Slashdot Mirror
The CVS Cop-Out
NewsForge (also owned by VA) has a short piece attempting to call into focus one of the major complaints of end users, the "CVS cop-out". From the article: "One of my biggest pet peeves with open source software is what I call the CVS cop-out. It works like this: I criticize (accurately) some shortcoming of an open source application either in an article or in conversation, and someone responds with, 'That's not true! That feature was fixed in CVS four weeks ago!' [...] I bring up the CVS cop-out not because I have an answer for it, but to air it out. Sometimes, giving a problem a name helps to foster discussion that leads to resolution."
...was fixed 4 weeks ago! Didn't you get the memo?
Your check is in the mail too.
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
"It's already fixed in subversion..."
Is it hard to write one of these?
"Hi [nane of guy on mailing list whose criticism makes him sound like an asshole],
Thanks for your comments about functionality XX. The development team is aware of this problem, and we committed a preliminary patch for the bug to our source-control system about a month ago. We're still working to make sure that this feature fits in with the rest of the system without any trouble, but if all goes will, you should see XX improved in our next point release.
We really appreciate user feedback -- thanks a lot for talking to the YY team!
Best,
me"
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
This isn't unique to open source. How many times has Microsoft told us to upgrade because of the enhanced security in the latest version of Windows?
This is my sig. There are many like it, but this one is mine.
do you really want a new version put out for each bugfix. maybe a few versions a day.
then you would be complaining about how many versions there are instead.
So its a problem, when you are talking to the developers, for them to say that it is already fixed and where you can get the fix? If this is a business concern, you should take it up with the people you are paying for support (if they exist).
"Wanting to be a parent and handhold hundreds of strangers" isn't on the list of pre-requirements for someone to be an open source developer. There quite frankly isn't physically enough *time* for that sort of thing.
Do you want hastily written software or do you want software that works?
Any non-trivial software complication is extremely complex. Fixing bugs can create new bugs. Fixing those bugs can introduce even newer bugs, ad infinitum.
By placing code in CVS, it gives the developers a way to measure their progress but also allow users to test the code.
Want bugs fixed faster? Quit bitching and start testing.
Is this really a problem? Nathan would lend more weight to his argument and coined term "CVS Copout" had he given at least one concrete example. First, Nathan explains this "copout" isn't really a problem for big and well-supported applications and projects like Firefox (duh).
So, he cites:
So his "example" of this problem is by his own admission, made up. It would be nice to hear of a real life example when airing grievances to an international audience.
Finally, Nathan proposes it better to make available for alpha and beta testing the development branches of CVS projects. I thought in many cases that was already true. Regardless, that idea would provide relief to a tiny fraction of the population, still there isn't anything (IMO) wrong with the idea.
As for his made up example, he submits that if perhaps there were a bug that stopped Rhythmbox from playing mp4 files it could be four to 6 months before the pipeline provided relief. I doubt it. For mainstream and widely adopted and popular formats I see fixes turn around in a couple days... e.g., when gaim suddenly lost contact with Yahoo chat protocols, a new release was available the NEXT DAY.
Giving a problem a name and identifying it is the first step to solving it. Is this one?
(Speaking on behalf of open source developers everywhere)
You're right, next time we'll respond with "Screw you, if it's really that important -- fix it yourself and provide binaries to everybody on the Internet"
First they want free software.
Then they want good software.
Now they want good, free, software - instantly.
F*cking users.
And I thought this thread was about a drug store chain getting rid of their security officers......
It's a way of saying that there is no need to bring a problem in front of the developers. The bug is fixed, so it doesn't need their attention anymore. Every software has release cycle problems: Users would love to get a fix for a problem right away, if they think it's an important problem. On the other hand users want to update as seldom as possible, because updates are time consuming, even the ones which you don't install. The balance is hard to keep, and with Open Source it's a little harder because users get to see what is already fixed but not yet released. Hence the relatively large number of users who regularly use beta software. "It's in the CVS" just means "if it's important to you, you can get it, but we're not going to force this update on everyone because we don't think it's that important."
It's only a cop-out if the developer/development team leaves it at "fixed in source". Given the parent's approach, it isn't a cop out, since the full scope of the solution (fixing in source and releasing, eventually) is presented.
