Comments (14)
@AlexVulaj, the problem is that since 666c197 is so large and undocumented, it is impossible to review.
If you want us to trust gorilla/websocket again, you need to revert 666c197, and then resubmit the useful changes in manageable units with proper commit messages. Leaving the commit in and then playing whack-a-mole with the issues it introduced is not going to produce sofftware we can depend on.
from websocket.
@AlexVulaj This is not a mere desire. There is simply no way to review that commit, and hence there is no way to convince ourselves that no erroneous or even malicious code has been snuck into Gorilla websocket.
It is simply not possible for us to trust this branch of Gorilla Websocket as long as this commit is not reverted and the features submitted again in byte-sized chunks with proper commit messages.
from websocket.
The problematic commit has been in the repository for almost eight months now, and has still not been reverted. At this point, I find it very difficult to trust the new maintainer of gorilla/websocket, and am considering forking the repository from the last trustworthy version.
from websocket.
At this point, I find it very difficult to trust the new maintaine
Trust went out the window shortly after the project was unarchived.
our concern is that we'd lose a number of community contributions that have been made since that change
You do not lose changes by removing broken code, that's a terrible thing to even suggest. You are, however, losing users because you refuse to address this problem in a timely manner.
Good luck to all!
from websocket.
I understand that it's difficult to rollback the entire commit, but is is practical to submit a PR to undo actual functionality changes
I believe that the proper way to proceed would be to revert said commit, and then resubmit the useful parts with proper commit messages. If that is not done, then somebody will need to fork the package.
from websocket.
Hey all - one of our maintainers submitted this PR to hopefully undo the logging that was added causing all of the extra noise. Hoping to get that pushed through soon.
from websocket.
Hey @jech thanks for bringing this up. Reverting the entire commit isn't likely to happen as a lot of those changes were to bring our codebase in line with new linters and such. However, could you take a look and see if this PR addresses your issue? #878
from websocket.
I am also not updating to Gorilla WebSocket v1.5.1 in https://github.com/centrifugal/centrifuge and https://github.com/centrifugal/centrifugo to not introduce unwanted noise to user's logs. Is there a plan to revert the changes made? I agree with above comments and will prefer forking the package than migrating to it in the current state.
from websocket.
+1 on this, we have the same concerns in Knative: knative/serving#14597.
from websocket.
Didn't mean to close this issue - must've been an automated process with the merge of the above PR. I'm leaving this open for discussion until the logging issues are confirmed to be good.
from websocket.
@jech While I totally understand the desire to revert that commit and move forward, our concern is that we'd lose a number of community contributions that have been made since that change. We're trying our best to fix the problems brought up in this thread without erasing any of those valuable contributions, which can be a difficult process.
I appreciate everyone's patience here as we work through this.
from websocket.
Hello folks, we understand your perspective & concerns with the breaking commit in history, and based on the consensus reached, we have raised this draft PR that reverts the changes introduced with commit 666c197. We’ll be bumping the go version & shall add the required GHA & relevant configurations as a separate commit (in the same PR).
Please feel free to review the PR & share your feedback.
from websocket.
Hey @jech - as you can see above @apoorvajagtap opened a PR to revert the commit about a month ago. We wanted to leave it open for a small period of time in case community members had comments or discussion around the revert. We're going to go ahead and push it through.
from websocket.
This is open source, feel free open up a set of PRs that bring your trust back folks. The contributors here took an archived project and added support, which is very generous of them. It’s part of the open source community to support these worries - even when mistakes were made previously.
from websocket.
Related Issues (20)
- Memory overflow; using ReadMessage() method
- [BUG] Clients get disconnected due to SetWriteDeadline and large workload HOT 4
- [question] error: RSV1 set, bad opcode 7, bad MASK HOT 10
- concurrent write to websocket connection HOT 2
- Documentation oversight after updating io/ioutl functions to io functions HOT 2
- WebSocket connection failure with Host header containing a space HOT 1
- Why does specifying the proxy address not work?
- [ISSUE] Handling SIGINT and SIGTERM for Graceful Shutdown in Go Websocket App HOT 2
- [BUG] If `deadline` argument to `WriteControl` is `deadline.IsZero()` then 1000 hours (~41 days) are used as unexpected and undocumented fallback HOT 2
- [BUG] 不能删除超时的连接 HOT 1
- [QUESTION] Regarding pongWait Time in the Examples HOT 2
- [BUG] <SRV send msg to client and close the conn right no, client can't receive the msg> HOT 1
- Address CVE-2023-45288 HOT 1
- [FEATURE] Support Unix Domain Sockets HOT 4
- [BUG] FormatMessageType returns empty string for unknown type HOT 3
- [BUG] ssh: tcpChan: deadline not supported HOT 1
- [BUG] panic: concurrent write to websocket connection HOT 3
- [FEATURE] expose newConn function for custom Upgrader HOT 2
- [BUG] WebSocket server does not send 426 Upgrade Required
- [BUG] <title>panic: concurrent write to websocket connection HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from websocket.