i'm not saying we actually have time to do that crap

^this

but that's what perforce is leaving us with

anarcat: +1

@David - the question is how quickly/often the main branch of the Perforce internal repo is intended to get mirrored to the public repo?

unless i profoundly misunderstood the intentions of perforce and the effets of today's announcement

this is really concerning, and sad

^ yup

if it is daily, then I think this will work out OK. if it is only when a new release is tagged, it will kill the eco-system.

i will also point out that there is a possibility of current world events are affecting our perception of the announcement, which might have been poorly timed

for reasons out of topic for this channel, i'm actually fucking scared right now, in general, because of the state of the world (trump, floodings in europe, fires in the americas, war in the middle east and ukraine, general apocalypse)

so i'm scared, a priori, and i'm scared of this here as well

a proper approach would have been to try to be reassuring and say things like "puppet stays open source, and the canonical repo stays open source, and security and patches will land promptly in a public repo"

but right now, i just get FUD

we aren't saying we don't want contributions or to work with open source users,

"puppet stays open source, and the canonical repo stays open source, and security and patches will land promptly in a public repo" this is largely the truth although we are not committing to specific slas for security and patches

again a ten foot wide footnote there

"largely the truth" is not how open source works

you need trust from the community

if i feel that perforce is just going to take my contributions and shove them in a dark hole of closed software, i am not going to bother

what you seem to be saying is that there is a "canonical" repo, except for "security and patches", where there is a "private" repo that is governed by a different SLA, EULA, and therefore license than free software puppet

and that you are, effectively, forking puppet

i'd be really glad if i misunderstood

but every new comment i hear always has this escape hatch that allows perforce to have a private closed source repo of puppet

where development actually happens

but we'll see, i guess

a good mechanism that could allow you to have a "hardened" and "private" repo would be to have a closed coordination list with distros

where you could share security issues to ensure coordinated disclosures

i think "puppet stays open source" needs clarification because I think for puppet this means "licensed with an osi-approved license" but that the "source" will not actually be "open" (hence private repos)

there are actually mailing lists like this that already exists, for the record