It sounds funny, but it's not. I once issued a bug to them that didn't have enough information about how to reproduce... and I was lambasted on Reddit and eventually just deleted my account there it was so terrifying. Some dev teams do not mess around. In fact I've shied off most social media since and no longer issue bug reports to any company, I was scarred deep over the treatment.
I've read their reports before. When there's not enough information to reproduce, they do a good job of asking for more information first, and I've never seen a reasonable good-faith report elicit anything overt.
If you failed to give them proper reproduction information when asked, then yeah, you were wasting their time and they should rightfully close your issue.
I've never seen anyone on the curl team undeservedly "lambast" someone, and for a project that has a quite good reputation, I think the burden of proof is on you. Can you link to these supposedly terrifying comments?
It says in the curl file that they will ridicule time-wasters in public and here is one pression confirming that it happened to them, yet somehow that's not enough? Come on.
When people don't provide a citation online when discussing some specific instance like this-- which could be provided with a couple clicks and would radically improve their argument a reasonable assumption is that the citation would undermine their argument.
If you follow cURL’s development, what you’ll see is the main contributors tend to be extremely patient, helpful, and thankful of contributions. Sometimes too patient. If you look at the HackerOne slop reports cURL got, you’ll see Daniel accommodating people outright wasting their time.
So if you follow what’s been happening, you know the types of reports this message is talking about. What they consider time-wasters are slop reports where the reporter didn’t do any effort to even test the “bug” and then keeps pasting whatever the LLM says in replies and lying about using them.
In other words, for a legitimate report it’s hard to believe that was the reaction. I would expect them to be patient with a human contributor which really put in the work. It’s particularly hard to believe the maintainers would even waste their time to lambast someone on Reddit. Doesn’t seem like their style.
Maybe the person in this thread is exaggerating, maybe they misinterpreted it, or maybe it did happen. But it seems so out-of-character that some proof would be warranted, especially since it’s a single report.
We don’t need anecdotes, every single bug is public. Just looking now I see respectful responses to genuine reports. This document is clearly in response to AI slop and spam.
I skimmed the "slop" collection they maintain that was posted here yesterday, and even under those HackerOne submissions, Daniel was perfectly reasonable and respectful.
It is entirely possible I merely chanced upon his highlights, but this announcement to me really just signifies a final straw breaking than anything else. His historical conduct is all public and speaks for itself. I wish I had the patience and perseverance he does, and I wish he didn't need it.
But at the same time, sometimes you have to really persevere to get a bug fixed.
Consider the perspective of the maintainer of a popular project: to them, you're one person in a big queue of people all reporting problems. Most issues turn out to be "I need free technical support, which you don't offer, so I'll phrase it in the form of a bug", and it saps their time to look into the details of each issue to find whether it's genuine-bug or user-error.
So that's why you should try to give reproduction instructions as best you can, and be up-front if they're incomplete, or you only saw it happen once.
If the maintainer responds harshly, or even if you get commentary from others, remember they are (or should be) criticising the bug report, not you. Try not to take it personally.
And even if they decide to close it, or not investigate further, you've still done the world a favour by adding genuine details about something you saw. The bug report is still searchable when closed. Other people who get the same problem as you are likely to find it, and it might spur them to reproducing the bug where you couldn't, and re-opening or re-reporting the bug and driving it forward to completion.
You're paying exactly $0 for support for this software. So any support (eg: bug fixes) you get are a gift. That means that if you (1) use their software, (2) don't provide a good bug reports to help them fix their bugs, and (3) complain about how it's not your job to fix them then... you, my dear person, are acting like an entitled ass.
It's not hand-holding to provide a good bug report, it's essential to make the bug report actionable. curl is so widely-used that bugs often come from a combination of the software and the environment (OS, libraries, etc). Without enough details to reproduce a bug, then the bug is often impossible to track down. This means: recreate the environment, the actions that led to the bug, and create the bug itself.
That surprises me -- from what I've seen, Daniel is actually remarkably tolerant of incomplete/unclear reports. (Too tolerant.) But I imagine that could depend on the day.
(Now, if you used AI to generate the report, well... that's different. Especially if you didn't disclose it up front.)
On the flip side I’ve been following him for a while on Mastodon.
I’ve basically watched the AI crap cycle go from “this is a weird report, oh it’s fake” to “all the reports are trash, it’s so hard to find real humans in the flood” through his posts.
I suspect I would’ve stepped down long ago. I feel so bad for the open source maintainers who are just being assaulted with nonsense.
Not really. They said in their comment they deleted their whole account and everything. They probably don't want to continue to be ridiculed and to link the identity of that account with this one.
> (...) that's a you thing. You have to be tougher than that.
They really don't, lol
If a community is full of assholes, unwilling to change, walk away! Don't contribute to what you don't want to support. It's just like voting with your wallet.
All contingent on whether you can actually afford to do so though, as usual, but I have a hard time believing that interacting on Reddit would be so essential, especially these days.
With this said, this is one place personal blogs work well.
You can post the problems you find there, and if you're half decent it will be picked up and put in search engines for people that have similar problems.
You at that point don't have to defend yourself, at least directly, to the community.
Please ignore everyone else and do not share any more information about this experience or yourself. These people do not have your best interests in mind and will not mind, or are intending to, make this experience even worse for you.
He rubs me the wrong way, too. Curl is overhyped and a pain to work with. And he's getting high on the "success" while crying about not being paid for something he offers for free. I think Americans have a nice phrase about having cake and eating it, too.
Not only is cURL not overhyped, it’s absolutely false that Daniel “[cries] about not being paid for something he offers for free”. He does get paid for cURL support.
He does criticise rich companies who don’t do anything to support cURL and demand preferential support, but that’s not the same thing (and does warrant criticism).
