I'm sorry(github.com) |
A lot of people have ulterior motives and 99% of the "toxicity" I have observed to date comes from either trying to hide those motives or pretending like others couldn't possibly possess them.
Though FWIW, ulterior motives are hidden by definition – as in, that's literally the meaning of the word 'ulterior' – so I'm not quite sure what the last sentence is getting at.
Hyperbole aside its kind of jarring reading a frank apology and ownership of actions (what they did, how it impacted others, why it was bad) that then gets dismissed entirely. I wonder what those people would consider to be sufficient?
It does not seem like there is any point to a public apology. You are going to get the same response whether you frankly admit fault or apologize because some one else didn't understand your good intentions.
The opening paragraph is an apology. Other parts of the post undo any goodwill that might have been garnered from the apology itself.
One example:
> There is a pattern that needs to be resolved. Projects might not fully understand what joining the .NET Foundation means. We share a checklist with project maintainers on project changes they accept as part of becoming part of the .NET Foundation. That’s obviously not sufficient. We will post a new document that describes what you can expect when your project joins the .NET Foundation...
To me, this says "sooo, even though I screwed up, I'm technically allowed to do what I did and you probably should have already expected that based on the agreement you signed, but we'll make our materials even clearer so you don't make that mistake again".
It turns the problem back around on the community. I don't necessarily think there's anything wrong with the rest of the post after the apology...if it was posted separately. When included in the same post, it's hard not to take it as "sorry, but I still wasn't technically wrong".
I do think the whole culture around public apologies and the hair-splitting and analysis that comes after is concerning and often unhelpful. But I think the backlash here is understandable.
I initially read her apology and thought it was likely a response to an overblown situation that occurs because it's on the Internet and it's much easier to assume the worst of people's intentions.
I can imagine merging a PR I made that I imagined to be obvious and fine. I probably would have just said, 'oh yeah, sorry. I'll try not to do it again. My bad.'
But then again, that's probably why I'm not the leader of the .Net foundation :-)
This is also recognizable as “I’m sorry, but” or “I’m sorry it made you feel that way”. Both of which have meaningful applications in very specific circumstances but neither of which belong in a public apology.
The person (affiliated with the .NET Foundation) giving this apology is on the Microsoft concentration-camp-money payroll. They are being paid to do things that will ultimately result in the sale of more proprietary Microsoft software and services.
Don't get it twisted. These FOSS project maintainers were fools to get in bed with the enemy.
But (as other folks have mentioned) most of the maintainers are commenting on the rest of the post, which sort of hides behind that apology. The rest of the post addresses the real outrage that's been growing in that community -- not due to a bad merge, which is rude but somewhat understandable as a mistake, but due to the .NET Foundation essentially overstepping what the project maintainers understand as the DNF's role and authority.
That part is a complete non-apology, where the executive director of the DNF is basically saying "we're so sorry that you didn't properly understand that we could do this, we'll fix that by publishing a clearer document", and "we're so sorry that you didn't know we could just move you to our enterprise account, we'll communicate better next time". Both of these are spun as communication issues, whereas in reality they're authority issues -- the maintainers don't think the DNF should be able to just decide to do that, on its own, regardless of how well it's communicated.
And then I realized: her apology here isn’t addressing the root concerns. But it’s addressing everything she has authority to address. Therefore, it’s the best apology possible, but people may be upset because e.g. her merging a PR without discussion is perhaps less anxiety-inducing than the idea that your GitHub repo can be moved without warning to a separate enterprise account (if I’m reading this correctly).
I assume she can’t address the latter, since it’s unrelated to her. But she quite thoroughly addressed the former — which is great! — but perhaps she should have distanced herself in her apology from the other happenings that people have brought up.
I don’t know. It was just sort of shocking to read “they transferred my GitHub repo without warning” without an immediate “crap, sorry! We’ve reverted that” reply. I assume I’m missing lots of context though.
You're reading it correctly. There are several maintainers in that discussion who only found out today that their projects were moved from their public GitHub accounts to the DNF's GitHub Enterprise accounts. They weren't notified, and some of them only found out because they read the discussion you linked and decided to check the status of their projects.
As far as I'm aware, the projects haven't been transferred back to the accounts they belonged to prior to being moved to the DNF's account.
Sure, the post starts out as an actual apology for her actions with regards to the PR, but that doesn't seem to have been the meat of the complaints.
Then her post goes on to start making claims that people were upset because things "sound scary" but that the foundations unilateral decision to move projects under their github account actually somehow "gives them more control over their projects".
Then she goes on to make legal claims that "project ownership changes", when that does not appear to be what the contracts actually say. At this point she is litigating in public against the project maintainers when it seems the foundations purpose in life is to represent them!
There's also an implication here by putting the legal claims after the part about moving projects without the consent that the foundation was "in the right" to do this because they had a contract giving them that right.
Then the email wraps up with multiple paragraphs of polite speech that can frankly be summarized as "and now you get to wait and see what we dictate".
"Non-apology" doesn't seem to be quite the right term, she did apologize at the start for one thing, but the rest was anything but an apology.
There is no law to say that people have to give their projects to the DNF, there is no law that says people have to use those projects and can’t start their own projects - join it if you want, don’t join if you don’t want.
It's an ownership issue rather than a benefits issue -- if you joined a homeowner's association in order to have a say in how things work in your neighborhood, and then got back from vacation and discovered they completely redid your yard while you were away, without telling you about it or asking your permission, you'd be pretty mad even if the yard ended up being nice.
The exact same apology, but coming from a male.
this whole thing should have been able to be a new PR with “sorry about the merge before, i screwed up and it won’t happen again” at the end, and everyone should have been fine with it and moved on.
For them, there is no '𝘴ₒᵣᵣy' or '...please, I can explain...' or 'it's not what you think it is'.
Once it has already been admitted, the road already looks like it is heading to no redemption.
Like me personally, I'm just about out of forgiveness to give, it's too often that the entity in question goes and skips asking permission a second time after they apologize for the first time.
Though in this specific case, the infraction seems really so minor that I'd happily live and let live.
I agree that internet culture seems antithetical to forgiveness, and have no idea what can be done about it.
You think that "Our projects were moved to GitHub Enterprise to consolidate billing but we never had a bill in the first place." and "You're telling us we don't have copyright over our projects but the contract we signed doesn't say that." is "an accusation of insufficient prostration" ?
Also, an apology about a PR isn't this long. This is a wall of text with a few meek words inbetween.
