aburka 🫣<p>I opened a bug ticket on the Homebrew issue tracker. It is a legitimate bug, with a reproducer provided, maintainers agreed. </p><p>I managed to keep it open for six weeks by commenting every time <a href="https://hachyderm.io/tags/stalebot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>stalebot</span></a> barged in (just posting a link to Drew Devault's article), before someone showed up to condescend and strawman me, saying I must have bad intentions towards Homebrew if I don't like stalebot.</p><p>Then the ticket was summarily closed and locked as unproductive (because I dared criticize their stale policy), and as "hard to debug" (despite being 100% reproducible with the code I provided), proving my point. </p><p>Would not recommend contributing to that project. They clearly do not value having a community.</p>
Recent searches
No recent searches
Search options
Only available when logged in.
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome
Administered by:
Server stats:
5.3Kactive users
techhub.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.6
#stalebot
0 posts · 0 participants · 0 posts today
aburka 🫣<p>why is <a href="https://hachyderm.io/tags/stalebot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>stalebot</span></a></p><p>do better, <span class="h-card" translate="no"><a href="https://fosstodon.org/@homebrew" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>homebrew</span></a></span></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.treehouse.systems/@krutonium" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>krutonium</span></a></span> thx.</p><p>I just think that <a href="https://infosec.space/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mastodon</span></a>'s <a href="https://infosec.space/tags/developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>developers</span></a> should not incentivize <em>"<a href="https://infosec.space/tags/stalebot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>stalebot</span></a>|ting"</em> <em>alleged duplicates</em> as this doesn't help anyone and only results in frustrated folks opening actual duplicates until <span class="h-card" translate="no"><a href="https://mastodon.social/@Gargron" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Gargron</span></a></span> actually gives a damn!</p><ul><li>Like <a href="http://github.com/mastodon/mastodon/issues/28605" rel="nofollow noopener noreferrer" target="_blank">this issue</a> can fix <em>multiple issues</em> the way a potential workaround is suggested.</li></ul><p>Obviously, the existing <a href="https://infosec.space/tags/blocklist" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blocklist</span></a> system does <a href="https://infosec.space/tags/deduplicate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>deduplicate</span></a> entries (else it would not detect duplicates and say so!) and not only allow <em>"apoend"</em> and <em>"replace"</em> so it is reasonable to expect it's ability to properly delist entries!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://shark.community/@truh" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>truh</span></a></span> <span class="h-card" translate="no"><a href="https://fops.cloud/users/thcrt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thcrt</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@MastodonEngineering" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>MastodonEngineering</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@Gargron" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Gargron</span></a></span> I think <a href="https://infosec.space/tags/StaleBot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StaleBot</span></a> should not be used to closed issues!</p><ul><li>Rather use it to mark posts waiting for a reply from the original poster needed...</li></ul>
Dis<p><span class="h-card" translate="no"><a href="https://fops.cloud/users/thcrt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thcrt</span></a></span><span> </span><a href="https://infosec.town/tags/stalebot" rel="nofollow noopener noreferrer" target="_blank">#stalebot</a><span> is an agreement by the maintainers to show up in time. If they don't, tag them by name and publically. I didn't get a choice in their artificial time limit, so the least they can do is admit out loud they are being shitty maintainers.</span></p>
Dis<p><span>I do not know why the Home Assistant developers foster such a hostile environment, and I really hope it doesn't push the whole ecosystem backwards again. (This new legal entity seems like a very bad sign to me, but I've had entirely too much experience with "corporate" open source.)<br><br>The "Cool Kids" clique has managed to negatively impact everything. Did you get kicked out of HACS by a malicious request? Too bad! Found a simple easy-to-reproduce bug? File an excellent report, and sit back until stalebot closes it. Oh but you have a patch? It got rejected! Don't worry though, because there is a decent chance a Cool Kid will copy it and submit it as their own. Did you find a security issue? Oh no! File it quick to protect everyone! Too bad they will tell you it is invalid, and then later they will post-date the notification so they can give tons of public credit to a Cool Kid instead.<br><br>And these are just incidents that I am finding by accident as I try to use and contribute to this fucking mess. Almost every time I have to deal with the core ecosystem it turns out that the bug is old. Usually someone else already tried and got shit on (or ignored until the robot says "fuck off you don't matter".) Sometimes I get unlucky and it is my turn to get the stinky end of the stick. Usually I don't bother anymore.<br><br>This is not about scale. This isn't even about </span><a href="https://infosec.town/tags/stalebot" rel="nofollow noopener noreferrer" target="_blank">#stalebot</a><span>, although of course stalebot helps gatekeep by ignoring the Cool Kids. This isn't about misfiled tech support "bugs", or about improper disclosure. This isn't about "that mean person told me my code sucked." This is purely about the "Us vs Them" gatekeeping bullshit.<br><br>I originally wrote this out with a bunch of examples, but every third word being a link to a bug or blog (or both) took something away from it.<br><br></span><a href="https://infosec.town/tags/homeassistant" rel="nofollow noopener noreferrer" target="_blank">#homeassistant</a><span> </span><a href="https://infosec.town/tags/hassio" rel="nofollow noopener noreferrer" target="_blank">#hassio</a><span> </span><a href="https://infosec.town/tags/hacs" rel="nofollow noopener noreferrer" target="_blank">#hacs</a><span> </span><a href="https://infosec.town/tags/homeautomation" rel="nofollow noopener noreferrer" target="_blank">#homeautomation</a><span> </span><a href="https://infosec.town/tags/selfhosting" rel="nofollow noopener noreferrer" target="_blank">#selfhosting</a><span> </span><a href="https://infosec.town/tags/selfhost" rel="nofollow noopener noreferrer" target="_blank">#selfhost</a></p>
Dis<p><span class="h-card" translate="no"><a href="https://mastodon.social/@geerlingguy" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>geerlingguy</span></a></span><span> </span><a href="https://infosec.town/tags/Discord" rel="nofollow noopener noreferrer" target="_blank">#Discord</a><span> and </span><a href="https://infosec.town/tags/Stalebot" rel="nofollow noopener noreferrer" target="_blank">#Stalebot</a><span> are the worst parts of dealing with "open" source these days<br></span><a href="https://infosec.town/notes/9iivofhst5ha0u46" rel="nofollow noopener noreferrer" target="_blank">infosec.town/notes/9iivofhst5ha0u46</a></p>
Dis<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@abcdw" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>abcdw</span></a></span><span> And most importantly, don't let </span><a href="https://infosec.town/tags/Stalebot" rel="nofollow noopener noreferrer" target="_blank">#Stalebot</a><span> violate all of the above. The robots are the most contributor-facing part of an organization and will either welcome them or chase them off, automatically, 24/7/365.</span></p>
mgorny-nyan (he) :autism:🙀🚂🐧<p><a href="https://social.treehouse.systems/tags/StaleBot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StaleBot</span></a> is at it again. This time, the project maintainer was so busy configuring their stale bot that they've entirely missed the syntax error reported by CI, merged a broken pull request and then made a completely broken release.</p><p><a href="https://github.com/wolph/python-progressbar/pull/298" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/wolph/python-progre</span><span class="invisible">ssbar/pull/298</span></a></p><p><a href="https://social.treehouse.systems/tags/Gentoo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gentoo</span></a> <a href="https://social.treehouse.systems/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> <a href="https://social.treehouse.systems/tags/WTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WTF</span></a></p>
mgorny-nyan (on) :autism:🙀🚂🐧<p><a href="https://pol.social/tags/StaleBot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StaleBot</span></a> znów przynosi szkody. Tym razem opiekun projektu był tak pochłonięty konfiguracją bota, że zignorował błąd składni, zgłoszony przez CI, wrzucił spieprzoną łatkę do projektu, a następnie wydał totalnie nową, totalnie spieprzoną wersję.</p><p><a href="https://github.com/wolph/python-progressbar/pull/298" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/wolph/python-progre</span><span class="invisible">ssbar/pull/298</span></a></p><p><a href="https://pol.social/tags/Gentoo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gentoo</span></a> <a href="https://pol.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a></p>
Rep. Eric Gallager (no "h"!)<p>Motion to ban <a href="https://social.treehouse.systems/tags/StaleBot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StaleBot</span></a></p>
Dis<p><span>I finally got triaged! After over a month, a </span><a href="https://infosec.town/tags/homeassistant" rel="nofollow noopener noreferrer" target="_blank">#homeassistant</a><span> </span><a href="https://infosec.town/tags/security" rel="nofollow noopener noreferrer" target="_blank">#security</a><span> admin sent a form letter saying "According to our security posture, nothing our software can do is actually a security problem. Bye!" (Linked doc at the bottom.)<br><br>For anyone who wanted to know, the password disclosure security vulnerability I've been sitting on is in the *arr integrations, but doing my due diligence I found </span><b><span>many older bugs</span></b><span> with passwords showing, across a wide variety of integrations. They were largely closed by </span><a href="https://infosec.town/tags/stalebot" rel="nofollow noopener noreferrer" target="_blank">#stalebot</a><span>, ensuring that the people </span><a href="https://www.home-assistant.io/blog/2024/04/24/state-of-the-open-home-2024/" rel="nofollow noopener noreferrer" target="_blank"><span>"securing the future of the smart home"</span></a><span> don't have to actually learn anything about security.<br><br></span><a href="https://www.home-assistant.io/security#non-qualifying-vulnerabilities" rel="nofollow noopener noreferrer" target="_blank"><span>Their blame doc</span></a><span> remains one of the more terrifying documents in my house. It seems to me that the </span><a href="https://www.home-assistant.io/blog/2024/06/12/roadmap-introduction/" rel="nofollow noopener noreferrer" target="_blank"><span>"future of the open home"</span></a><span> will have all the security capabilities of a toddler using Windows 95. I'm not entirely down on it though. I honestly love their use of "open". The doors are open, the windows are open, passwords are open.. (Anyone remember the login mess? It is nicely summarized in </span><a href="https://github.com/home-assistant/core/issues/105226#issuecomment-1849658760" rel="nofollow noopener noreferrer" target="_blank"><span>this short comment</span></a><span>, although if you keep reading, Nabu Casa were also very underhanded about the timing and credit.)<br><br>This is the same crew who's reaction to being handed correct, working SSO was .. </span><a href="https://community.home-assistant.io/t/open-letter-for-improving-home-assistants-authentication-system-oidc-sso/494223" rel="nofollow noopener noreferrer" target="_blank"><span>uninformed and panicky</span></a><span> at best. My favorite is </span><a href="https://github.com/home-assistant/core/pull/37645#issuecomment-729720724" rel="nofollow noopener noreferrer" target="_blank"><span>these two comments</span></a><span> where they get called out for saying "We can't merge any outside code ever".<br><br></span><a href="https://infosec.town/tags/security" rel="nofollow noopener noreferrer" target="_blank">#security</a><span> </span><a href="https://infosec.town/tags/vulnerability" rel="nofollow noopener noreferrer" target="_blank">#vulnerability</a><span> </span><a href="https://infosec.town/tags/smarthome" rel="nofollow noopener noreferrer" target="_blank">#smarthome</a><span> </span><a href="https://infosec.town/tags/iot" rel="nofollow noopener noreferrer" target="_blank">#iot</a><span> </span><a href="https://infosec.town/tags/iotsecurity" rel="nofollow noopener noreferrer" target="_blank">#iotsecurity</a><span> </span><a href="https://infosec.town/tags/homeassistant" rel="nofollow noopener noreferrer" target="_blank">#homeassistant</a></p>
Dis<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@frenck" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>frenck</span></a></span><span> you could start with the security pile. I'm less than a week from public disclosure.<br></span><a href="https://infosec.town/tags/homeassistant" rel="nofollow noopener noreferrer" target="_blank">#homeassistant</a><span> </span><a href="https://infosec.town/tags/security" rel="nofollow noopener noreferrer" target="_blank">#security</a><span> </span><a href="https://infosec.town/tags/stalebot" rel="nofollow noopener noreferrer" target="_blank">#stalebot</a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.town/@dis" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dis</span></a></span> <em>nodds in agreement</em> I remember <span class="h-card" translate="no"><a href="https://social.treehouse.systems/@marcan" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>marcan</span></a></span> rightfully blowing off about the bs that is <a href="https://infosec.space/tags/StaleBot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StaleBot</span></a>.</p><ul><li>Only worse is <a href="https://infosec.space/tags/StarBot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StarBot</span></a> that literally demands people to commit to <a href="https://infosec.space/tags/StarFarming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StarFarming</span></a> or otherwise automatically rejecting their issue.</li></ul><p><a href="https://youtu.be/PLlrH0htVnc" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/PLlrH0htVnc</span><span class="invisible"></span></a> video via <span class="h-card" translate="no"><a href="https://linuxrocks.online/@BrodieOnLinux" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BrodieOnLinux</span></a></span> </p><p>Yes, both are worse than <em>paywalling</em> issues to <em>"paying customers only"</em>...</p>
Dis<p><span>It's been almost a month since I filed the security issue. Not even so much as a glance from them. Seems reasonable to release it soon right? Or file it as a public bug? Maybe go for a cve again instead.. <br><br></span><a href="https://infosec.town/tags/homeassistant" rel="nofollow noopener noreferrer" target="_blank">#homeassistant</a><span> </span><a href="https://infosec.town/tags/security" rel="nofollow noopener noreferrer" target="_blank">#security</a><span> </span><a href="https://infosec.town/tags/stalebot" rel="nofollow noopener noreferrer" target="_blank">#stalebot</a></p>
