Politics or pure code?

[kosh2323]

Hello, this software is harming the whole world,

_https://packagist.org/packages/voku/portable-ascii

there are links and political slogans in the code. Are you for clean code or what? Your dependency manager has been chosen as a political propaganda tool. Do we require to remove remove dependencies when creating Laravel projects? Who needs to download this package separately
Here's the proof.

_voku/portable-ascii@377ab19

[Seldaek]

We cannot take responsibility for all the code hosted. If it's not malware we are not going to take action.

[kosh2323]

We cannot take responsibility for all the code hosted. If it's not malware we are not going to take action.

The developer of this package has a certain political position, and he has the right to this, but he does not give us, as users of his software product, rights. Why not make 3 versions:

1. We share the same position and are ready to establish its expansion with the same political text and slogans.
2. We share his position, but we are not ready to install a package with such text, but want without text and political propaganda.
3. We do not share his position and are not ready to install his software product with unnecessary text and all sorts of garbage that is not related to functionality.

And for this case, he has an option/version where there is no garbage. Here you are not given a choice, but are imposed a product that, although there is no threat, contains unnecessary garbage. Today it’s a few links and text, but tomorrow it could be hundreds or thousands of links and text of several thousand lines.
If you are asked to simply place on your website, somewhere in any files, some hidden political text and several links to a political topic, even if you share these views, will you agree? I don't think so.

[xabbuh]

These are questions that you have to ask the maintainer of the package. They are neither related to Composer nor Packagist.

[kosh2323]

These are questions that you have to ask the maintainer of the package. They are neither related to Composer nor Packagist.

I don’t agree with you here, because... I believe that these issues are connected, this is “Tacital Consent,” and this undermines trust in Composer and Packagist. There are no guarantees. I decided not to use Composer for myself.

[Seldaek]

Should we also be blamed if there is a bug in a random library? This is absurd.

You have to (and I would say you can..) trust Composer/Packagist to install dependencies you choose. The trust you place in those dependencies lies on every maintainer of each dependency you pick, it has nothing to do with trusting Composer as a tool.

[kosh2323]

Should we also be blamed if there is a bug in a random library? This is absurd.

You have to (and I would say you can..) trust Composer/Packagist to install dependencies you choose. The trust you place in those dependencies lies on every maintainer of each dependency you pick, it has nothing to do with trusting Composer as a tool.

We must agree that there are different opinions, you have one, and I have another, there are also those who share, and there are those who do not share, and this is normal, this is freedom of choice. But when you are deprived of freedom of choice and something is imposed on you, no one likes it. There are also those who force something on you and this is no longer normal, and this causes protest.

[Seldaek]

Then go protest on the package's issue tracker, I cannot do anything about it and you're just wasting everyone's time here.