re: The Trials and Tribulations of actix-web and the OSS community VIEW POST


I, at least, am mostly upset that the README and home page don't have Warning: actix-web should not be used for production projects. Its API can be used in a way that produces undefined behavior, and you shouldn't stand for that. Specifically, DataServiceInner::as_ref() can produce an immutable reference to mutable data. on them like abomonation does.


Agreed - there is a clear documentation gap.


First of all, such a warning would be incorrect. As both the maintainer and the person who made the PR pointed out, the public API does not expose the bits that could result in UB.

Then I wholeheartedly disagree with your expectations. It's not the project maintainer's job to warn you or even provide documentation or code at all. It's your job to do your due diligence before you use third party code.

You don't like the documentation or code, or found bugs? Then ask (nicely) for changes and argue your case. Which is what people did here. Coming on a bit strong tho, as predictably a lot of people did some drive-by commenting in the PR.

Maintainer still doesn't budge, or doesn't even listen to you at all? Then fork. Or don't use the code.

But do not even pretend the maintainer owes you anything at all. Be it a warning in the documentation, or a response to your questions or PR, or the code itself.

This begs the question: who does actix-web belong to?

How is that even a question? It belongs to the maintainer.

If the "community" wants to own it, then the "community" will either have to convince the maintainer to hand over decision making control to some community body, or the project has to be forked.


It's a question because the Rust community, generally a positive, constructive group, continues to act in a way that's at odds with what we both feel is obvious on its face - there is no entitlement.

I agree with you both on this matter. Harassing fafhrd91's personal email is not okay. Warning people off of actix-web like 64's blog post did, on the other hand, is not harassment. People have to be allowed to voice when they like or dislike a library, otherwise it's not possible to make an informed decision about what's safe to depend on and what isn't.

(I specifically didn't comment on Actix-Web's issue tracker, or open a pull request, since fafhrd91 is already overly-flooded with all this noise and fury. I wouldn't wish that on anyone, and I certainly don't want to add to it.)

100%. I came away from reading the post itself with no negative feelings at all. Reddit has a way of changing that, I guess.

People do have to be allowed to voice this sort of thing without worrying about this sort of reaction. The concern raised about the nature of what "safe Rust" guarantees is absolutely, 100% legitimate and something people should be informed of when deciding whether or not to use the tool. It's a real problem that we can't just be friggin' cool for once.

Code of Conduct Report abuse