-reload in favor of restarting app context which takes FOR EV ER on larger projects; .Net is releasing hot reload as a first class platform feature as we speak.
.Net runtime is one of the hotest pieces of action on the planet. AOT compile, multi-core threading, async/await, Span<T>. Mono is pulling its weight too with compile to WASM. Then you have ASP.NET, Entity Framework, and a lot of other really great and performant build blocks.
Why would you start a project on a platform then build that product on a foundation of one of that platforms weaknesses instead of one of its strengths? This anecdote is not good evidence against the platform.
the .net ecosystem is somewhat pay to win - its like the apple store of the devtool world, clients are actually willing to pay. if your company has the funds, you have access to some of the best tools in development, but you can get pretty far with its free options too.
C# is quite a nice language to work with. historically projects were very enterprisey oop monsters but cleaner functional paradigms are trending in the .net space.
IMHO for startups, productivity and development speed usually beats performance and enterprisy-ness (looking at you, Spring).
F# dominates C# there, but Django, FastAPI, various other options for Node or other languages, are simply easier to learn and faster to iterate. You can change/reload a Django app several times before the C# compiler finds a problem with your static types in a bigger codebase...
And to me it seems like you can acquire technical debt in C# just as fast as with any other language. Maybe faster because it is harder to learn and less "obvious" with all the DI magic. Of course, if you are proficient in C# and its ecosystem, you can write some damn fine software in it. If so, I wish you the best of luck finding affordable coworkers who can do the same.
[+] [-] shp0ngle|4 years ago|reply
Is .NET foundation paying them money? Or what is the relationship between the projects and Microsoft/.NET Foundation?
Reading the "apology" on github, it seems that .NET Foundation/Microsoft thinks those projects are essentially theirs, and they are free to put them under their enterprise account to "simplify billing"
https://github.com/dotnet-foundation/Home/discussions/39
But reading this article, and the one below, the maintainers think otherwise?
https://www.glennwatson.net/posts/dnf-problems-solutions
There are also some notes about copyright that I don't understand. Who owns the copyright? Microsoft or the maintainers?
edit: From the github "apology":
> Projects might not fully understand what joining the .NET Foundation means. We share a checklist with project maintainers on project changes they accept as part of becoming part of the .NET Foundation. That’s obviously not sufficient. We will post a new document that describes what you can expect when your project joins the .NET Foundation. This will include changes (observable or legal) and new benefits. It will also include changes that could occur later.
....ok? That seems scary, coming from Microsoft
[+] [-] travisgriggs|4 years ago|reply
I’m curious in what ways the MicroSoft take over of GitHub is and is not starting to feel like that.
For me, one is just the difference in scale. GitHub is vast in both content as well as tooling compared to SourceForge at it’s highest points. And a commercial entity orders of magnitude smaller than MicroSoft took over SF. The rate of descent into Not Good(tm) territory also seems slower and more ponderous.
But while the magnitudes differ, the vectors look similar. Not exactly the same, because history rhymes with itself before it repeats itself.
Curious what other similarities and dissimilarities other old timers see.
[+] [-] zippergz|4 years ago|reply
[+] [-] Permit|4 years ago|reply
The .NET Foundation asked for owner access on the author's repository (for a CLA bot). The author declined and a workaround was organized.
Years later the .NET Foundation asked for "owner access" on the author's repository (to allow them enforce Code of Conduct across all repositories). The author declined.
The CLA bot stopped working. The author was told it would work if he gave it owner access. The author was annoyed because they previously had a workaround. They gave in and gave @dnfadmin owner access (temporarily, it was later revoked after the CLA bot was set up, thanks /u/ethbr0 for the correction).
Some time later the author realized that the project had now been silently moved to GitHub Enterprise (likely in the short window @dnfadmin had owner access). The author states that projects in GitHub Enterprise can be entirely controlled by the owner of the account (the .NET Foundation). This transfer happened silently.
Independently, this happened to another project (who had coincidentally had an issue with a Microsoft employee and former contributor force a pull-request into their project: https://github.com/reactiveui/splat/pull/778). The change itself seems innocuous, but the approach bothered people.
People are upset because of how tone-deaf all of this is. They would like the .NET Foundation to stop trying to gain complete control over the member projects. They would especially like for their projects not to have their ownership changed silently.