Dis<p><span>Guess I should have opened the security issue in public if I wanted it to be addressed.<br><br></span><a href="https://github.com/home-assistant/core/pull/120867" rel="nofollow noopener noreferrer" target="_blank">github.com/home-assistant/core/pull/120867</a><span> does not fix the one I found, which has still not been acknowledged or triaged.<br><br></span><a href="https://infosec.town/tags/homeassistant" rel="nofollow noopener noreferrer" target="_blank">#homeassistant</a><span> </span><a href="https://infosec.town/tags/security" rel="nofollow noopener noreferrer" target="_blank">#security</a><span> </span><a href="https://infosec.town/tags/stalebot" rel="nofollow noopener noreferrer" target="_blank">#stalebot</a></p>
Dis<p><span>Anyone want to take bets on whether they point stalebot at the security reports? Cuz humans on that project don't actually look at bugs. (Maybe they are still too busy "securing the future".)<br><br>Next week I'm just gonna post it as an open bug. </span>:headdesk:<span> (I might also link it to the older bugs that showed it but were closed by stalebot.)<br><br>Stalebot is for feature requests. It is not an alternative to human triage!<br><br>I'm almost annoyed enough to write a </span><a href="https://infosec.town/tags/github" rel="nofollow noopener noreferrer" target="_blank">#github</a><span> script to count the ratio of un-triaged bugs. Anything closed by stalebot where the only participants are non-project members, vs everything that got closed after a member touched it, no matter how or why it was closed. (A count of the times maintainers had to ping stalebot would be nice too. There is zero accountability in the current setup. /long rant deleted/)<br><br></span><a href="https://infosec.town/tags/homeassistant" rel="nofollow noopener noreferrer" target="_blank">#homeassistant</a><span> </span><a href="https://infosec.town/tags/security" rel="nofollow noopener noreferrer" target="_blank">#security</a><span> </span><a href="https://infosec.town/tags/stalebot" rel="nofollow noopener noreferrer" target="_blank">#stalebot</a><span> </span><a href="https://infosec.town/tags/transparency" rel="nofollow noopener noreferrer" target="_blank">#transparency</a></p>
Dis<p><span>Another day, another set of passwords in the </span><a href="https://infosec.town/tags/homeassistant" rel="nofollow noopener noreferrer" target="_blank">#homeassistant</a><span> logs. </span>:fire_angry:<span> Maybe instead of a blog about "securing the future of the smart home" (wtf does that even mean??) they should "secure their fucking smart home app."<br><br>And yes, it came from a 'core' integration. For added fun, there are several existing bugs that show it in passing, but they were closed by </span><a href="https://infosec.town/tags/stalebot" rel="nofollow noopener noreferrer" target="_blank">#stalebot</a><span> before the maintainers bothered to glance at them. (The absolute balls it takes to have your robot say "sorry, we didn't get to you in time, please leave" is wild to me. The message even pretends that the USER is at fault for the lack of triage.)<br><br></span><a href="https://infosec.town/tags/homeassistant" rel="nofollow noopener noreferrer" target="_blank">#homeassistant</a><span> </span><a href="https://infosec.town/tags/security" rel="nofollow noopener noreferrer" target="_blank">#security</a><span> </span><a href="https://infosec.town/tags/stalebot" rel="nofollow noopener noreferrer" target="_blank">#stalebot</a><span> </span><a href="https://infosec.town/tags/iot" rel="nofollow noopener noreferrer" target="_blank">#iot</a><span> </span><a href="https://infosec.town/tags/smarthome" rel="nofollow noopener noreferrer" target="_blank">#smarthome</a></p>
Dis<p><span>Want to know why </span><a href="https://infosec.town/tags/homeassistant" rel="nofollow noopener noreferrer" target="_blank">#homeassistant</a><span> is so shakey? Maybe it is because </span><a href="https://infosec.town/tags/stalebot" rel="nofollow noopener noreferrer" target="_blank">#stalebot</a><span> is still closing active bugs, even when the maintainer is participating and end-users are actively trying to fix them. (Today's example is </span><a href="https://github.com/home-assistant/core/issues/117158" rel="nofollow noopener noreferrer" target="_blank">github.com/home-assistant/core/issues/117158</a><span>. This maintainer picked it up pretty quickly compared to most, but that doesn't stop stalebot.)<br><br>I had a major accomplishment though! After working for over a YEAR, I got a single documentation bug triaged! I doubt they'll do anything with it (it has nothing to do with AI or speech) but at least it is triaged.<br><br>If you close all the bugs, you have no bugs. They must have a great chart to show every week at the meeting. "100 bugs opened, 100 closed, and we didn't have to do any work at all!"</span></p>
mgorny-nyan (he) :autism:🙀🚂🐧<p>I've just learned that there's <a href="https://nostalebots.xyz/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">nostalebots.xyz/</span><span class="invisible"></span></a> and I've just reported two organizations. Let's make a shame list of projects that disrespect their users, and send <a href="https://social.treehouse.systems/tags/StaleBot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StaleBot</span></a> after their bug reports.</p><p>If you want to mark my bug report stale, at least bother doing it personally, just like I bothered filing it. Or ideally, run my reproducer if I managed to provide one.</p><p><a href="https://social.treehouse.systems/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> <a href="https://social.treehouse.systems/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload