This issue is already quite widely publicized and quite frankly “we’re handling it and removing this” is a much more harmful response than I would hope to see. Especially as the admins of that instance have not yet upgraded the frontend version to apply the urgent fix.
It’s not like this was a confidential bug fix, this is a zero day being actively exploited. Please be more cooperative and open regarding these issues in your own administration if you’re hosting an instance. 🙏
Removed by mod
Is the project small? Yes.
Did it explode in popularity leaving the devs overwhelmed? Certainly.
Do I expect them to strictly follow established ITIL incident management? No.
Do I expect them to communicate in a consistent way when an incident happens? Yes.
I agree the primary developers should be left to fixing the problems but there are enough active members of that project that someone could have handled communication in a more concise and official way. I don’t consider random posts in asklemmy or selfhosting by random users just guessing to be a substitute for that.
If the project is going to persist and grow it needs to get better at that. Pointing it out isn’t shitposting.
Removed by mod
Why are you getting so defensive? The only throat getting jumped down is mine, by you. I’m expressing my opinion of gaps in the communication of the project and how I think it can be improved. In a conversation thread on selfhosted no less. I’m not out in [email protected] bitching them out, submitting issues, or otherwise harassing the devs. Pointing out a gap and suggesting solutions is neither shitposting nor jumping down someone’s throat.
I think you’re the one confusing this with a large corporate project. Not me. There’s no managers here, there’s no powerpoints, and at no point have I asked for a detailed write-up. I asked for someone on the project, who isn’t actively working on identifying and coding the fix, to be the “point man”. Post a simple sticky at the top of [email protected] xposted to [email protected] that indicates there’s a problem, they’re aware of it, and a fix it being worked on. Once mitigations are identified or fixes are published, update the post with that. Ideally, a github security incident would be also be published with the same info so people not watching lemmy at the moment can notified via that channel.
I get it. I have pretty low standards. I’m just saying that a consistent communication strategy going forward for this project would be beneficial.
I’m with you. I figured out through various comments that I should update my UI to
0.18.2-rc.1
, and also run an update statement on my database to fix the modlog. Only after that did I find the matrix channel. Eventually I also found [email protected] which is great, but the only thread there on this issue doesn’t even mention updating the UI. I think if we can get to the point where critical information that admins need to know is consistently posted in one place, it’ll make everybody’s life easier. I don’t think that’s too much to ask.