We're perfectly within our rights to express how it makes us feel for it to be brought up, especially with the history we've had around it. It's caused us a lot of grief and we'd just like for it to stop being shoved in our face. That's all. If it was brought up by someone totally unique (not repeated by the same person as before, who we've already answered) then I would have had a different, more tactful response.
I really don't think it's fair for you to make a judgement on me or the project from an interaction like this. At least judge the project on its technical merits. I've been very transparent here. But I can't stop you from having your thoughts. It is what it is.
> being asked to repeat ourselves again is insulting to us.
> we'd just like for it to stop being shoved in our face.
This is the comment you are referring to:
> There still remains this simple to reproduce bug where the page doesn't load of you use the full domain name of a site.
They aren’t asking you to repeat yourself. They aren’t shoving it in your face. This is an open discussion thread with many participants. They weren’t talking to you directly. This is information anybody here can find interesting and relevant. I did.
> I really don't think it's fair for you to make a judgement on me or the project from an interaction like this. At least judge the project on its technical merits.
How you are reacting to this is far more important to me than the original bug.
Remember when 37signals suffered data loss because they were using GET requests to delete things? When people pointed out they had a bug, they were offended and blamed GWA. What happened next? The same thing happened all over again, users suffered more data loss.
Or how about when Naomi Wu reported a problem with Signal, where the common use case of third-party keyboards for Chinese people was rendering all of their security worthless? They dismissed that as somebody with a grudge and ignored her for a year. What happened next? People found out that Chinese keyboards were compromised; she was 100% right, and Signal users were in danger.
I’ve seen what happens when people have this attitude towards inconvenient people reporting inconvenient bugs. It’s a danger to users, and you are making Caddy seem dangerous with this attitude. I was a happy user of Caddy right up until this thread, and even halfway down this thread – even after reading the mention of the bug – but your reaction has flipped that to the opposite because I can’t trust that there aren’t more bugs you are handling this way.
This is being blown out of proportion. You're discounting an entire project and your experience of the software over a person expressing exasperation over an inconsequential feature (not a bug) that even the author of curl had his run through and frustration. The request was not dismissed, rather it was discussed at length on our issue tracker. The OP knows it was discussed at length because they linked to the discussion thread in the earlier times they brought this up. Moreover, the way they presented it this time is snide, agree or not. To quote Matt's statement of the project being "stable and mature" just to say "except you didn't implement my niche feature" (yes, editorialized) is not criticism nor a feature request. It's veiled instigation hiding behind plausible deniability.
Anyways, on the feature request, Caddy is not the only software who disagrees with it being valid, and curl had their back-and-forth on it. There's no legitimate bug being dismissed, and you can go through the issue tracker to audit it. Equating this discussion with 37signals or Signal is false equivalence.
It's a repeat complaint from the same person who admits bringing it up before. The way they framed their complaint is, again, snide.
> That’s a long way beyond exasperation, that’s a massive overreaction.
Your reaction to Francis is _the_ overreaction. Francis simply said to OP to put their money where their mouth is. The "slander" comment comes later as a general statement on why this subject has become annoying.
Stop being hung up on Francis' response. The niche feature was discussed at length multiple times. You're welcome to search the web for all the conversations we had on the subject. Caddy has been around for 11 years. We've seen this subject more than you've seen it brought up. Again, OP referenced the discussion on the issue tracker in one of the earlier times they brought it up. They _admit_ it's niche. What's the point of continuously bringing it up?
Okay, so the last time was 18 months ago not two years. But do you really think that mentioning it three times in 3.5 years can fairly be described as a grudge?
> Stop being hung up on Francis' response.
This is the only thing that matters to me in this thread. The bug itself is not that interesting. It’s a big deal to me that your team seems to take even the mildest mention of a bug as some kind of harassment. I’ve seen that kind of attitude before, and it’s dangerous.
Yes calling it a grudge is kneejerk, but no I won't apologize for it because of how intensely frustrating the prior discussions (and today's, no help to you) were to deal with (take today's, multiply it by two for the intensity, then multiply it by ten for the amount of times it happened). You aren't me, you don't know what I've experienced and you don't know all the details, so please stop making assumptions.
It's the fact they bring it up again when we've made it clear our stance is the problem, not so much the actual words in today's post. It's also off-topic (not relating to project maintainership) and it's on a post I submitted myself to HN.
I know you've already made up your mind, but look at our track record of answering support questions on the forums and tickets on GitHub, and you'll see that the picture you've formed in your mind from this thread is not accurate.
