-
-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Politics or pure code? #11981
Comments
We cannot take responsibility for all the code hosted. If it's not malware we are not going to take action. |
The developer of this package has a certain political position, and he has the right to this, but he does not give us, as users of his software product, rights. Why not make 3 versions:
And for this case, he has an option/version where there is no garbage. Here you are not given a choice, but are imposed a product that, although there is no threat, contains unnecessary garbage. Today it’s a few links and text, but tomorrow it could be hundreds or thousands of links and text of several thousand lines. |
These are questions that you have to ask the maintainer of the package. They are neither related to Composer nor Packagist. |
I don’t agree with you here, because... I believe that these issues are connected, this is “Tacital Consent,” and this undermines trust in Composer and Packagist. There are no guarantees. I decided not to use Composer for myself. |
Should we also be blamed if there is a bug in a random library? This is absurd. You have to (and I would say you can..) trust Composer/Packagist to install dependencies you choose. The trust you place in those dependencies lies on every maintainer of each dependency you pick, it has nothing to do with trusting Composer as a tool. |
We must agree that there are different opinions, you have one, and I have another, there are also those who share, and there are those who do not share, and this is normal, this is freedom of choice. But when you are deprived of freedom of choice and something is imposed on you, no one likes it. There are also those who force something on you and this is no longer normal, and this causes protest. |
Then go protest on the package's issue tracker, I cannot do anything about it and you're just wasting everyone's time here. |
Hello, this software is harming the whole world,
_https://packagist.org/packages/voku/portable-ascii
there are links and political slogans in the code. Are you for clean code or what? Your dependency manager has been chosen as a political propaganda tool. Do we require to remove remove dependencies when creating Laravel projects? Who needs to download this package separately
Here's the proof.
_voku/portable-ascii@377ab19
The text was updated successfully, but these errors were encountered: