Original title was “The Ethical Maintainer: Community Service Award Recipient Glyph Lefkowitz”.
I’m always saying people don’t learn from the past. So much gold to find if they just dig for it. His father apparently had similar views. He taught Glyph that good habit which he used to the project’s benefit:
“Glyph says that his strength, in his 20s, was knowing what he didn’t know. His father is a programmer, and he taught Glyph that most programming techniques are already well-known. Therefore when Glyph and James Knight got their event loop working, Glyph thought, “Someone must have done this before.” He searched on Alta Vista and found the ACE project, which included a C++ event loop. Glyph refined his Python event loop based on the best practices he found in ACE, and this became the basis for Twisted, which is now one of the oldest and most influential of all Python libraries.”
Also, good to see ACE again as it was one of the things I recommended distributed programmers check out long time ago.
“If we don’t [write a code of ethics], he says, “someone else is going to do it for us, and they are not going to understand our field well enough to do it correctly.” “
He’s correct. It already happened, though. They’re called founders, CEO’s, managers, and government. Their ethics is shipping crap as fast as possible to get market share to benefit a few at the expense or temporary benefit of the many. Alternatively, if a big company or institution, do very little to the software or screw it up a lot to increase profit with lock-in and cost reduction (often at expense of quality). At best, we’re going to apply our ethics to things we create. It’s a good idea to do this, though, just to create awareness of better ways to do stuff.
“Glyph identified three responsibilities for open source programmers: to make clear promises, to secure our code, and to release code of appropriate quality.”
Open-source programmers have no such responsibilities if they receive no such responsibility or promises from users. In the U.S., this was even established in contract law with the concept of consideration: each party to the contract has to get something in the exchange for it to be valid. In FOSS, you’re expressing yourself in some way to some degree with the result being freely usable by others who might not do a thing for you. You’re only really responsible to yourself in that way. You’re own principles or limits.
Glyph should follow the above rules to keep a clean conscience. Others might just throw crap out there with GPL on it. Even others might maintain a certain level of quality or support but nothing past that without payment or others putting effort in too. Others might do quality initial build but do nothing past that. The initial work at least saved time for future builders. The only rule I’d say follow if one is claiming to upload something open-source is to be clear on what license is used. That way we at least know what we can legally do and what author might have expected with the published work.
I do agree with pushing for a culture of quality and security (esp packaging) where possible. Glad there’s more people in Python community doing that. Given Python’s prevalence, I even thought about making a proprietary version of interpreter and standard library in Ada/SPARK and/or Rust that closed off many 0-days. Maybe integrate it with advanced security mechanisms at OS level. Last time I saw Twisted, I was thinking of writing something like that in a safe, systems language with a Python wrapper. Better security and performance. I didn’t dig deep into those ideas, though. I don’t know how much people would appreciate the benefits or how feasible it is (esp Twisted rewrite & wrap). Open to feedback on that.