Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Very slow pull request merging? #230

Open
boredsquirrel opened this issue Apr 2, 2023 · 4 comments
Open

Very slow pull request merging? #230

boredsquirrel opened this issue Apr 2, 2023 · 4 comments

Comments

@boredsquirrel
Copy link

I just wanted to ask if there is active administration

Cheat is an awesome project and I want to contribute to it, as there are many commands missing.

The system with tags and all is very good, and I tried to explain everything best.

But it seems for now noone even looked at these additions, and there are 27 more left open.

@AlJohri
Copy link
Contributor

AlJohri commented Mar 23, 2024

@chrisallenlane would you consider adding more contributors to this repository that can help approve and merge pull requests?

@drjaska
Copy link

drjaska commented Sep 23, 2024

@chrisallenlane I would recommend adding more maintainers as cheat is great software but it has gotten dangerously stale as this repository hasn't seen a single new merged commit in >2 years now. cheat/cheat repository is looking slightly better but it had a year between 2022 and 2023 where it was commitless and since then has received 13 new commits.

It can be hard to let others do work in your project without immediate supervision but the current situation is sadly just waiting for a fork to happen or cheat to die out. Surely it's better to supervise others doing the work for you than it is to have the project either die out or get forked by a new maintainer. I hope that you understand and take this advice kindly.

@chrisallenlane
Copy link
Member

chrisallenlane commented Sep 29, 2024

@boredsquirrel, @AlJohri, @drjaska

Sorry for the delay. I agree that development is stagnant. I'll explain the situation.

Firstly - and critically - I am deeply, deeply burned out. Bluntly, I've mostly lost interest in open-source participation at this time. It's an endless time-commitment, and I'm increasingly short on time. I have other responsibilities and passions now, and less and less time to dedicate to this project.

Regarding adding other maintainers - this is significantly more difficult than you might think, for a few reasons:

Firstly, I've tried this before. Inevitably, I spend time getting someone up-to-speed (via email, in-person, whatever), and then they lose interest in the project, and contribute little or nothing. This is a 100% time waste for me, and deeply demotivating. Additionally, this puts me in a "managerial" role, and I have zero interest in being a manager - I just want to write code. Again, bluntly, if GitHub provided a mechanism for disabling pull-requests on a project, I would activate that mechanism here. I'm willing to share my own work, but am much less enthusiastic about being a "manager" of any sort.

Secondly, I'm deeply fearful of a "Jia Tan" situation. Open-source supply-chain attacks are increasingly common, and I'm thus increasingly hesitant to give write access to an unknown stranger on the Internet. (And no-one that I know in-person has any interest in contributing to this project.) Given that the nature of cheatsheets is that it's a repository of commands that you don't know that you should copy-and-paste into your terminal, we need some real oversight on what goes in here, which means I either need to audit submissions myself (see above), or find a trusted individual to do so on my behalf (again, see above). If I fail to do this, I could unwittingly harm users that trust me.

Furthermore, I consider cheat to be largely done. There are little edge-cases to fix, enhancements to add, etc, that would be nice to implement, but it's been 99% able to meet my own needs for years now. I suppose software is never truly complete, but cheat is probably "good enough" for now.

I'm also not sure if cheat is terribly relevant now that LLMs have arrived. They're quite good at solving similar problems, though they admittedly have some obvious drawbacks.

I'll also say that the cheatsheets repository (as distinct from the cheat binary) has always been uniquely challenging for me to maintain, simply because of the subjectivity involved. What program (or command) is significant enough, or useful enough, to allow into the repository? It's a judgement call, and one that I feel uncomfortable to make.

Beyond that: the purpose of cheat was never to provide a centralized cheatsheets repository (though I do believe that a lot of users have gotten a value out of ours, and we should be proud of that). But rather, cheat's value-proposition is that it allows you to create your own cheatsheets, specific to your own workflow and needs, without regard for what might be useful to others upstream.

If there's a path forward here, I'd consider implementing compatibility with the cheat.sh cheatsheets repository, which is both quite active and quite large. @chubin is a wonderful maintainer, and perhaps it's silly in the first place that we're duplicating effort in maintaining redundant cheatsheet repositories.

In any case, thank you for the feedback, and I apologize for the stagnation. When time permits (likely during Christmas break), I'll see if I can find some time to implement compatibility with the cheat.sh cheatsheet repository, which will hopefully breath new life into this project, assuming that it's still relevant.

@wolfspyre
Copy link

heya Chris!

I hear you, and largely agree with you. That being said, You're a smart cookie.

While I can wholly understand your concern re a manipulation con.
There's inherent mitigations in place already which somewhat insulate you from this....

  • The application in question was targeted largely because of its' ubiquity, and the esotericness of the operations being performed allowed hiding in plain sight....

  • Cheat is working with .... well... plain text files ;)

    • Cheat is manually executed by the operator.
    • It's also pretty hard to obfuscate code in a flat text file.

IOW: The value of a pipeline attack to a bad actor here is pretty low ;)

Not trying to downplay or diminish the significance or legitimacy of your concern... rather trying to help assuage the voice of anxiety, and properly scope the risk involved in this specific context. ;)

I disagree that cheat's value prop is diminished with the advent of LLMs... you can get a LOT of bad guidance from LLMs ;)

I do agree that combining forces with cheat.sh seems like a sane plan forward.... we all hate toil... why duplicate efforts? :)

Regardless; I'm glad you're taking care of you first.. The people involved are more important than the tools they've made ;)

❤️🐺W

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants