Clarification on possible crate-owner lockout #345
Comments
|
Resolved in #338 (comment) ? |
|
Hello -
Can confirm that I am now a member of dalek-cryptography,
and @isislovecruft is the only owner of that organization.
In response to recent events, @hdevalence has forked the curve25519-dalek
<https://github.com/zkcrypto/curve25519-dalek-ng> library and some other
libraries to the zkcrypto org <https://github.com/zkcrypto>.
The library has recently been updated (rand_core to 0.6) and is 11 commits
ahead of the dalek-cryptography version.
Sorry for the confusion. There's a note
<8a5982c>
in the curve25519-dalek-ng library about switching over, if you so choose.
I hope that helps.
Cathie Yun
…On Sun, Feb 21, 2021 at 12:30 AM Chris ***@***.***> wrote:
Resolved in #338 (comment)
<#338 (comment)>
?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#345 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAZJJOQJP7WYV35WY4PC6UTTADACJANCNFSM4XCZEI3Q>
.
|
|
@isislovecruft: Thanks so much for explaining your side of the story. @cathieyun: Thanks so much for confirming and clarifying. @caemor: Yes, I believe this issue can now be closed. We've heard from all members and nothing new has come up. |
|
Hey, just to reiterate what was said elsewhere: I demoted one organisation owner to member and removed his ownership of crates after a series of behaviour complaints. I did not remove his ability to commit or participate in any other way, nor did I change permissions/status for any other maintainers. It was his decision to quit and create a fork; best of luck to him with that. I'm happy to give current maintainers more access, and I'm happy to take on additional maintainers. Again, I'm trying my best, and if anyone has further concerns or complaints, or thinks I've acted unfairly or in error, I'm happy to discuss and I'm available fastest via Twitter (@isislovecruft) DMs and/or Signal. |
Note: I don't wish to attack anyone personally. I only want to have some events explained, in order have transparency about the current status of the dalek-cryptography GH org and ultimately the code I depend on.
The recent #338 (comment) by @hdevalence, explaining that all other maintainers, except for @isislovecruft, have been silently demoted in the GitHub organization and removed as owners of the dalek-cryptography's crates on crates.io (eg. curve25519-dalek), brings up serious concerns for me.
Why have co-maintainers been silently removed? The following tweet comment by @hdevalence makes it seem like this was done without prior communication between the maintainers, which raises even more suspicion for me. At this point, I feel like this situation could very well be interpreted as a possible malicious take-over attempt. I don't expect it to be the case, but it's nonetheless important to have transparency about these things, taking past incidents such as the
event-streamvulnerability into consideration.A thread on /r/rust was opened, to initiate discussion about this, but was closed by the moderators.
I kindly ask @isislovecruft to explain what the reason behind the demotion and removal of crate owners is. If any of the co-authors/maintainers(maybe @cathieyun?) have further details, I think those would be nice to share as well.
The text was updated successfully, but these errors were encountered: