[bugglebeetle]

The whole interaction has to be colored by what the person eventually sent in their email. In that light, it’s very much a demand. Do this unpaid work for me. Any request for recompense is extortion.

Secondly, this is just semantics. Fork, update the dependency or whatever reference to it, and submit back as a pull request. Or maintain the forked repo yourself if it’s that mission critical.

[scottmcf]

I fully agree. The original request can be read either either with a neutral/oblivious tone or a negative demanding tone. This is the wrong way to ask someone to do free work for you regardless if it's reasonable or not, and the issue is compounded by highlighting the financial aspect.

The followup email proves that taking a negative reading of the original request is the more reasonable read of the writer's intention.

[returningfory2]

FYI, I think that as of this comment you don't understand what the maintainer was being asked to do. There is nothing in the code to fix. There is no dependency to be updated. Forking and doing whatever isn't what's needed. The person is just asking the person to tag a new release. The requester can't do this themselves.

[justinclift]

> The person is just asking the person to tag a new release.

Just to point out, making a new release can be a fairly involved "all day" process depending on what supporting stuff needs doing. eg blog post(s), getting people to manually sign things, notifying other people, etc

Literally no idea if that's the case for this project, but it definitely is for some of the projects I'm on.

[returningfory2]

Yes for sure! And in fact the person clarified elsewhere on this thread that it would be multiple hours of work to create a new release (in which case I think they’ll asking for support is totally reasonable). But just from looking at the exchange on GitHub this is not clear.

[bugglebeetle]

More pointless semantics. So your claim is that there is absolutely nothing IBM can do to resolve this situation, with all their myriad resources, besides opening a GitHub issue and then using absurd, abusive language in follow-up emails? Okay.

[returningfory2]

On my GitHub repos creating a new release generally involves using GitHub’s new release UI, which only I can do because I’m the only one with permissions. If someone else wanted a new release on my repo, how can they do this without me doing it?

[bugglebeetle]

…fork the repo and build a release yourself?

[vsl]

They can use a master or specific commit checkout. Makes it more unreasonable, not less, to harass the maintainer.

[berkle4455]

This is the key part half of HN can’t wrap their head around. Ron’s email clarifies his expectations and demands.

[mcpackieh]

The original request can be judged on it's own merits. We can also, simultaneously, judge the personality of the requester with all data considered. One does not exclude the other. I judge the original request to be reasonably worded, and I also judge the guy to be an asshat in light of the subsequent email.

[arp242]

> Secondly, this is just semantics.

It's absolutely not "semantics", because the amount and type of work involved is radically different. Some bug is something I can fix myself with a patch; a new release isn't something I can do at all.

> Fork, update the dependency or whatever reference to it, and submit back as a pull request.

IT HAS ALREADY BEEN FIXED. How many times do I need to repeat this?

[sickill]

Releasing takes time or at least effort. It’s not like it happens on it own. It’s work.

[bugglebeetle]

Indeed, the maintainer has commented on this very post that more work than simply tagging a release is involved with fixing, as well as that the CVE impact on their repo is bogus because they’re not actually affected by it.