You asserted that author hasn't "learned" anything from this bug in a drive-by comment that starts with "Only if they actually ~". I can assure you that's incredibly condescending.

It's uncalled for too. iTerm2 has a good track record responding to user issues, even obscure ones involving Japanese input. The dev even listened to the demands of trolls who raided the issue tracker from Mastodon [1]. Security fixes are released quickly. Nothing about the project warrants the kind of cheap dismissal in display all over this thread.

You mentioned emotional attachment twice in this thread as reason some people have problems with dismissive, aggressive, or mean comments against iTerm2. No, it's basic empathy and appreciation for the thankless work going into this FOSS project.

[1]: https://news.ycombinator.com/item?id=40657890

No it’s not condescending to highlight the author hasn’t indicated they have learned from the broader set of circumstances that led to this bug in the first place. Ripping out a feature is a first step not the only step.

I mention emotional attachment twice because twice to logical and attempted factual comments I’ve gotten emotional comments back verging on attacking me personally. I don’t use iterm2 nor is it a piece of software that takes up any mindspace for me but attacking this aggressively anyone even mildly critical because you feel like you’re part of this minority group and you need to defend yourself because you feel constantly attacked is tribalism, not empathy and appreciation.

When you tell me that you're the lone voice of reason amid the emotional tribal backlash against you, despite people breaking down all the reasons they're calling you out step by step, I have nothing more to tell you. You might want to remember that your supposed "logic" won't stand in any FOSS community though. Or like, any community. I honestly hope that you can one day become a different person from the one who proudly proclaims that disregarding other people's work is proof of rationality.

Where did I ever claim I was the sole voice of reason? Plenty of people on here are having a rational discussion about how this happened and several people recommended tips such as commit hooks to prevent WIP work from getting committed and released. That would be an example of a lesson learned. Indeed, it's entirely possible that George has learned that lesson too. I was just literally describing the logical problem with the assumed logic of "mistake made = lesson learned", especially when there's no evidence outlining what the lesson learned was. Similarly plenty of comments in response to things I've said have been fairly well balanced.

As for the backlash, I just highlighted how 2 responses in particular seemed emotionally charged and border line attacked me for completely innocuous comments. The first was completely condescending and sarcastic while adding no additional value to the conversation on a completely unrelated comment thread where I suggested that maybe, just maybe, the terminal you choose isn't going to meaningfully improve your productivity. Your conversation has accused me of being in league with people threatening violence to the iTerm2 author and again adding nothing to the discussion about what lessons were actually learned and then attacking me and demeaning me in all sorts of ways and accusing me of saying things I simply have not. How would you describe that? A logical defense of someone I'm not attacking?

Bringing up an arbitrary list of demands so that a FOSS dev can "prove" to you he has "learned"? That, is what, in your words, "adds nothing to the discussion."

Again you are claiming I said things I simply didn’t. Where did I come up with a list of arbitrary demands for him to prove he learned something?

All I said is that he simply didn’t say what he learned and provided examples of what it could look like. Again, I was very specifically responding to the claim at the beginning of the thread that a mistake made is a lesson learned isn’t actually true just because a mistake is made. It’s a very basic logical fallacy made by OP. And I point out how while he says he learned something he doesn’t actually clarify what the lesson is and what steps he’s taking to prevent said mistakes in the future. You may disagree but I feel like that adds something to the discussion.

I’m pretty done talking with you since it’s clear that you will continue conversing in bad faith and ascribing to me things I simply didn’t say.

Yes, you are right. Sometimes, reactions cause chain overreactions. We have different intensities of the situation. I checked the iTerm2 author's notes and compared them with my setup and I thought ok. It looks like I'm safe. And I moved on. But when I read your previous comment. I am now unsure because I need to know when and what changes led to this issue in the first place.

The iTerm team is just an army of one. There may be a formal analysis of the security soon.

The root cause as I understand from other comments in this thread is a double whammy of the feature existing itself and that they managed to create a release with a WIP commit that enabled the feature. The resolved the issue by ripping out the feature. However, the latter issue remains unaddressed and to me is equally if not more concerning - there should be good practices in place to ensure that feature flags aren't even being controlled via code edits and instead there's .gitignor'ed config files that are read in a developer build for turning those features on. Additionally, git commit hooks that scan for WIP comments & prevent pushing them and sprinkling WIP comments around temporary changes might also be good defense in depth measures.