Magit status screen shows fundraiser marketing

[martijnat]

Introduced in bf71241

My issue is not with the fundraising itself, my issue is with the
inclusion of this advertisement in the code. (I actually don't mind
the spamming on social media.) The fact that it is easy to disable
does not justify its existence. What was done here is wrong by
principle even very little damage was done.

The worst part here is not even the displayed text, but rather that it
is quite easy to accidentally open a web browser since you changed the
default action when pressing enter after just opening magit-status. It
wouldn't have been hard to use a malicious url compromise a users
system.

The problem here is that if you are willing to create software that
works towards interests of its developers at the cost of its users,
you are effectively creating a situation were users can no longer
trust the developers. I'd rather not use software where I would have
to reverse engineer every update to prevent a developer from doing bad
things.

I am dissapointed this kind of behaviour was tolerated in an otherwise
great project. I hope this is never repeated.

[nickmccurdy]

While I do agree, I am not nearly as bothered with the fundraising notice as I am with:

1. The default action being replaced with something that could accidentally open an add (if you're trying to expand your open branches in magit).
2. No way to permanantly disable this without writing to .gitconfig which feels messy because it's the only Magit feature that does this AFAIK.

Personally I would be fine with the fundraising notice if both these two issues were fixed, though I can totally understand the standpoint of not wanting any marketing in packages you depend on. Maybe something in the messages buffer or a one time popup would be better.

[phil-s]

I really hate advertising in general.

I think this 'advert' was a clever idea, nicely implemented, and a perfect way to get the message out to lots of people who would never have otherwise known about the Kickstarter before it was too late, but who would have been glad to contribute (and now can).

I agree with nickmccurdy that having RET do something on the unexpanded text was perhaps not ideal (given that the expanded text tells you about that binding); and writing to .gitconfig does feel a bit messy, but I honestly think these niggles are utterly trivial compared to the benefits of enabling the software to help users to help tarsius to work on this brilliant software full-time for a while.

Personally I think martijnat's initial comments are ludicrously overblown.

It wouldn't have been hard to use a malicious url compromise a users system.

Maybe so, but that has always been the case, and as a Magit user, you already trust Magit not to do such things, simply by using the software. What you're actually saying here is "Hey, Magit didn't try to compromise my system yet again!" which is pretty silly -- you've been trusting Magit not to try to compromise your system for some time, and nothing it's doing now gives anyone any reason to suspect that this "complete absence of malicious behaviour" situation is likely to change.

The problem here is that if you are willing to create software that
works towards interests of its developers at the cost of its users

Supporting Magit's ongoing development is very much in the interests of its users, as well as its developers.

you are effectively creating a situation were users can no longer
trust the developers.

I can only disagree.

I'd rather not use software where I would have to reverse engineer every update to prevent a developer from doing bad things.

Unless you are personally reviewing the source code of every program you use, then you are placing your trust in others. If you feel this particular move with Magit gives you such cause for mistrust that you no longer wish to use Magit then I think you are being very foolish, but obviously you're completely free to do that.

[martijnat]

It wouldn't have been hard to use a malicious url compromise a
users system.

After reading my post again, I agree that this was an overreaction. I
understand magit's need for funding and the "damage" is pretty
insignificant, but found this way of advertising to be in very bad
taste.

Maybe so, but that has always been the case, and as a Magit user, you
already trust Magit not to do such things, simply by using the
software.

For me most trust comes from the history. Magit has been great for as
long as I have known it, which is why this stands out a lot.

Supporting Magit's ongoing development is very much in the interests
of its users, as well as its developers.

Sometimes features can both (indirectly) help and harm the user at the
same time. Take telemetry found on some software for example, it helps
developers find bugs faster usually comprises the security/privacy of
its users.

Unless you are personally reviewing the source code of every program
you use, then you are placing your trust in others.

Exactly, I either trust the developer/maintainer/distributor, take the
time to review the code myself (which is quite doable for most elisp
packages) or not use the software.

If you feel this particular move with Magit gives you such cause for
mistrust that you no longer wish to use Magit then I think you are
being very foolish, but obviously you're completely free to do that.

I believe there is a certain margin of error. Right now, for my own
convenience, I simply checked out the branch just before the
kickstarter campaign stuff was added. Once the campainging code is
removed I will probably switch back to the lasest magit version. If
something like this happens a second time I will probably maintain my
own fork.

[tarsius]

What was done here is wrong by principle even very little damage was done. [...] The problem here is that if you are willing to create software that works towards interests of its developers at the cost of its users [...] found this way of advertising to be in very bad taste.

For the last few years I have been living below the poverty line, and felt increasingly guilty about putting the needs of Magit's users above those of my loved ones and myself. If I make enough money (i.e. more than the minimum I am asking for), then I will be able to live on the same continent as the love of my life and her child, instead of seeing them twice a year for a few weeks, and help pay her student dept, which she cannot do on minimal wage.

Consequently I don't share your opinion that what I did is morally objectionable.

Also, my being able to keep working on Magit is very much in the interest of its users.

[phil-s]

I had no idea. I suspect you did not wish to say any of that in the campaign, but I kinda hope that lots of backers stumble upon this comment here, because I imagine you would find yourself with substantially more funding if people were aware of this... (doubles own pledge)

[martijnat]

@tarsius

I understand.

I hope your situation improves in the future.

[tarsius]

Thanks @martijnat.

[bendlas]

Wow, I just googled for the magit fundraiser because I wanted to donate and the first search-result was this ticket.
I completely disagree with the premise and I support this issue being closed immediately in favor of asking people to get familiar with the magit code base so that they can patch the ad out for themselves and in the process become potential contributor. I think even raising this issue in the first place was quite the dick move by @martijnat.

Thanks, @tarsius, for this amazing project and for your continuing work on it.

[Silex]

You did it!!!

CHF 55,054 pledged of CHF 55,000 goal

Congratulations @tarsius ! Well deserved and I hope you get even much more than that given your dedication and amazing support during all these years.

[etu]

I much agree with @bendlas, but I think the issue should be left open until the message is gone to avoid more of the same thread.

I've noticed the message and was slightly annoyed because it's marketing. But I also think that @tarsius deserves that space and is doing the right thing. So I think the implementation is brilliant and okay.

Also gratz @tarsius on the success of your campaign.

[ejmr]

Catching up on news tonight and just wanted to say congratulations @tarsius on reaching your Kickstarter goal. You have proven that GNU Emacs users are willing to financially support the developers of tools/packages they use and highly value. And that, that accomplishment will, in my opinion, far outlive Magit. (Not to take anything away from Magit, as it is a fantastic piece of work.)

[ivan-m]

A follow up to @nickmccurdy's comment: I would prefer having an elisp option to customise rather than having a setting in ~/.gitconfig (though I suppose that goes against your plans to make magit available to non-Emacs users).

[martijnat]

@ivan-m

You can disable it with

(setq magit-hide-campaign-header t)

You could make a defcustom for it, but assuming the campaign header is removed once the kickstarter is over, you really only need this value set temporarily.

[articuluxe]

The campaign is over now though, isn't it?

…

On Sep 28, 2017, at 2:40 AM, martijnat ***@***.***> wrote: @ivan-m You can disable it with (setq magit-hide-campaign-header t) You could make a defcustom for it, but assuming the campaign header is removed once the kickstarter is over, you really only need this value set temporarily. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[tarsius]

The campaign ends on the 1st October 23:59 CEST, at which point the campaign header will no longer be shown. I'll also create a subminor release shortly after so that the campaign header goes away even if your clock is wrong.

[tarsius]

I have removed the header but haven't created a new release yet.