Somebody who was previously active on the kbin codeberg repo has left that to make a fork of kbin called mbin.

repo: https://github.com/MbinOrg/mbin

In the readme it says:

Important: Mbin is focused on what the community wants, pull requests can be merged by any repo member. Discussions take place on Matrix then consensus has to be reached by the community. If approved by the community, no additional reviews are required on the PR. It’s built entirely on trust.

As a person who hangs around in repos but isn’t a developer that sounds totally insane. Couldn’t someone easily slip malicious, or just bad, code in? Like you could just describe one cool feature but make a PR of something totally different. Obviously that could happen to any project at any time but my understanding of “code review” is to at least have some due diligence.

I don’t think I would want to use any kind of software with a dev structure like this. Is it a normal way of doing stuff?

Is there something I’m missing that explains how this is not wildly irresponsible?

As for “consensus” every generation must read the classic The Tyranny of Stuctureless. Written about the feminist movement but its wisdom applies to all movements with libertarian (in the positive sense) tendencies. Those who do not are condemned to a life of drama, not liberation.

  • TheOneCurly@lemmy.theonecurly.page
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    I agree, this is a wild reactionary shift to the issues they’ve seen with kbin. Unless the community “consensus” includes people actually reviewing and testing this is just going to put the repo admins in a tough situation when they have to merge in some broken commit the community voted on.

  • voidavoid@lemmy.ca
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    If it’s any consolation, you likely won’t have to worry about using it, as its liable to be unusable.

  • cacheson@kbin.social
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    It looks like they’re still working out what they want their process to be:

    https://github.com/MbinOrg/mbin/pull/34

    Seems like your concern is addressed there:

    Pull Requests require at least one (1) other maintainer approval before the PR gets merged (built-in peer review process).

    The mbin fork happened when kbin development was looking a lot less active. In any case, it’s not necessarily bad to have a diversity of approaches. Due to their differing organizational structures, mbin will likely tend to have more features and more rapid development, but also potentially more bugs, while kbin remains more stable.

    • density@kbin.socialOP
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      I cant follow the convo to tell if this is the actual state of things or just something thst was being discussed but:

      16 Maintainers MAY merge incorrect patches from other Contributors with the goals of (a) ending fruitless discussions, (b) capturing toxic patches in the historical record, © engaging with the Contributor on improving their patch quality.

      What an idea.

      • cacheson@kbin.social
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        From the PR comments:

        Maintainers MAY merge incorrect patches from other Contributors with the goals of (a) ending fruitless discussions, (b) capturing toxic patches in the historical record, © engaging with the Contributor on improving their patch quality.

        I asked around and asked in the C4 specification matrix room.
        And the reason is actually simple. If you merge bad code, have a record of proof in git (pull requests aren’t forever it’s only a github/gitlab thing).

        So the idea is if you merge bad code you have proof in the git record that there is a bad actor. You can always revert the commit again or fix it. And the record can act as a proof in case the community want to get rid of bad actors.

    • ripcord@kbin.social
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      I’m still not getting the point of mbin. I mean, options are nice, but what’s the value it brings over kbin?

            • melroy@kbin.melroy.org
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              That is correct, we do not have an “official” instance or an “official” magazine. What follows now is MY OWN opinion, other community members might think differently.

              Mbin is aiming for a federated and decentralized social network, I think the whole point of the fediverse is that there shouldn’t be one main instance, right? Feel free to create a magazine where ever you want! Isn’t that the beauty of activitypub? Maybe the idea takes some getting used to.

            • density@kbin.socialOP
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              How do you know the future?

              If you are correct, it is very strange. Why would people who are so passionate about creating a social media platform refuse to use it?

  • TheVillageGuy@kbin.melroy.org
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    As a person who hangs around in repos but isn’t a developer that sounds totally insane.

    Why do you hang around there then? So you can write articles like this in an attempt to stir the shit? What is there to gain from that, for the fediverse?

    I’d also like to know how you hang out there then, as I can’t seem to find a person called Density hanging around? I might not be looking in the right place, of course

    • cacheson@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Hmm, that seems like not such a good look from Ernest. According to google translate:

      I know, honestly it was on purpose. I noticed that forks sync changes immediately with /kbin. I wanted to check how they deal with this much-announced community-based qualitative code review. Answer: they can’t cope. Quite an obvious bug was accepted in PR and domerged into the main branch :P It now works properly on the rifle ;)

      Hopefully everyone can play nice and work together productively.

      • density@kbin.socialOP
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        seems like you are saying ernest put thru an intentionally malicious PR to see what would happen? And what happened was exactly what is described? I mean, ya, thats what people will do.

        • ernest@kbin.social
          link
          fedilink
          arrow-up
          23
          ·
          1 year ago

          It wasn’t entirely intentional, it was actually my mistake. But I held off on pushing the hotfix for a while. It was a development branch, so these kinds of bugs were permissible - in this case, it just changed the order of related posts, nothing serious. It was quite easy to spot and fix. Slow and cautious acceptance of pull requests, something I spent a lot of time on, was the main accusation from the creators of forks. Hastily accepting them was a problem for me. I personally considered a consensus similar to that, but now I see it doesn’t make sense. Someone needs to take responsibility. Personally, I believe that forks are the best thing that could have happened to the project.

          • melroy@kbin.melroy.org
            link
            fedilink
            arrow-up
            0
            ·
            1 year ago

            It is good to really see your true nature now. I’m also think the fork is the best thing that could have happened for the community. It’s a pity that you never started a conversation, but instead you still try to do mean things like this.

            • ernest@kbin.social
              link
              fedilink
              arrow-up
              12
              ·
              1 year ago

              Oh c’mon, don’t be mad. It’s just a wrong sorting of posts, it’s in an edge case, and seriously it wasn’t intentional. I just wanted to check how such management looks in practice, how many merge accepts are needed, etc. I didn’t mean to do anything wrong that could cause harm. I even push the same code to my instance to facilitate your tests ;)

              But you’re right - that’s just my nature. I approach PR with very limited trust, whether they’re mine or from others.

              • melroy@kbin.melroy.org
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                I know your approach on PRs. Hence the main reason of the fork. The community does believe in their people and the good in mankind. Only 1 approval is required from another maintainer for now. We are using C4 way of working.

                • ernest@kbin.social
                  link
                  fedilink
                  arrow-up
                  16
                  ·
                  1 year ago

                  I assure you that I didn’t intentionally push incorrect code into the repository. These were my first lines of code in a really long time. I simply got involved in other things that I wanted to finish first, and I noticed the edge case in the meantime, but it wasn’t a priority. I saw that you were syncing and I was hoping to benefit a bit from it once you fixed it. I didn’t expect the review to happen so quickly. By the way, I was genuinely curious about how this project management method works because, you know, I’ve always avoided such an approach. Merloy, you know how much I owe you, and I appreciate what you’ve done for the project, as well as the other Mbin contributors. Our overall visions haven’t always been the same, and I think it’s great that kbin has been forked. You see for yourself how my work looks until the release - there are many things I’ll be refining over time. That’s why I’ve put a hold on all other PRs, and now I want to focus on this.

              • density@kbin.socialOP
                link
                fedilink
                arrow-up
                10
                ·
                1 year ago

                @melroy I don’t think you can really be upset about anyone putting through bad code. According to the philosophy as I understand it, bad code (intentionally so or otherwise) is a useful contribution and you are basically soliciting it. You supposedly have some way other than code review to ensure nothing harmful gets through and it has to do with the reputation of the contributor. Since you already knew @ernest and clearly have a bad opinion of him, how did it happen?

                I did not and could not review the PRs themselves. So I am just going on the information as presented here. Sounds like @ernest put through some code (either into kbin or mbin not clear on that) which he knew was not 100% highest quality but which error was not critical or devastating. And that it could easily be found and fixed. Partially he did this to learn more about this governance model. A model which has apparently been developed in direct opposition to his own. Is it approximately accurate?

                If so, sounds a bit mischievous at the worst.

                I really can’t recommend Tyranny of Structurelessness highly enough.

                • melroy@kbin.melroy.org
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  Well I don’t have a bad opinion about him (those are your assumptions), we just didn’t agree on how a community project would/can work.

                  If however he did introduce intentionally a bug in kbin, just because of Mbin that’s downright childish. The Mbin community does try to test all the incoming PRs (not just kbin sync PRs) on various instances apart from unit-tests, etc. We just do not want to depend on a single maintainer, hence a different way of working in the project.

                  He saying Mbin can’t handle the kbin changes that is just not true (Odpowiedź: nie radzą sobie), at least we try to keep in sync (eg. for API comparability for upcoming mobile clients). But I’ll leave it this, I’m not going to waste any more energy. I hope you understand.

                  Thanks for your recommendation.

          • TheVillageGuy@kbin.melroy.org
            link
            fedilink
            arrow-up
            0
            ·
            1 year ago

            In hindsight maybe we should have responded by saying we merged your mistake intentionally to see how you’d respond.

            i am not being serious of course, as that’s not our community’s nature. Even though it’s allowed to gather proof, we (I am quite sure I can speak on behalf of the community here) would never intentionally introduce bad code into software which is being actively used.

            Ernest, you have seen me before, pleading for you to change your ways, on all fronts. This, sadly, degrades the faith I have in your project being suitable for being used in production, from a pragmatic point of view. Kbin may be reliable, but you are not.

            • BaldProphet@kbin.social
              link
              fedilink
              arrow-up
              6
              ·
              1 year ago

              Ernest said he didn’t introduce bad code on purpose:

              I assure you that I didn’t intentionally push incorrect code into the repository. These were my first lines of code in a really long time. I simply got involved in other things that I wanted to finish first, and I noticed the edge case in the meantime, but it wasn’t a priority.

              • TheVillageGuy@kbin.melroy.org
                link
                fedilink
                arrow-up
                0
                ·
                1 year ago

                Ernest has said many things in the past and many times has not lived up to his promises. So I doubt this words now. Also he’s already contradicted himself on this matter.

                • ernest@kbin.social
                  link
                  fedilink
                  arrow-up
                  9
                  ·
                  edit-2
                  1 year ago

                  Yeah, that’s true. Real-life stuff was kinda more important for me at the moment than managing the project.

                  For me, it’s straightforward: I pushed some dev code that wasn’t even a complete feature, and it got approved in your pull request. That’s why I was advocating for everyone to only merged their own PRs in the /kbin repository – so that each person could take responsibility for their own work. I won’t go on about this any further.