Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
reanimus a day ago

I don't know, I don't think it's really a huge waste of time considering I just read the entire comment thread in a handful of minutes. And beyond that, failing to comply with RFC requirements is the bug here -- a workaround existing for a specific language isn't a fix.

deng a day ago | parent | next [-]

Again: the maintainer does not say there is no bug. He says: please open a new issue, with a proper title and description for the actual underlying problem. Is that seriously too much to ask? Instead, the guy writes a whole blog post shitting on the project. Does anyone still wonder why people burn out on maintaining FOSS projects?

halapro a day ago | parent | next [-]

Not great behavior I agree, but what else is there to say other than "it does not match the spec at point 1.2.3"?

Semaphor a day ago | parent | next [-]

Then opening the ticket should be easy enough?

I certainly understand the maintainer here, because that’s what I keep telling colleagues at work.

Tickets get really cumbersome if they are not clear and actionable.

bioneuralnet 7 hours ago | parent | prev | next [-]

Exactly, that's all his PR had to be. The history of finding the issue could be an interesting story (I bet it involves Elixir!), but in places it reads as almost malicious. If I received a PR anything like that on something I maintained, it would be received very poorly. The author comes off as overly aggressive toward the maintainers and far too sensitive to their response.

PunchyHamster 12 hours ago | parent | prev [-]

...that's what they are asking, yes.

a day ago | parent | prev [-]
[deleted]
Alupis 10 hours ago | parent | prev | next [-]

It's pretty standard to open a new issue and reference the previous issue for context, while keeping the new issue specific about what needs to be addressed - ie. RFC compliance.

I don't see the problem here at all - it was a reasonable request and it would have taken `feld` all of 2 minutes to do. Certainly less time than writing that blog post.

pseudohadamard 3 hours ago | parent | prev [-]

It's not entirely WolfSSL's fault. TLS 1.3 is a mass of kludges and hacks to deal with the fact that they created a new protocol that's nothing like TLS 1.0-1.2 but dressed it up to make it look like TLS 1.2. It even lies about its protocol version in the handshake, hiding the real version in one of the many extensions they had to invent to kludge it into working. And in terms of RFC compliance, one of the most widely-used implementations isn't compliant, it doesn't send any of the mandatory-to-implement cipher suites in its client hello which means unless you want to trigger a rehandshake on every single connect you have to implement their non-compliant form of TLS 1.3.

The real problem though is that they made a protocol that really, really wants to pretend it's TLS 1.2 when it really isn't anything like TLS 1.2. I wouldn't blame "middleboxes" for getting confused when they encounter that.