Edit: as lots of people said, I was on an older version of the file. I'm not sure how I did this, but I should have double-checked, especially since there was some base64 stuff in the URL.
https://github.com/reactiveui/splat/commits/main/src/Directo...
So it was merged, then reverted almost immediately, and then reimplemented by the project maintainers in the manner they preferred (without a new dependency).
Sorry not sorry.
i think her apology is a wash but that doesn't mean that people shouldn't act without empathy or reason.
you can enjoy not living in the world-- just go off grid and don't try to push that people can act without remorse or consequence :)
The lengthy word count might tend to confirm that,as you say a genuine apology should be terse and direct.
I've seen enough short apologies posted here and the comments below usually pointed out the lack of effort, the lack of commitment to do better, the lack of pointing out errors and the likes. Any form of apology will get some flak just based on whatever form it took, so I don't think one can judge just based on word count.
Yeah, from an outsiders perspective, the apology felt pretty heartfelt (and humbling too, especially for issues that seem somewhat routine), but as mentioned, maybe there are other details we're not hearing?
... btw, these roles on community foundations/boards can be hell, because the community begins to vent at every mistake (and there will always be mistakes). Devs of .net, maybe give the person a break? She's a person.
I am starting to think there is a part of (some?) people's brains that needs to take something seriously. When all basic needs are met: food, warmth, security etc., problems are invented to give that part of the brain something to do.
Saying "sorry" just isn't enough to absolve your "misdeeds", whatever they might be.
After that she talks about broader organizational stuff which isn't intended to take away from her own apology ("Separate from this personal misstep...").
It's a shame that based on the reactions in the linked thread, many seem unable to take what seems like a genuine apology at face value
And I agree, a “sorry my bad” type of comment would have looked nice in the PR, but the attitude and actions in it vs the official apology, sounds like completely different people.
If that’s the case — and that’s a big if… I don’t think we should assume it’s true — then her apology probably failed to address the root outrage of the decision to move projects to the enterprise account without warning or consent.
They may be entitled to do this, but anyone with a patent is also entitled to enforce that patent. An enforcement decision needs to be made with great care. In this case, they end up sounding tone deaf (https://github.com/dotnet-foundation/Home/discussions/39#dis... has a bunch of justifications about why their decision makes sense, and all I can do is shake my head, even though it is technically correct).
They realized that without significant service lock-in, people would begin to abandon things like Windows (and continue to ignore things like Azure).
This is why WSL exists (so even open source people will keep buying Windows licenses), this is why VS Code exists (and, despite being open source, the most popular plugins for it are proprietary) (to provide a privileged position for GitHub integration), this is why they bought GitHub, this is why they bought NPM, this is why they paid Docker to make dockerd run on Windows, and this is why they're trying very hard to get as many people locked in to proprietary services like GitHub Actions and GitHub Issues.
This is also why they run little shell nonprofits like the .NET Foundation.
I’ve long hoped that gamedev would make a similar transition. And although Unreal Engine et al are open source, it’s still not the default. So in other words, if gamedev as a whole behaved as Microsoft behaves now, I would be gleefully happy. But you would also be correct in saying that they are doing it “just to sell more proprietary software and services to the open source world.”
I don’t know. The reason I’m trying to take a neutral stance is because I empathize with your point of view, but also can’t shake the feeling that the hard line open source idealism of 1980’s has not achieved all the goals that it set out to achieve (to phrase it diplomatically). And so in 2021, the movement is in danger of being totally ineffective, because all of the teenagers from 1980 are old now, and the teenagers from 2021 aren’t buying into the dogma.
You're basically saying that people who wants to make money are bad. That is just a weird judgement, laravel is building a whole ecosystem to make money, spring is building training and support around , nestjs is building enterprise support. If there is no way to make money around doing something that we love, then open source will be dead. If we are grateful as a community towards what they did, we should support them. not judge them that they want to make money :/
There's nothing wrong with making money. However, when your historical business model relies on leveraging monopolistic positions to make said money, any contribution you make is tainted by your ultimate goals of embracing, extending and extinguishing competition to those monopolistic, proprietary offerings. I simply don't trust Microsoft: anything they present isn't a Trojan horse of one flavor or another; proprietary addons in vsc, all the Github nonsense, poisoned "foundation" governance structures - all of it has the effect of luring developers into doing work that benefits the Microsoft ecosystem over open ecosystems. It is naive in the extreme to assert that just because a benefit exists in any form, all harms associated with that benefit must be ignored.
Nothing wrong with making money from software. Lots is wrong with Microsoft attempting to bamboozle developers out of the rights to their work in a transparent attempt to extend corporate lock-in. When Microsoft GPLs their codebase, I'll take their contributions to open source at face value. They can take donations like everyone else.
Actually it has done quite well. Not as widespread as some would like, but I think Free Software is doing spectacularly well. I would say nobody needs Microsoft for anything these day because there are great alternative, but they are creating some decent enterprise tools that may not have free equivalents.
Windows and Office though? I haven't needed those in 15 years, and that's because Free Software has achieved most of its goals.
Reminder: Microsoft is one of the biggest game platforms, too, and have not even flirted with the idea of open source there.
The implication though is that becoming a member of the organization allows for actions like the one she took. I do think owning up to "maybe these agreements aren't clear enough" is good, but that then seems inextricably linked to "I was allowed to do this".
The reader then needs to figure out "is she apologizing because of what she did, or is she apologizing for not being clear that she was allowed to do what she did?"
If you're one of the maintainers, the latter falls flat, regardless of intent/genuineness.
I hope your more charitable take is closer to reality.
> I shouldn't have merged this PR without explicit sign-off from the other maintainers, because it's disrespectful and rude not to follow the project’s process.
The apology and the legal overview do not coexist well.
This definitely should be sufficient. But hey, we are not living in that time anymore.
Public condemnation is the new normal. And a response with public self-condemnation is expected from the mob. "I'm sorry" and "I apologize" is no longer sufficient. You need to go deeper and expose the evil in your soul, and condemn your self and your conspirators, and devote you will be a new person. You might get a chance.
Why give the bullies what they want? Stand your ground:
- You can cordially invite the mob to go fuck itself.
Or, for a less confrontational approach:
- You can ignore the mob and proceed as normal for a few months until they find somebody else to hate.
It's going to be a ride either way, but these bullying tactics work only because people cave. It's a trial by fire. The people that don't tend to end up more successful afterwards, and with the added benefit of knowing who their true friends really are.
A couple of important points:
- You need to commit. If you later on back down, you are done like a cheap steak. The bullies know they own you at that point. Yes, this means you might be fired, or kicked out of your university. Might get your house torched. You're going to lose "friends". Improvise, adapt, and overcome.
- These bullies want to provoke you to violence on their terms. Don't. Especially if you're the fighting type: don't take that bait. Pretty sure Sun Tzu didn't write, "Fight precisely when the enemy wants to battle."
Merging the PR is a personal failure for which she explicitly apologized for.
Microsoft moving repos is something that the organization has always said was possible. There’s not much to apologize there for. That has always been explicitly stated the rules.
You can't apologize and at the same time minimize the thing you actually did. It's pretty much like ending your apology with a "but". And this (not really) apology is a big "but".
More to the point though, this apology attempt made it worse. It starts off with a dishonest apology, and then goes into a big policy and contract debate.
Why would you conflate the two? Whatever point you're then trying to make about policy and ownership is tainted by both the personal misstep (I call it that unsarcastically) and by the insincere apology.
It's needlessly ineffective.
1. It makes your apology sound like "I'm sorry, but I'm the dictator here" 2. It starts you off from a position of "I was wrong, admit I was wrong, but here's how actually I'm right"
It's going to be hard convincing anyone if you start from a position of being wrong. And not just wrong but also really rude.
It seems to me that it would be much more effective to just apologize for the obvious process mis-step and arrogant rudeness (it happens to the best of us), and let that sink in. And then start a new conversation about policy.
Whoever raises "yeah, well weren't you the one who went around PR policies?" in that thread will be the unproductive one, and it won't go anywhere.
As-is the policy points can't be taken at face value.
But reading the apology, I still had the reaction: Wow, they really don't understand community management if they think this is going to work for anyone, which they seem to be telling us is in fact their whole job?
> Wow great conversation! Let's lock it to contributors just for a laugh and not because someone on Twitter just unhelpfully sent 27.3k Looky-Loos over to drop their $0.02 on my repo
> @reactiveui reactiveui locked as resolved and limited conversation to collaborators 6 days ago
Either I'm out of touch (quite probable) or sarcasm doesn't translate too well, since... I think they're unhappy with someone tweeting a link to this PR, but it also seems unclear why discussion was shut down.
I don't think the thread would be helped by 100 "who's here from HN?", "Congrats, you're on reddit", and such.
And after being asked twice by another maintainer (one of the two current maintainers (none of which are her), as I read it) to please follow the procedures, she tells him to fuck off and overrides him.
And after all that she does actually write something intended to look like an apology. So what does that mean? Either she disagrees with you, and indeed she should have followed procedures, or all she's apologizing for is "sorry you got so upset", which more of a taunt than an apology.
No, actually. Contrary to what cryptocurrency people would have you believe, there are other and more effective ways to prevent undesirable behaviour than technical means, for the vast majority of behaviour.
From what I've read about this specific incident, it seems this was enabled by the fact that this project had been moved to GitHub Enterprise without the maintainers' knowledge. One of the features of GitHub Enterprise is that some privileged users in the organization can bypass such restrictions. That may be what happened here.
However, top comments make clear there is a dire need for professional communications training among these programmers. There is entirely too much emotion on display here. Stuff like this:
While I appreciate that this must have been hard to write, this is a total non-apology and just about meets the incredibly low expectations I and others had for the .NET Foundation's public statement.
.. and the other comments like it, are not productive. There is a difference in expectations, so resolve it by making offers to MS for proposed changes. Ultimately there is a negotiated settlement or you walk. That's it. Don't bring emotions into it.Maybe I just missed some nuance that was discussed in more depth elsewhere.
She also repeatedly re-opened and then merged the PR despite the other guy telling her to follow the format and wait for a review. Which she shouldn't have done. But then everyone started bashing her and .NET for other (similarly small) things and extrapolating that. Then there's this 1000 legalese word apology, and then people are bashing her for the apology.
Project maintainers had their projects moved from their public GitHub accounts to the DNF's GitHub Enterprise account without notice. Some maintainers only found out about the transfers of their projects because of this[1] discussion.
[1] https://github.com/dotnet-foundation/Home/discussions/38
This _does_ feel very toxic and unnecessary.
It was a change to a .csproj file, changing the project dependencies. Not a configuration file.
Yes, but did she get her t-shirt?
All of that is however, quite debatable whether it should or should not done by the foundation, but the utterly lack of communication and community participation is the problem here.
There's even a whole language of euphemism around it. "Recent events involving the community", et c. So lame!
Yes it is. It is complicated. How strange, then, that so many people seem to jump with both feet into complicated shared ownership arrangements with near strangers— leading to the absurdity of public messages flying around instead keeping these communications private to the specific people who understand them?
Why am I even seeing this shit? That is auto-fail right there.
(The outdated copy of the agreement that's available online is not good enough.)
From the commit which started this whole brouhaha:
https://github.com/reactiveui/splat/commit/cd2cbb807b36dd89b...
That’s some grade A hornet nest kicking right there.
/s
The incident snowballed into other projects discovering they have been moved to the .NET Foundations Github Enterprise account without their knowledge.
And even more projects joining the snowball with “we were told the Foundation were just there to help us, not take over project ownership”
And now there is a huge snowball with a lot of projects and people stuck inside.
> [...] I made a mistake this last week when I made a PR and merged it to a project without discussion. [...] I overstepped. I failed to consider how the interaction would look through the lens of my current role. [...] this was a mistake. I sincerely apologize.
> To recap, I’m sorry about the PR I made and merged on the ReactiveUI Splat repo. That was a mistake. [...] On behalf of myself as the Executive Director, past and current boards, I’m sorry that we’ve created an environment where maintainers are surprised by their relationship with the .NET Foundation. It will be my and the new board’s number one priority to fix that.
How does one label this as a "non-apology"? Mistakes were acknowledged and corrected; actions were regretted and improvements are identified. Shouldn't that be enough?
https://www.theregister.com/2021/10/05/microsoft_net_foundat...
It appears that Novotny believed she was acting in her capacity as a (long-dormant) maintainer of the project when she merged the PR in question. It was clearly wrong to do so without following the process set down by the other maintainers, and she was right to apologise.
However, as the Executive Director of the Foundation, she also had the power (perhaps indirectly) to force a merge of a patch in any project controlled by the Foundation. All Foundations must reserve this power to themselves (you can't take on legal liability for something you have no control over), but they also must never use it. To do so is the nuclear option, to be invoked only after all trust and goodwill has been irretrievably lost anyway, because it certainly will be once you use it.
When you wear multiple hats and one of those hats is very powerful, it is critically important to make clear when you are doing stuff but not wearing that hat. Sometimes even that doesn't help, and it's better to just refrain from doing that stuff until you have handed the hat on to someone else.
In this case she failed to make it clear that she was wearing her maintainer hat and not her ED hat. In fact, she accidentally invited speculation that she was wearing the ED hat by referring to the change as a requirement of the Foundation. I'd imagine this is why things blew up.
Note that this probably indicates a problem with the structure of the Foundation. It's more or less inevitable that at the board level these things are pay-for-play, and that the ED's continued employment is at the discretion of the board. But technical decisions should be delegated to a neutral body, preferably elected by the project maintainers. It doesn't sound like that exists, but had it done this situation might have been avoided.
The other issue seems to be a fundamental disconnect between the Foundation and the maintainers of various projects in it about the purpose of the Foundation. For example, I saw one where a maintainer politely declined to give the Foundation access privileges required to enforce the Code of Conduct, instead saying that the maintainers would enforce it themselves. Sorry, but I don't think any foundation could accept that. One of many reasons for joining a foundation is that it gives contributors confidence that there is a CoC backed up by an independent organisation, and that can be enforced even (especially) against powerful members of the community such as project maintainers - potentially even all of a project's maintainers. This is one of many ways that Foundations help build contributor confidence, which is one of the major benefits for a project of joining a foundation, and all of them rest on the credibility of the foundation to act as a circuit breaker and assert some kind of control should dire circumstances crop up. To allow individual projects - even historically well-behaved ones - to opt out of that control would be to effectively render those guarantees meaningless, and in fact reduce the foundation to what would be effectively just a giant fraud against contributors.
It appears that many projects signed up without being made aware of this, and that is an absolute disaster for which only the Foundation can be responsible, and again they are right to apologise for failing to communicate it. However, what many people wanted was an apology for having technical measures in place that would allow them to exert control over projects, which the Foundation cannot really apologise for because it would effectively be an apology for existing. Inevitably people who wanted that will see this response as a non-apology apology.
It looks like a long, hard road back from here to rebuild trust. I'd suggest that the board needs to work collaboratively with the community to clearly document the rights and responsibilities of both the Foundation and the individual projects, that they consider establishing an independent governance body for technical oversight, and that any project that feels this isn't what they signed up for be given the opportunity to leave on good terms.
There are a number of projects under the .NET Foundation umbrella, all maintained by different teams.
The .NET Foundation, supposedly for billing reasons, switched to GitHub Enterprise. People weren't aware it was happening or that a side effect of this would be that certain people would have increased access to their repos.
The person writing this post, Claire Novotny, merged in something maintainers disagreed with and that she shouldn't have had GitHub permission to merge. This lead people to realize access controls had changed and become concerned about abuse of this power.
If you read this discussion[1], several maintainers only found out today that their projects have moved accounts because reading the thread itself prompted them to double-check.
[1] https://github.com/dotnet-foundation/Home/discussions/38
She apparently intended to merge that PR qua the latter, but didn't make that sufficiently clear, and also made some offhand remarks about Foundation rules which (accidentally?) implied she was acting qua the former.
Oh what tangled webs we weave...
Don’t trust Microsoft or give anyone admin access to your repos if you won’t want them to do bad shit.
I guess they technically own Github, so don’t use that if you don’t trust them either.
What they have done happens also in the Apache, Eclipse or whatever foundation as well. Just that these are communities which are mature and composed of experienced open source people which know how to address and communicate with other maintainers/egos/people. Open Source Communities are about people. Not the tech. You are only successful if you are good with people. What they did there multiple times was pulling nuclear options without telling people.
The .NET Foundation is run by Microsoft MVP program (Claire, Ben, others) which live in their own dimension which is different from the rest of the community. They are supported by lawyers/managers of Microsoft trying to protect the brand and the core of .NET. That is a setup for failure without any malicious intent.
Disclosure: .NET Fanboy + (successful) open source maintainer (not .NET foundation related)
[edit: I found the commit, the apology should probably include that the file was not beautified before the PR was made..]
You're sorry? Ok, revert it then.
The apology made it sound like a small change that didn’t follow protocol. I didn’t realize it got called out as it happened and she pushed it through anyway.
Hanlon's Razor, I believe it was.
And here, by "stupidity," I just mean the author didn't think about that.
Too often people are willing to attribute sinister meaning to what, in reality, was just a mistake.
"There is a pattern that needs to be resolved. Projects might not fully understand what joining the .NET Foundation means..."
This sounds like not only an apology, but an attempt to start a discussion surrounding the community overall and get everyone to have matching expectations.
the apology is because it's not just about this PR. Among other things there is moving a number of projects into the foundations enterprise gh org without any warning/discussion using the admin account they forced upon/bullied project orgs into adding. This has affected some in a negative way already.
And it wouldn't be the first time Microsoft set out to destroy a community of volunteers either.
There seems to be a more general trend going on, some think themselves or others must be protected from "harshness" (even though I consider the above quote to be only a mild example - see the rest of the internet...). For example Linus Torvalds gets a lot of flak for his opinions on some pieces of code he doesn't like but every time I read those emails, I feel like people are blowing it way out of proportion. I'm sure it's not fun to be on the receiving end but his arguments are typically sound and likes to write a lot to really drive his point home. I'd rather be told I'm working on a dead end than a "nice comforting letter" explaining how my patch can't be accepted _right now_ because of x and y with wording that could be interpreted as "it could be accepted later" just to be friendly even though the code is structurally bad and needs to go back to the drawing board. It would give hope where there is none and I think that is worse than "no your code sucks because of x y and z".
I think in this case here it was ok for disappointment to be expressed.
Harsh or soft, criticism should always be actionable. The way you describe Torvalds' feedback, that's actionable, when someone is told what makes their code unacceptable, so they can correct course and try again.
EDIT: I should edit to add, the post that the quote is from -does- in fact then go on to point out what it finds unacceptable. But I'm commenting just on the quote.
Telling someone to kill themselves is not a sound argument under any circumstances.
