You Should Know
YSK - for all the things that can make your life easier!
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules (interactive)
Rule 1- All posts must begin with YSK.
All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.
Rule 2- Your post body text must include the reason "Why" YSK:
**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding non-YSK posts.
Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.
Rule 7- You can't harass or disturb other members.
If you harass or discriminate against any individual member, you will be removed.
If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.
For further explanation, clarification and feedback about this rule, you may follow this link.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- The majority of bots aren't allowed to participate here.
Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.
Rule 11- Posts must actually be true: Disiniformation, trolling, and being misleading will not be tolerated. Repeated or egregious attempts will earn you a ban. This also applies to filing reports: If you continually file false reports YOU WILL BE BANNED! We can see who reports what, and shenanigans will not be tolerated.
If you file a report, include what specific rule is being violated and how.
Partnered Communities:
You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.
Community Moderation
For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.
Credits
Our icon(masterpiece) was made by @clen15!
view the rest of the comments
Yeah, don't they realize they could have just spent that time productively by making a pull request, instead?
Honestly, you found the fault. I agree that you should put the request in.
I mean probably I should. There are a bunch of people accusing me of being dick headed and petty and they're not completely wrong. Honestly, I just don't feel like helping the Lemmy devs. Dessalines, at least, is totally unapologetic about being a dickhead to people he has power over. That puts me in a mindset where, mostly, I want to talk to other people about potential harm he's in a position to do, and not really in a mindset where I want to do even a small amount of extra work on his behalf.
I'm going to tell other people that he's in a position to take their passwords. If he wants to see that and put himself not in that position anymore? Great, I think he should. If he gets his feelings hurt because I'm not being super friendly about it? Well.. okay. I'm not trying to be malicious about it or do anything other than clearly communicate the problem. But it seems like the lemmy.ml "in charge" crew in general has a lot of a mentality that's kind of like, "Well, I'm in charge, and you're not, so fuck what you think and fuck your rights. Ban." (or whatever). The way I operate is that really makes me not want to be extra friendly or courteous to people. I used to have a regular donation to Lemmy development set up, I used to take it seriously the idea of getting involved in contributing to the code, and then I observed how they operate, and ... like I say I'm mostly talking to the other people involved who I think should be aware of this. If the devs want to react, fix it, or get involved in the conversation, then sure, sounds good.
The fix is in the comments below, if someone else wants to contribute it and do the very small amount of work of getting it in.
It sounds like a pull request would have been much more helpful, with much less effort. But you want it fixed less than you want it publicized, so you chose this option (even though you could have done both).
In other words, you cared less about the people impacted by this problem, and more about your own opportunity to put the author(s) on blast like this.
And you care about that opportunity so much, that it's even worth it to show this dark side of yourself publicly.
Am I understanding that right?
Or OP is spreading the word to get it out there. Now it's got eyes on it thanks to OPs work.
Jesus. Some of you people just want to shit on someone for doing a good thing for no reason. Have you put in a pull request yet or are you just showing your dark side on top of being a dick to OP who did something good?
One of the .ml users down below volunteered to put in the PR later tonight if no one else has, so it sounds like both bases are covered now.
They could have done both.
If it's not fixed by Monday, I will consider starting the approval process from the legal department that requires it from me.
I wish I had the freedom to just open a PR anywhere anytime, but I don't.
Let's not get carried away. Shared software systems are about more than the software. If you're looking only at the software, and that was literally 100% of what is important here and nothing else, then yes, you're right.
100%. Yes. Correct. I also want it fixed, but that's completely trivial, with or without the pull request.
I think there you hit the nail on the head! Just the fact that it is in there, whether intentionally or not is something that warrants warning people about. So that in the case someone goes to set up a server, they at least know that recently there was this rather severe risk of unnecessary credential exposure, again no matter if it was intentional or not.
However, I will say that I think I would have also opened the PR, not to help the original dev necessarily, but helping those that might come to use the software later.
...
Right...
Regardless of all that drama, you could have spent five minutes at anytime in the last two hours writing significantly less than you have, and putting the the request in.
You could have been done doing it in-between replies. Just saying.
You could do it to. Be the change you want to see, or be a dick. Your choice I guess.