Edit: For the record, I do not believe this is part of some embrace, extend, extinguish plan on behalf of Microsoft. I think these accusations actually cheapen what has happened here. I suspect this was more of a "can we make this process easier and more convenient for the .NET Foundation"-type thing.
The people involved with this will have to do some soul searching. The .NET Foundation should operate in service of its member projects, not the other way around.
[+] [-] heavyset_go|4 years ago|reply
[1] https://github.com/dotnet-foundation/Home/discussions/38
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] square_usual|4 years ago|reply
[+] [-] devwastaken|4 years ago|reply
A massive red flag for all this are the words "code of conduct". They're not "bad" to have, generally projects already have them, they were previously called "rules". But if the "code of conduct" is filled with title 9 speak then you know you're dealing with corporate types, not developers. For those that haven't taken title 9 training, you're told to be the gestapo morality police and actively go out of your way to vocally suppress any discussion that might involve something that could have the potential to be discriminatory. This is done for liability protection, for the company. Not because it would actually be discriminatory/immoral. Yet somehow its made it's way into software repos.
[+] [-] jrochkind1|4 years ago|reply
[+] [-] RNCTX|4 years ago|reply
You might discuss repairing trust with a burglar you caught in your house after his criminal trial. At this point, Microsoft is the burglar and he’s still in your house with the ski mask on (unless you would prefer for the burglar to be a she).
[+] [-] wvenable|4 years ago|reply
[+] [-] sundvor|4 years ago|reply
[+] [-] icegreentea2|4 years ago|reply
[+] [-] amir734jj|4 years ago|reply
[+] [-] robmen|4 years ago|reply
[+] [-] meragrin_|4 years ago|reply
[+] [-] keithnz|4 years ago|reply
[+] [-] xfer|4 years ago|reply
[+] [-] bayesian_horse|4 years ago|reply
This actually lessens the vendor lock-in problem and also means less of a risk of Microsoft pulling out of providing security updates for key components.
So far as I can observe, C#, F# and .NET Core as a platform for web development have benefited from the OSS-ification in the form of more dynamic and transparent progress/evolution.
Disclaimer: I'm more of a Python/Django guy.
[+] [-] robmen|4 years ago|reply
And Microsoft isn't involved. The .NET Foundation holds the copyright.
[+] [-] npteljes|4 years ago|reply
[+] [-] hulitu|4 years ago|reply
[+] [-] ghuntley|4 years ago|reply
[+] [-] aliswe|4 years ago|reply
[+] [-] munduz|4 years ago|reply
[+] [-] bayesian_horse|4 years ago|reply
[+] [-] periheli0n|4 years ago|reply
This is particularly frustrating when an organisation switches leadership and goes from participative to hierarchical. I think this is what happened here: .NET Foundation leadership must have changed and with it came a new, hierarchical leadership style.
[+] [-] vmkw|4 years ago|reply
https://discuss.python.org/t/all-hands-on-deck-the-release-o...
Python is fully corporate now and free spirits have been removed.
[+] [-] gadders|4 years ago|reply
[+] [-] oaiey|4 years ago|reply
[+] [-] wly_cdgr|4 years ago|reply
[+] [-] dogleash|4 years ago|reply
No, it's not hyperbole. Go check the foundations website and you'll find that Microsoft has exclusive access to the highest level of power in the self-styled "independent" organization written right in to the bylaws.
[+] [-] heavyset_go|4 years ago|reply
[1] https://news.ycombinator.com/item?id=28795275
[+] [-] kova12|4 years ago|reply
[+] [-] tim_cookie|4 years ago|reply
[+] [-] marsdepinski|4 years ago|reply
[+] [-] trangus_1985|4 years ago|reply
I ended up turning down that choice due to a couple of factors, but one of them was the glacial pace of .net process and development. It just didn't look or feel like a healthy ecosystem, if you weren't paying microsoft $$$$. Just a ton of small warning flags around the community, the stack, and the maintenance of core projects.
C#, .NET, and the associated ecosystem doesn't feel good to work with, out of date, and in desperate need of modernization. The alternatives (spring, flask/falcon, lightbend) all seemed much more modern and easy to work with.
I actually have a concrete example of this: one of the features of my project is that you can define yaml based configuration documents, and share them. Using something that was easy to write for small but coherent configurations was crucial - XML was right out. The .NET ecosystem's yaml support is not great, feels kinda janky, and yaml validation is a paid product! That's completely untenable for something that's still in the weekend work phase. And it wasn't just that, but tons of things I had become accustomed to in python were either incredibly immature or paid. Not to mention that the built in build system was horrific, confusing, and had weak documentation. It's probably a lot easier when you just write a check to a contractor to set up a template for your team, but I have no luxury. Sure, some of this is on me, but I wanted to get started building and the .net ecosystem repeatedly got in my way until I was forced to give up.
So, upon hearing that the .net foundation is spending all of its time generating stacks of bureaucracy and causing internal drama, I feel like I made the right choice. At this point, it's unlikely I re-evaluate .net for future projects unless I hear massively good things (like what happened with java, which took a decade).
[+] [-] cyral|4 years ago|reply
I recently built a company over the past year with .NET (after not using it for 5+ years) and felt the total opposite. I suspect you may be referring to the old .NET back when you needed Mono to run it on anything but Windows? .NET Core has been out for a few years and is an amazing improvement, the APIs (especially for web dev) feel very complete and modern, and there have been a lot of neat language features added in the recent major versions. The old .NET was definitely clunky though for targeting anything but Windows apps or servers.
Not sure what you are referring to for the paid products - .NET Core is now open source and even accepts PRs. Although there is no official YAML support still, so maybe the third party library was paid? JSON is a great option these days and .NET's new JSON parser is really fast and uses much less memory (Years ago C# got support for the new Span<T> and Memory<T> types which allow type-safe access to the underlying memory, making serialization operations much better since there isn't a bunch of copying and allocating involved any more)
[+] [-] meibo|4 years ago|reply
Sure, back in the days when you had to rely on Mono for cross-compact, this is exactly the answer you'd expect from anyone, but it couldn't be further away from the truth nowadays with the modern runtime and ASP .NET Core.
[+] [-] oneepic|4 years ago|reply
OTOH, that said, I don't actually prefer C#/.NET, when I think of those techs I don't think of a great OSS ecosystem (more like marketing blog posts by Microsoft MVPs, as opposed to technical deep dives by passionate engineers). I also think of github repos with at least 10x more open issues than stars or forks. These techs have great features, and they're used for successful projects/companies, but there's something about the fact MSFT owns them that makes me not want to use them at all, and just prefer golang/java/etc.
[+] [-] Rapzid|4 years ago|reply
I never thought I'd see Spring(or any of those) described as more modern and easy to work with than .Net haha. Spring is the Java land web framework bloatlord. It's quickly fallen behind and out of favor in recent years with the hip crowd preferring micro frameworks like Quarkus or Micronaut. Spring abandoned hot-reload in favor of restarting app context which takes FOR EV ER on larger projects; .Net is releasing hot reload as a first class platform feature as we speak.
.Net runtime is one of the hotest pieces of action on the planet. AOT compile, multi-core threading, async/await, Span<T>. Mono is pulling its weight too with compile to WASM. Then you have ASP.NET, Entity Framework, and a lot of other really great and performant build blocks.
[+] [-] tasogare|4 years ago|reply
You must have miss dotnet Core because the modernization you're asking happened years ago.
[+] [-] cosmotic|4 years ago|reply
[+] [-] sumnole|4 years ago|reply
C# is quite a nice language to work with. historically projects were very enterprisey oop monsters but cleaner functional paradigms are trending in the .net space.
[+] [-] heavyset_go|4 years ago|reply
What are some of those things?
[+] [-] bayesian_horse|4 years ago|reply
F# dominates C# there, but Django, FastAPI, various other options for Node or other languages, are simply easier to learn and faster to iterate. You can change/reload a Django app several times before the C# compiler finds a problem with your static types in a bigger codebase...
And to me it seems like you can acquire technical debt in C# just as fast as with any other language. Maybe faster because it is harder to learn and less "obvious" with all the DI magic. Of course, if you are proficient in C# and its ecosystem, you can write some damn fine software in it. If so, I wish you the best of luck finding affordable coworkers who can do the same.
[+] [-] bob1029|4 years ago|reply
Seeing actual quotes personifying Microsoft as a burglar today. Looking forward to the productive conclusion on all of this.
[+] [-] watersb|4 years ago|reply
[+] [-] still_grokking|4 years ago|reply
Anybody old enough knows what this company stands for. It's tree big letters: EEE
Of course nothing has changed. How could anybody dare to believe that?