There are a few misconceptions at play:
1. that expressing negative emotions implies being offensive
2. that being offensive strengthens an argument
In my experience, being able to separate the offensive part, which is certainly difficult, leads to much more productive outcomes, without losing argumentative strength - besides, being also (considered) more professional.> some think themselves or others must be protected from "harshness"
In the above perspective, harshness is simply improductive in any context - being firm and persuasive is always a better choice. It's just very difficult :^)
> I'd rather be told I'm working on a dead end than a "nice comforting letter" explaining how my patch can't be accepted _right now_ because of x and y with wording that could be interpreted as "it could be accepted later"
This is a dichotomy between an arguably harsh approach and a false/polite one. There are other different approaches (besides, I think that there's nothing offensive/harsh in being told that one is working on a dead end).
> I don't see anything wrong with that quote. Can it be expressed more "softly"? Sure. But that person is expressing his opinion and I don't see any problem with that.
Being considerate towards other people leads to a much more productive collaboration. This vision:
> You could also argue it lays the foundation for further escalation but that's on whoever chooses to engage in it IMO.
is indeed non-collaborative - essentially, not being interested at all about the other person. The point is then just venting frustration rather than communicating (in general, not the specific case).
I doubt that anybody can hold a lead/management position with this attitude (without being considered at least an unpleasant manager).
> For example Linus Torvalds gets a lot of flak for his opinions on some pieces of code he doesn't like but every time I read those emails, I feel like people are blowing it way out of proportion. I'm sure it's not fun to be on the receiving end but his arguments are typically sound and likes to write a lot to really drive his point home.
This argument actually proves the point. Torvals made a public apology:
http://lkml.iu.edu/hypermail/linux/kernel/1809.2/00117.html
so definitely there is something (to say the least) inappropriate with that attitude. There are indications that he went to therapy specifically because of that: https://twitter.com/lexnfx/status/1409185767348310020
All in all, I definitely support (in a more verbose way :^)) the argument:> top comments make clear there is a dire need for professional communications training among these programmers
This sounds like victim-blaming. I can imagine neo-nazis using this type of statement to defend someone who yelled the N-word in a black neighborhood.
The truth is that inflammatory language, which GP's quote was, is rarely constructive.
As for emotions and business you are also quite wrong. Emotions will give you some pretty good hints about reality. Ignoring those and trying to be 'productive' is a sure way of being tricked all the way to the bank. There's a reason emotions exist and to lobotomise yourself won't make you a better business person.
This. If the other party has identified you as a mark for their scheme, non-emotional professional haggling will result in the worst case in profit for the hostile party, and even at best will be a total waste of time for you and exhausting.
I.e. it's "Excuse me sir I notice an acidic liquid flowing from your direction. I would appreciate if you could either maneuver yourself or stop the said liquid flow as the volume of fluid gets in contact with my countenance." v.s. "Stop peeing on my face you **hole!"
You should not aggravate situations beyond reasonable bounds, should not become a sosiopathic professional victim and so on - but for a person of healthy psychological state, your emotions definetly are a valuable guide.
"We speak not strictly and philosophically when we talk of the combat of passion and of reason. Reason is, and ought only to be the slave of the passions, and can never pretend to any other office than to serve and obey them."[0]
[0] https://en.wikisource.org/wiki/Page%3ATreatise_of_Human_Natu...
Here's some more rude commentary for you: you are showing your hand, and it's a very poor / weak one.
You seemingly operate under the assumption that corporate-speak is some sort of invisibility cloak that gives the denizens of said corporations free reign to exploit whoever they like, and those exploited should politely ask for their soylent green in return.
Well, if I were giving my humanities-grad opinion to those developers in terms of dealing with people like you, I'd tell them to immediately recognize and refuse to deal with people like you, and more specifically to tell you that "if you want me to participate in your HR-speak, you can pay me a salary, until then the discourse is not on your terms. Maybe you should tell your boss to send someone else."
It's possible to express anger without burning bridges.
You should probably read the conversation in the PR: https://github.com/reactiveui/splat/pull/778
> there is a dire need for professional communications training among these programmers.
Maybe, but probably not why you think.
Once you've read the PR's conversation you'll see this isn't about someone just merging a PR which wasn't approved. This about someone submitting a PR, a maintainer asking for discussion before merging it, ignoring the maintainer and just merge the PR, the maintainer asking why it wasn't discussed and then making a snide remark to the maintainer.
So I agree that the "Sorry for merging a PR" isn't going to cut it here. The merging of the PR was the least of the problem. It's a hollow corporate-style apology where someone is allowed to be called out for. It's like saying: "Sorry I hurt your toe" after you pushed someone of a cliff.
It does not say "owned AND managed".
MSFT has been in the business of using legal to make money. This is not the Apache Foundation. This is a non-profit arm of MSFT.
This was entirely GP's point.
Node: Neither the OpenJS foundation, nor its parent the Linux foundation claims owner ship of Node: https://github.com/nodejs/node/blob/master/LICENSE
Linux: No copyright assignment, just a compatible license required: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...
The CNCF and the kubernetes system does do a CLA, so it's not a concept the Linux foundation has never heard of it, but clearly it's not required for every project they support.
See also SPI's stance, which provides the legal support for projects like Debian and Arch Linux: https://www.spi-inc.org/projects/relationship/
https://github.com/dotnet-foundation/foundation/blob/master/...
The CLA only grants a copyright license.
EDIT: Apparently the .NET Foundation has an additional copyright assignment track. Their documentation is inconsistent and not up-to-date. This is deeply unfortunate and certain to cause grief.
> 5. Licenses.
> a. Copyright License. You grant .NET Foundation, and those who receive the Submission directly or indirectly from .NET Foundation, a perpetual, worldwide, non-exclusive, royalty-free, irrevocable license in the Submission to reproduce, prepare derivative works of, publicly display, publicly perform, and distribute the Submission and such derivative works, and to sublicense any or all of the foregoing rights to third parties.
What appears to be at issue is administrative control over the Github project / organization.
Foundation seems of the opinion that assignment did occur, but individual projects differ on whether they think they have assigned copyright or not. There are legitimate reasons for copyright assignment but all contributors need to have the same understanding of whether a copyright assignment applies or not. If projects have not had individual contributors agreeing to a copyright assignment up to now, then it's not possible for a project to assign copyright to the .NET foundation without the consent of every contributor. Which is likely a tricky proposition...
This is the non apology. It's not apologizing for the nature of the relationship that was created, it's apologizing for people being surprised by the nature of the relationship. There's an implication in the statement that the maintainers failed to understand their agreements and that's the real root of the problem.
In terms of the "fix", it's not clear whether the fix is to renegotiate the agreements, or just to make it more clear what the agreements meant (in which case, the harm is not really being addressed).
She also doesn't say why she thought this change was needed, or why on earth she would even think to do such a thing without talking with the maintainers.
These reads as a weak, non-apology to me - makes me wonder if the text was really written by her, or by legal.
For context, I've been working in Microsoft shops and with dotnet for 2 decades, and I'm pretty much a dotnet fanboi - the actions here have burned a tonne of goodwill, both with dotnet developers and those others who are/were tempted by it. I'm not angry, I'm disappointed :(
Edit: on 2nd thought it seems she is also claiming she should be able to make this change unilaterally as Director and the problem is that people don't understand that. Which kind of makes this a non apology for saying sorry while also saying the problem is people's misunderstanding. Which also makes the part about doing the change as a maintainer a lie if that's the argument (she clearly said that in the PR too)
That part could have been explained better, I think. It suggests it would have been a non-issue if not for being an Executive Director, it's just concerned with 'how it looks'. In that sense I can see why people would treat it as a non-apology.
> I created a PR in ReactiveUI’s Splat project and merged it with my ReactiveUI maintainer permission. I shouldn't have merged this PR without explicit sign-off from the other maintainers, because it's disrespectful and rude not to follow the project’s process.
This is an improvement, as it addresses the actual problem in the PR in question. It would have been good to start with this.
> Also, as the executive director for the .NET Foundation I should have been able to manage the conversation and the disagreement with the other maintainers a lot better.
But then it misses the mark again, here, as I don't believe it's an accurate reflection of the issue in the PR.
---
I'm not involved in any of this so I don't know if the general response to this is overly harsh or not, particularly with calls like "resign and find a new ED in 24 hours". I don't rate it as a particularly amazing apology, but I also don't think it's intentionally a non-apology. If anything, it's a mismatch of perspective: the author sees a misuse of Executive Director Power and thinks that to be the problem, but the other people involved see a maintainer ignoring their Code of Conduct.
Of course, the other issue is that it conflates the incident with the pull request with a whole bunch of organizational politics, which does feel like a bit of a sucker punch. Perhaps they should have been discussed separately, e.g. with an apology on the PR relating to what happened there, and then... all that other stuff.
Which is why those people in your hypothetical rightfully see CoCs as poison-pills meant to silently transfer ownership from themselves as owners/founders/copyright holders to corporate "contributors."
To which the obvious response is "if you want to own my assets, buy them, stop tip-toeing around contracts and trying to get them on the cheap."
The .NET Foundation needs a revitalization and maybe a split into a ".NET Foundation" and a ".NET Community Foundation" to separate the .NET and the .NET community. The F# community is much better in this separation of community and Microsoft.
But how can you move repositories, without giving a notice? Baffling honestly.
> It is also clear that the .NET Foundation project governance model is not well understood. Project maintainers sign an agreement that either assigns or contributes their project to the .NET Foundation. That’s the point at which project ownership changes. We’ll post another document on that this week as well.
It's clear reading the comments on HN that the majority of people commenting have no clue what is going on.
Ignoring this, is the strangest thing I have seen in this PR ... and a clear indicator, that this is not only about this project. This was a nuclear action by the .NET Foundation.
Whilst true, what often happens is that people emotionally express disapproval. This then often includes harsh judgement not just of someones work, but of their person as well. At that point it becomes insulting. Even when not moving on to harshly judging a person, totally destroying someone's work is likely to put them on the defensive. For the purposes of keeping up conversation, it can be equivalent to being insulting.
Consider remarks like.
"This code is riddled with bugs and lacks insights form the last 10 years. Whomever wrote it must be willfully ignorant or a total moron with their head in the sand".
It reads like a statement made from emotion, it technically only includes "making a point" but it goes so far as too become insulting. Even if you drop the second sentence it can still be insulting.
From the FSF[1]:
> Under US copyright law, which is the law under which most free software programs have historically been first published, there are very substantial procedural advantages to registration of copyright. And despite the broad right of distribution conveyed by the GPL, enforcement of copyright is generally not possible for distributors: only the copyright holder or someone having assignment of the copyright can enforce the license. If there are multiple authors of a copyrighted work, successful enforcement depends on having the cooperation of all authors.
> In order to make sure that all of our copyrights can meet the recordkeeping and other requirements of registration, and in order to be able to enforce the GPL most effectively, FSF requires that each author of code incorporated in FSF projects provide a copyright assignment, and, where appropriate, a disclaimer of any work-for-hire ownership claims by the programmer's employer. That way we can be sure that all the code in FSF projects is free code, whose freedom we can most effectively protect, and therefore on which other developers can completely rely.
tl;dr: the FSF can't enforce a project's license unless they're copyright holder.
Intent also matters, and I would trust the FSF much more than I would trust a Microsoft-based foundation.
Here we are now discussing it privately on HN and GitHub as we're a bunch of busy-bodies, but I am not necessarily prepared to blame the maintainers for that.
That said, I’m also responsible for keeping the tenor of my communication constructive.
There will be mistakes (on my part, and on the part of others), as well as miscommunications, but they can be kept to a minimum, and addressed on a case-by-case basis.
I’m a big believer in sincere, appropriate, apologies. They have been enormously effective, in my own career.
I won’t apologize for breathing your oxygen, but I also won’t avoid taking responsibility and accountability for what’s mine.
When we weasel out of responsibility, we also surrender agency and power. If it’s our fault, it is also our bailiwick. An apology may seem like a weakness, but it can actually be the opposite.
And I mean, it's their repo, if they want to restrict an issue/pr to contributors only and do so with a sarcastic message or some other rhetoric way, it's their full right to do so..
> What you do not see is any deleted messages that already happened before that comment, it can well be that a bunch of twitter/reddit/hn/... users already thought it'd be helpful to invade and post some probably not so well-thought-out nor useful stuff.
And so the solution is to double down and antagonize everyone else? That’s a good way to lose any moral high ground. Ban the bad actors if need be, lock the comments, but for god’s sake communicate that decision professionally.
But yes I think it's literally absolutely always wrong to tell anyone to kill themselves, no matter how evil they are. Personal abuse is always wrong.
In the scope of any realistically possible pull request discussion, yes, you're undoubtedly right.
> It is also clear that the .NET Foundation project governance model is not well understood. Project maintainers sign an agreement that either assigns or contributes their project to the .NET Foundation. That’s the point at which project ownership changes. We’ll post another document on that this week as well.