Those comparisons are very straw-man and I won't entertain them. As I've already said, IMO there's more risk in introducing a new security bug in trying to fix this issue than there is leaving it as-is (failing fast and hard).
> It's the fact they bring it up again when we've made it clear our stance is the problem
You are still locked into this idea that the sole purpose of bringing it up is for your response. This is an open conversation, not a dialogue between only you and them. It doesn’t matter if you have made your stance clear, them bringing it up gives other people a chance to hear about it and discuss it.
> I know you've already made up your mind, but look at our track record of answering support questions on the forums and tickets on GitHub, and you'll see that the picture you've formed in your mind from this thread is not accurate.
To be clear: my mind was made up that Caddy was a good, reliable choice, and it was your behaviour in this thread that changed my mind, it wasn’t my imagination.
> IMO there's more risk in introducing a new security bug in trying to fix this issue than there is leaving it as-is (failing fast and hard).
I believe that, but I also believe your attitude is a bigger threat to security than either.
And you're still locked into this idea that you'll convince me that I shouldn't care, when I've expressed how it makes me feel due to the history. Can you respect that there are topics I'd just like not to be reminded of in a certain way? If it was brought up in a _constructive_ way, I would accept it (i.e. offering help or a solution via a PR with tests). If it was brought up by someone who I didn't specifically interact with negatively on this topic before, I would accept it.
> I believe that, but I also believe your attitude is a bigger threat to security than either.
I can't change your belief, nor do I care to, but I think that's absurd. Show me an actual security threat relating to this and I will address it. But this problem as stated is not one.
You keep saying that, but you did change my belief! My opinion is not immutable, I listen to what people say, and that is the reason we have ended up here. Because I listened to you and you convinced me to change my mind about Caddy.
> Show me an actual security threat relating to this and I will address it. But this problem as stated is not one.
“This problem” that I’m concerned with is your attitude not the FQDN bug, and I already gave the Signal example. When you start perceiving people reporting bugs as attacks and grudges, it makes it dangerously easy to dismiss real problems.
If that person found another problem with Caddy, I think they are less likely to report it to you because of this. If they did report it, I would think you are very likely to dismiss it because of who they are, not the contents of the bug report. This is a serious problem for my trust in Caddy.
I thought I was clear enough about this already, but clearly not: I encourage anyone who believes there's a bug with Caddy to report it to us on GitHub, where bug reports belong, where we can have focused discussion about it and see it to its natural conclusion. I do not discriminate bug reports based on who makes it.
An HN thread is not the place to report a bug. Nor do I think it's fair to form opinions about project maintenance (which doesn't happen on HN) based on comments in HN.
I say this with some trepidation. I certainly don't want to inflame this.
First, never used Caddy. I have no dog in this fight. I do manage a (closed source) project (which is decades old).
After reading this entire thread and all replies in all branches (I didn't vote on any of the comments), I think it would have been better for you not to reply at all. It would have done less damage to you (the negative emotions it brought out, the perception of others) and no one would remember that top-level comment. It would have been at the bottom of the page, an insignificant utterance. You elevated it, by protesting too much (I won't quote that famous line, but you get the idea).
And I must say you reminded me of my younger self, in the way you wouldn't let go of the issue and wouldn't let others have the last word. I've learned that this behavior is definitely self destructive and unproductive. The trigger was something that lived in me. It was never, I learned, about them. We choose how we respond. I've found one thing to work for me:
When an online discussion makes me emotional, I write a response in a text editor (not in the place where the comment is) and I let it sit for a few hours. Then, I do something completely different. I almost never post that comment, when I return to it, but I sometimes post something much softer. Mostly, I remove all emotion from the comment. Emotions are triggers for others, after all.
Why did I write so many words on this seemingly trivial online dispute? I hope I can help in some way, because I saw myself in your comments. Take them for what they are, me trying to help.
> If that person found another problem with Caddy, I think they are less likely to report it to you because of this.
Given they're aware of previous discussion and the stance on the feature request, I don't think they're deterred by the discussion here. Your addition of fuel to fire here is the very thing that's not helping.
> If they did report it, I would think you are very likely to dismiss it because of who they are, not the contents of the bug report.
I really don't think it's fair for you to make a judgement on me or the project from an interaction like this. At least judge the project on its technical merits. I've been very transparent here. But I can't stop you from having your thoughts. It is what it is.