It's normal for software users to be impatient with the time it takes to produce quality stuff. In the closed-source world, that impatience often turns to frustration as the user's requirements are ignored, or copped-out on, by the vendor, whose internal process is completely opaque. With open source, there is at least the ability to check whether the "fixed in CVS" statement is actually true. And if you really, really can't live without the fix, you, or someone you hire, can take that source patch and apply it to a local copy. You lose external support that way, but at least you can solve your immediate problem.
"Even if you are on the right track, you'll get run over if you just sit there" - Will Rogers
Users are the lifeblood of an open source project, and bug reports are the white blood cells. Even when there are dupes, they're a good thing.
Users are *not* necessarily the life blood of an Open Source project. Most of these projects are developed to scratch an itch of the person who wrote the software. Users typically are the people who came along for the ride thanks to the developer's good will.
When somebody doesn't like an article this guy writes, are all the duplicate e-mails bitching about it a 'good thing', or do they just drastically reduce the usability of his e-mail account while giving him more work to do when he could have been writing?
You think the 'CVS cop-out' is bad? It's the incessant demands of users that are the reason I don't even put my name on code I release as Open Source anymore. I'll fix the bug or add the feature when the lack of fix/addition is getting in my way. Until then, the code is open; add the change if you care that much about it. And if nobody uses it because I'm not bending over backwards for them, well, I could care less because I'm not out to win a popularity contest. What more do you want from a guy beyond a BSD license anyway?
The problem isn't the 'CVS cop-out', it's the 'Take Over the World Myth'. Users of Open software are under some crazy impression that most of it is written in order to take over as much market share as possible. People who write about open source are using a different definition of 'win' than people who write most open source software.
The duo of "use the CVS" and "we don't support CVS" says "I twiddle with this code but I don't care to have anyone using it"--which is fine, but be honest about that. Or appoint someone to handle stable releases.
The most annoying is:
"That problem is fixed if you install Bob Smith's modified version of libsomething, that breaks several other applications and is only available from his slow, unreliable, often-unavailable personal website, then recompile our application using the three misformatted patches some yahoo posted to our mailing list across seven months back in the spring and summer of 2003. No, we don't have links to the posts, don't you know how to use the archive search?"
And of course, they have no plans to integrate any of these changes into their codebase: why should they, when the solution is so easy?
This space intentionally left blank.
Now, yes, they do have regular CVS snapshots I could try (which they actually warn against using!), but the most frustrating thing is that the last stable release - containing this crashing bug they've known about (and already fixed!) for potentially years - was in September 2003, which is *far* too long to go without rolling in CVS fixes and producing a new stable release.
If developers don't regularly release new stable versions (at least every 6-12 months), then it's discouraging to end-users to even bother reporting fixes - it gives the impression that the project is dead and you won't see a new version for years, if ever.
... make sure your budget makes it on the screen. Any effect/costume/acting/writing that isn't reflected on the screen doesn't exist in any way that matters. Similarly, and my own project was as guilty of this as anyone, anything which doesn't eventually make it into a release might as well not exist. We had some awesome functionality which just never managed to make it into the main branch, and our users would post feature requests saying "We want X! Give us X!", and we'd say "Hmm, well, we hope to get around to integrating it in the next release but in the meantime you can do the following hacking on your system to get this working" and the users would say, quite rightly, "Thats fricking voodoo, get back to work". Here's some other things OSS as a class could stand to do better (exceptions, of course, exist):
1) Install programs which are as easy to operate as the standard Windows ones. i.e. "click next until it terminates" should get you a usable program deployed in our best guess of a most useful default configuration.
2) Documentation. Any documentation, at all.
3) Documentation which isn't four releases out of date.
4) Documentation which is actually written in the end language of the user (oh that has caused some hilarity at the office, let me tell you).
5) Documentation which matches the program as released (ever been told to click the fourth option in the rightmost pane on a setup menu which just doesn't exist?)
6) More regular releases. Lots of the business world, in particular, could use a nice solid schedule to plan around, but it would be nice to tell home users "While your current version will work, if you come back every 6 weeks you'll get new goodies".
7) Simplification of the bewildering array of options for downloading packages into something end-users can wrap their heads around. Has anyone done usability testing with non-technical people to see if they understand the whole "stable/dev/nightly" thing that a lot of OSS projects use? Seems to me that could probably be simplified as "Recommended" vs "Everything else".
Help poke pirates in the eyepatch, arr.
switching to the Subversion cop-out... its more efficient and that way you could cop-out even further ..
"well I fixed that bug but it was in an atomic commit with all the other pointless bugs you have discovered and in the middle of it the power went out and I don't want to resubmit until I'm sure its safe"
The writer's probably familiar with the same thing in hardcopy publishing: a magazine prints an inaccuracy, realizes it after publication but before the magazine hits the stands, and puts a correction in for the next issue. Once the magazine hits the stands everyone in the world starts writing in about the error, and the only thing the magazine can say is "We know, we've already written the correction and it'll be in the next issue.". Their statement isn't a cop-out, it's a simple fact.
Same with the "It's been fixed in CVS.". The developers know about the bug, they know how to fix it, they have fixed it, and there's not a thing they can do further until the next release version with the fix in it goes out. Often the fix is intertwined with other changes so it's not a simple matter of applying a small patch and releasing a bugfix version, and there's always testing to make sure the fix doesn't break anything else (and fixing the breakage if it does). Plus, if they do decide to go back, remember that they're already well along the way to the next release. Coding's been done, all that work has to be interrupted, put aside, then picked up once the bugfix is out. That can cost more time than actually fixing the bug did. I deal with this all the time at work, where a bug that takes me a couple of hours to diagnose, fix and test can, when it pops up in production near the mid-point of development for the next version, cost me half a week or more of development time. Needless to say I try to avoid that kind of costly backtracking unless the bug's a true world-shaker that absolutely can't be lived with.
The "It's been fixed in CVS." can be translated roughly as "Yes, we know about it. We've fixed it. Every bit of time you make us take repeating this is time we can't work on getting the fix into your hands.".
Sure, after the redundant bug reports, redundant feature requests and user-support requests, I sure do feel like spending some extra time on digging up the exact revision a bug got fixed and perhaps even write a nice lengthy mail with a patch attached.
/.)
Or perhaps not, it's time i could spend better. (Like posting on
- These characters were randomly selected.
But... Linux is not Windows. Seriously.
With Windows, you get fixes/upgrades when the binaries are released. With Linux, you can wait for the binaries, or, if you are comfortable with compiling, you can get fixes/upgrades slightly sooner. It's a feature, not a bug.
If you are prepared to spend some time and have some time practicing compiling from CVS (and it's not all that hard to do) then bonus! You get fixes a little early. If not, wait for the binaries, and the really cool thing? Double bonus! You still get the fixes earlier, because open source delivers fixes faster than closed source!
~~~~~ BigLig2? You mean there's another one of me?
We need to retrieve code patches that were posted to CVS three months ago. This is not a joke. We can patch the code after we get back. You must bring your own computer. Functionality not guaranteed. I have only done this once before..
I'm running Dapper on test machines at work right now so that I can help find bugs. When it is released as "production", I will know that the bugs that are important to me are fixed.You would not believe how hilarious that is.
Try this approach: "I will pay you $200 (US) to backport that one patch for me."
Then see what kind of response you get. Personally, I've always found that offering to pay someone to do work that I require works unbelievably well.Again, as the end user, you really have two options in that case:
#1. Grab their code and start testing so it gets to "production" faster.
#2. Pay one of their developers to backport the patch to the last "production" version.
This is where Open Source really rocks. You (the end user) can really HELP the developers produce the code you want to use.
Users are the lifeblood of an open source project
Let's see, how can I put this nicely? Oh, yes, I know:
Bullshit!
Lifeblood is that essential element which nourishes and sustains all parts of an organism. Users do not do that for open source projects. Having been involved in a few projects myself, I can tell you what the *real* lifeblood of a project is: developer interest. As long as there is a community (which may be a single person) of developers interested in a project, and willing to donate their time and energy to it, the project grows and develops. As soon as that interest disappears, the project stops. Period.
User's aren't completely irrelevant, of course. The fact that users exist provides some (weak) incentive for developers to keep going and their feature requests and bug reports can provide a nice stream of ideas that catch the developers' interest. And a large userbase provides a large supply of potential developers who may cross the line from just using to lending a hand. OTOH, a large userbase also provides a large supply of potential obnoxious whiners who tend to piss off the developers to the point they find something different to do, so it's not all positive.
Pure users are by far the least important part of the community, from the perspective of moving the project forward, because -- gosh this is complex, difficult stuff to understand -- they *don't* move the project forward!
I know users are often annoyed by the realization that they're powerless unless they choose to invest their own time, effort and brain cells. That's understandable, really, no one *enjoys* being an irrelevant leech (no matter how kindly viewed), and we're accustomed to the commercial world where by giving money in exchange for stuff we put ourselves in a position of (some) control.
That's not how it works with F/LOSS, though. Pure users are utterly powerless and have no real standing in the community, because they have contributed nothing. Those who regularly contribute good, detailed, reproducible bug reports are adding value, and they have some standing and generally get good support from the developers. Those who offer to pay the developers money generally get outstanding support, though that doesn't happen very often. Those who put in lots of their own time to improve the software also get lots of support.
But those who give nothing, but only whine about their pet issue, generally also *get* nothing. I understand they don't like that, but, really, what else can they possibly expect?
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
I see this all the time:
"Get an account on our obscure bug database, wade through numerous options which do not relate to the program but which you are required to fill out..."
No, I do not want yet another account. Debian gets this right: anybody can report a bug via email. (though the system needs to be upgraded to not require custom email headers for certain obscure features; many modern clients like Evolution/Thunderbird/GMail won't do that)
Usually the search interface is broken too, without full body-text searching and synonym/*ed/*ing/*est handling. GNOME Bugzilla is particularly bad.
Then of course you get marked WONTFIX and NOTABUG without even a chance to discuss the problem. Again, Debian seems to do a superior job. Bugzillas are usually not worth bothering with.
Seriously, if you aren't happy for the support you're getting, I'm sure there are a lot of people who would be willing to help you with whatever problem you're having, for a fee. Heck, go to a meeting of your local LUG, or any other advocacy group, and you might even get help without paying anything!
You are not entitled to be catered to. Grow up.
http://outcampaign.org/
This is not uncommon. I know of a Apache project that has had books written about it, which hasn't had a release since 2003. It is still very much in active use, and there has been a major bug in it since 2003 and a fix for about as long in CVS, but no release. Fair enough if one of the dev team doesn't feel like doing something, but for active projects with several develoeprs on a major project, its important to release.
It seems to me that there are two differing views of OSS. When a developer says "they fix bugs and add requested features because they want their software to be useful" a user agrees, then complains when bugs aren't fixed or features added, and then in turn the developers complain about the complaints--because open source developers and users aren't even talking the same language.
When developers say "I want the software to be useful" what they are really saying is "I want this to be useful to me." It's not a "screw-the-user" attitude (although sometimes it comes across that way) because a large number of the developers working on OSS projects just don't care about anyone else's problems. I don't mean that in a bad way--they aren't obligated to care, because they're (mostly) doing the work for themselves.
Unfortunately, this isn't always made clear to users. Sometime projects are talked-up by developers on the basis of what they do and users think "Hey, that's cool, I'd like to try it out" without hearing (or thinking about) the fact that what they are really doing is using something that wasn't designed for them to use. Linux is like this (or used to be) where developers were saying "This OS is great. The software for it rocks" and then end users tried it out and started complaining "Hey, it won't play my MP3s" or "Hey, I don't want to edit image files from the command line." In some cases, these features (MP3s and image editing) were implemented by other developers who cared. But it doesn't seem to me that there are many developers who really care about "users" in the sense of "Joe sixpack"
That's not wrong. It just leads to misunderstandings, because developers are thinking "I like how this works and any end users are other developers like me" and end users are thinking "This doesn't work how I expected, and the developers have the same expectations as I do"
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
The main problem I see with OSS is that the paradigm presumes that all users of OSS are also software developers. This may be true for users of glib, for instance, but is it really true for users of OpenOffice, or even KDE? The only way I see for OSS to really take off is for a break between open source software development and open source software support. Combining the two the way it's been done doesn't seem to be working all that well. They really are two orthogonal tasks, and the skill sets required really don't overlap much.
By the taping of my glasses, something geeky this way passes
I have always thought that 'security' was a retarded reason for not shipping with a compiler. Any semi-intelligent 'bad guy' will have his own box capable of compiling programs, and he will upload his compiled programs, or he could upload a compiler and C library with innocuous names, such as 'report.doc'. Even if the target system is different from the bad guy's system (ex: the bad guy only has x86 boxes and the target is running Debian PPC), the bad guy could still compile his programs using a cross-compiler.
Although I usually disagree with sacrificing security for convenience, I think it is OK in this instance.
---- "XML is like violence. If it doesn't fix the problem, you aren't using enough."