this post was submitted on 17 Sep 2024
450 points (98.9% liked)

Open Source

31021 readers
465 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

you are viewing a single comment's thread
view the rest of the comments
[–] delirious_owl@discuss.online 25 points 1 month ago (1 children)

Aaaand thats why all commits should be signed with your pgp key

[–] kautau@lemmy.world 11 points 1 month ago (1 children)

It sounds like they weren’t using any form of version control, so that’s definitely on them at this point

[–] Alexstarfire@lemmy.world 17 points 1 month ago (1 children)

What makes you say that? To me, it sounds like that's what they do have cause they tracked the change back to him. The commit message obviously said nothing about the file.

[–] kautau@lemmy.world 4 points 1 month ago (1 children)

Ah I could see that. I took it as them not knowing where the file came from at all, so they’re just asking all the devs who would have had access at that point, which is why it was “hey do you know anything about this file?” and not “is there a specific reason you committed this file to the build?”

[–] Alexstarfire@lemmy.world 5 points 1 month ago (1 children)

You think they'd call up devs who left them just to ask if they happen to know about a random file?

[–] kautau@lemmy.world 1 points 1 month ago (1 children)

You think they’d call up devs who left them just to ask if they happen to know about a random file?

I mean, that’s what op said happened. Literally with the verbiage of “file we found” and not “file you committed”

[–] Alexstarfire@lemmy.world 1 points 1 month ago* (last edited 1 month ago) (1 children)

I did mean random devs, not the dev they tracked down that made the change.

[–] kautau@lemmy.world 1 points 1 month ago* (last edited 1 month ago)

Right, I based it on an estimate on the size of the company and how many devs they’ve had. But if a 7MB file doubled their build size and nobody noticed for 5 years, it likely wasn’t code reviewed or committed and rather just added somewhere, It’d be my guess that it’s a pretty small team, and if they’re willing to call anyone at this point anyway as they only have a few devs, and not just remove the file, they’re probably unsure on if it serves any sort of point, which usually would be clear in a commit or PR