This apology claims project ownership was assigned and the parent poster claims that the actions taken are required for supporting the projects.
Clearly from the comments in other linked threads the project owners dispute this but the CLAs shared by the contributors differ from the sample one you have linked.
That wording (from the post) is unfortunate because it is misleading, but that doesn't mean we should continue to spread the misinterpretation. Please stop conflating "project ownership" with "copyright assignment".
> the CLAs shared by the contributors differ from the sample one you have linked.
I got that PDF by going to https://cla.dotnetfoundation.org/ and then clicking through the link to the CLA.
In response to your challenge, I subsequently went through the first step of the project contribution process at https://dotnetfoundation.org/projects/submit and (after signing into Github) wound up at a page which includes the following:
> *Contribution Model.* Under the .NET Foundation contribution model, a project retains ownership of the copyright, but grants .NET Foundation a broad license to the project’s code and other intellectual property. The project also confirms that the project’s submissions to .NET Foundation are its own original work (there are also instructions for any third party materials that might be included).
EDIT: I'm incorrect. There is apparently an additional copyright assignment track. https://dotnetfoundation.org/projects/submit#project-applica... The DNF's documentation is inconsistent and not up-to-date.
What else is there to own in an open source project? The trademarks? How many of these projects even have trademarks?
> I got that PDF by going to https://cla.dotnetfoundation.org/ and then clicking through the link to the CLA.
This is the document that the .NET foundation requires new contributors to projects owned by the .NET foundation to sign. Ok. But it's not the document that the owners of these projects signed as part of opening relations with the foundation, at least by the project owners claims and provided screenshot. The .NET foundation could plaster this document on their home page, but it doesn't change that the project authors are providing a different document that they claim is the one they signed.
The document that the project authors claim to have signed includes this modified intro:
> Project means the projects owned or managed by Contributor and listed below that is assigned to the .NET foundation hereunder.
If this is assigning copyright to the .NET foundation, is it bad faith to not make that clearer? Yes. Is it a reason not to do business with the .NET foundation? Yes. Does the fact that the later sections of the document discuss copyright licenses make their claim less credible? Yes. But I'm not a lawyer, so I'm not going to pass judgement on if it does what the .NET foundation claims, merely discuss the point that the foundation now claims it does so, and other posters have claimed that kind of assignment is needed for a foundation to operate.
Please stop attacking me for trying to discuss the situation without using your preferred description exactly. I'm trying to present both sides claims in a discussion that it is not required for the .NET to do what they claim based on the examples of other foundations which have managed without such a step.
For example, I am a maintainer of https://github.com/pythonnet/. If you follow that link, you will see "Part of .NET Foundation" which is a GitHub Enterprise Organization.
AFAIU, They could do that because when joining projects needed to add dnfadmin@github bot, that was supposed to perform some utility tasks such as enforcing CLAs.
I didn't understand the drama above the comments entirely, though.
Legally, copyright notices can only be changed by the copyright holder or their authorized agent. If someone from the DNF were to make an unauthorized, illegal change, it would be very surprising.
For distributed software development processes, the only thing that works are hard boundaries. No hard boundary -> implicitly tolerated.
For instance, "the vast majority of behaviour" includes every line of code in a repo. The only viable way of preventing undesirable behaviour of a software system is to enforce passing tests before merging. A mandatory technological safety net baked into the developer's workflow.
All of these boundaries are to prevent human error propagating to production. Merging changes without review shouldn't be possible.
Not really. Just like shoplifting isn't a motivator for putting everything behind the counter in a store. The cure could be worse than the disease.
> For distributed software development processes, the only thing that works are hard boundaries.
Definitely not true. Opensource has existed for a really long time without a two-key system. Many projects (besides this one) still have big sets of people with commit bits. I'd go so far as to say that almost all projects with a core team size greater than one has some amount of this, with very very few exceptions.
Not everyone needs protections as if they are covered by Sarbanes-Oxley (SOX).
And these projects work just fine.
In fact, it's not even desirable in most cases. You have to take development velocity into account, too. "It must never be possible to unilaterally commit to the main repo" is not the value the project brings to the world. It's a means to deliver the actual value. And it's not the only one. So there are always tradeoffs.
Having worked under mandated requirements (legal and contractual) such as this, I can tell you that it's not without big costs, costs that opensource projects would rather spend on other things. Especially since it's detectable. Preventable is usually not worth the extra costs.
> No hard boundary -> implicitly tolerated.
Of course that's not true. Not in any context. You don't go to someone's house and flip their furniture, and say that not only was the furniture not nailed down, it wasn't even part of the ToS for entering your house, and in any case the door was unlocked.
A project without a CoC is obviously not implying that you can be a nazi or sexually harass.
"What is not prevented is permitted" has never been true in the whole history of humanity, and there have always been repercussions for what you did.
I've been a sysadmin with root access. That doesn't in any way make it implicitly tolerated that I read people's emails and home directories.
> Merging changes without review shouldn't be possible.
Ideally yes. But it's more convenience than security. E.g. your example about having pre-merge testing decreases the toil of maintainers having to deal with test-breaking code being merged. I.e. having to roll it back, and deal with any merge conflicts during rollbacks.
But by your logic of "no hard boundary -> implicitly tolerated" this means I could change the code to detect if it's running in a test, and do something else. There's no hard boundary, but will obviously not be tolerated.
Beyond the obvious sanity checks, they exist for establishing collective consent, and knowledge sharing - these are responsibilities that increase with seniority, not decrease.
Junior people should never be permitted to sidestep the process, and senior people must be leaders and set an example.
But it's a big world, so do your thing.
It takes no effort to enforce reviews for pull requests. So why not just do it? If that’s the desired behavior, why not just enforce it as the desired behavior?
Relying on people to remember rules or adhere to some informal policy isn’t scalable, and complicates onboarding for new maintainers who may not be aware of the repo’s “culture”.
We are tech people, do things technically.
Is that the case here?
She was asked twice to follow the formal procedure. She basically replied "fuck off".
> It takes no effort to enforce reviews for pull requests. So why not just do it?
Fair enough. Devil's advocate here: If they had then they wouldn't have found out that they can't trust this person to act in the project's best interests.
But yeah. Seems reasonable to me to just flip the bit, if indeed for them it's that simple. But there will NEVER be that easy a fix for all issues.
Edit: It seems it may be more complicated than this. Other commenters have said that this project was moved into a Github enterprise account, which granted this person god-like powers. If so, then at the very least this means that she exploited a temporary security vulnerability, where she found herself with god like access she was not supposed to have according to the project maintainers and policy.
It's also not scalable to "just never have a security gap", which is also one of the many many arguments against cryptocurrencies. "Prevent-only" just does not scale.
> We are tech people, do things technically.
Hmm... I'm trying to not say "I used to think that, but then I grew up", because I don't intend it as an insult.
Running a project, and more true the larger it is, is not as much technical work. There will always exist the technical possibility to do the wrong thing (except in a supermax prison).
And even when possible, most technical means are just not worth it. We can't all develop software like the space industry[1]. It's just not worth it. Especially when the problems are of the kind that can be undone, like this one was (rollback PR).
But there will always be a way for one of these two to go around the process, if they really want to. Otherwise you have to plan for what happens if anybody becomes unavailable.
But it's clearly not "the only thing that works". E.g. AFAIK OpenBSD still just gives core team the commit bit, and don't work on a "prevent" basis for enforcement.
And if not OpenBSD anymore, then this has at least been the default model of CVS for over 30 years. It clearly does, in fact, work just fine.
Now, enforced code review is better.
So I agree with all you said in this comment. But it's not as simple as what you said before.
But short of SOX-compliant stuff and very strict environments, there will always be people with "god" powers. As I understand it the PR author here could have turned off code review, merged, and turned it back on. And with the attitude she showed in the comment saying "yeah thanks this is my project so I do what I want", clearly "doing the right thing" was not on the radar. It didn't serve to remind her, because she knew. She acted as if "above the law" deliberately.
So in almost all cases yes. In this case no.
Control over the code repository, maintainership, and the ability to push to master/main.
Copyright assignment is extremely cumbersome and difficult. To achieve it, all copyright owners must be willing to give up their own copyright, which many organizations and many individuals are not willing (or even able) to do.
From my standpoint, it is unthinkable that the .NET Foundation would say that their contribution model is to license, and then slip copyright assignment language into an agreement on the sly. There would be hell to pay if that were the case. The contribution models, how you run the organization, etc., they're quite different.
EDIT: Mea culpa. I have found additional documentation that conflicts and reveals that there is now an an additional copyright-assignment track. See my soon-to-appear reply.
> > Project means the projects owned or managed by Contributor and listed below that is assigned to the .NET foundation hereunder.
> If this is assigning copyright to the .NET foundation, is it bad faith to not make that clearer?
That clause doesn't assign copyright. While IANAL, from my perspective copyright assignment language would be much more specific than that.
EDIT: There may be additional language later.
> the project authors are providing a different document
Yes, that's true unfortunately. I wish that the project author had provided the whole thing because that would make our discussion easier. I can't get at the actual current document because it's sent via Docusign, and I'd need to actually submit a project to the DNF to get at it.
I tried, though, because clearing this misunderstanding is important.
> What else is there to own in an open source project?
In terms of intellectual property: copyright, trademarks, and patents.
But then there is also administrative control over project resources: domains, Github organizations, possibly physical resources such as servers or test hardware, accounts at various places, upload permissions for distribution channels, occasionally bank accounts, etc.
And specifically, this conflict is about administrative control over project resources and permissions on Github.
> The trademarks? How many of these projects even have trademarks?
Well, technically few have registered trademarks, but in general you get a trademark by using it in commerce. So all of them have at least a claim on a trademark, although it may not be enforceable if there's a conflicting registered mark or if the project name is too generic.
On https://dotnetfoundation.org/projects/submit I found the following:
> Assignment and Contribution Models. The .NET Foundation uses either an assignment model or a contribution model for on-boarding new projects. Under the assignment model, a project transfers ownership of the copyright to the .NET Foundation. Under the contribution model, a project retains ownership of the copyright, but grants the .NET Foundation a broad license to the project’s code and other intellectual property. The project also confirms that the project’s submissions to .NET Foundation are its own original work (there are also instructions for any third party materials that might be included).
I regret my error.
Since I can't read people's mind, a good trick that I learned is to derive intent from actions. Removing a merged PR is easy, especially when you can force merge one in the first place. Yet she didn't do it, but wrote a lot of text that is apparently an apology. If it's an apology, why is there no show of regret by retracting her PR? Maybe because it's not actually an apology.
Edit: the PR was removed by the current maintainer.
And assuming bad intentions is a good way to live a miserable unhappy life.
Perhaps because nobody has asked her to do so. Despite the contribution process not being followed, the results are seemingly desirable; and so nobody seems to want to worsen the codebase by reverting the change, even temporarily.
Process is great when it improves quality, but process followed just to follow process—when it won't result in a change in quality—is just pageantry. Engineers are generally too practical (and impatient!) to participate in pageantry, even as an act of public humiliation for someone they're annoyed with.
The repo has other maintainers; any of them could have reverted the merge and demanded the PR process be followed, if they thought it was a good idea to do that. What intent do you derive from their inaction?
The PR is here, it was explicitly rejected (with two comments) and closed before she merged it
It looks like the actual maintainer reverted it?
Either way, I think the idea of "the banality of evil" is more useful here than Hanlon's Razor. Claire Novotny may well have simply not thought about her actions. Is she still responsible for them? Should we care that she meant well if she continued her bad behaviour after it was pointed out to her?
And what if somebody makes a habit of not thinking about their actions despite having it pointed out to them repeatedly that their actions cause harm to others? (It sure seems to be an effective way to climb the ladder.) Can they still hide behind the defense of "meaning well"? By analogy, what if somebody makes a habit of getting behind the wheel while intoxicated. If they hit a pedestrian, how much do you care that the drunk driver meant well?
But to address your analogy, I simply do not have enough information to tell whether Ms. Novotny is a bad actor or not. In the absence of such information, I can only assess a situation based on my prior life experiences.
In the vast majority of cases, the logic behind Hanlon's Razor held. Many times I assumed malicious intent and was proved wrong. As I've gotten older, I've assumed malicious intent less frequently.
I think "people that don't assume enough malicious intent" are a real thing, so I think Hanlon's razor is not an universally good recommandation.
When someone cuts you off in traffic, for example, they probably did not see you or are late for an important event or their wife is in the emergency room having a baby. It probably was not personal or malicious.
FWIW, this would never happen at the ASF. The 800 or so Members of the ASF (who elect the Board) are drawn from the projects, so the kind of people who are upset at the DNF would be in a position to take action at the ASF (by electing a different board).