It might have been better to simply reference the discussion without singling out the person involved. At the end of the day it was an organizational decision. It's to GitLab's credit that there's enough transparency to even see this; I don't think it's too cool to turn that into a finger-pointing tool. As a developer, we don't do this with bugs. Perhaps bad business decisions are not any different.
(For the record: I don't know this person, I am not this person, I'm pretty sure I don't know anyone at GitLab at all.)
I understand your viewpoint, and to be honest I was on the fence about posting names, but I decided to for 2 important reasons:
1. First, the info is totally public and easily viewable in any case.
2. I think there is a danger in just saying "It was an organizational decision." When everyone is "responsible", then no one is. And in addition, both of the people mentioned are senior execs at the company. Having to deal with public scrutiny is one reason they get paid more.
I do give GitLab a lot of credit for being transparent, and for (at least for now) backing off this decision. But I hope they are able to do a deeper root cause analysis of what went wrong. While obviously on a whole other order of magnitude, Boeing didn't fuck up because MCAS was a faulty piece of software, they fucked up because they let financial concerns take precedence over engineering ones.
EDIT: one other thing, since I brought up 2 folks who I think made poor decisions, I should have pointed out Lukas Eipert (@leipert), who was the engineer who originally brought up his strong objections. Even more telling, when Eipert was asked to re-review the code change, he explicitly asked to be taken off the review - his sentiment was clear.
The whole point of transparency is to facilitate accountability, so it does not help to shy away from accountability in service of encouraging transparency. Of course, transparency is definitely something to laud, but it's only half of the ideal.
You're putting pressure on the norm that organizations should be sharing this sort of thing. If the norm were strong, the pressure wouldn't keep people from sharing similar things in the future. But since the norm is weaker we need to be careful to nourish it, not pushing it harder than it can stand.
This is a person in a C-level position. It's very much inherent in those positions to take responsibility in situations like this. If the comment had been made by a random fellow team-member without any authority, I would have been more inclined to agree.
The difference here is that bugs generally lack motive and agency. Bugs are often unintentional.
When faced with bad intentions, it is imperative that a community name offenders. It is, as others replied, an important distinction for accountability.
A CFO concerned about valuation and experienced in negotiating contracts should be thinking:
1) Fortune 1000 companies and the government will never accept this. I need to make sure the product team is designing a way to allow these customers to shut this off.
2) This is more risk than we will gain from tracking individual customers. We can't afford to indemnify our customers against these third-party tools. How will we address GDPR, CCPA and future regulations if we don't allow an opt-out?
An organisation cannot make decisions. At the end of the day, it is always a person. In this case, maybe it was the wrong person. What is the trouble in questioning this process?
Yes, I did copy the posting of Paul Machle's name, and as a senior executive (likely worth at least 10s of millions at Gitlab's last valuation), he has a lot of responsibility here, and he should own up to his mistake.
But the point is still not to "blame" it on one or a couple people. If you look at that GitLab comment thread, it's clear that many GitLab employees had strong objections to the change: "I hereby declare my highest degree of objection to this change that I can humanly express." and "I agree with @leipert moral wise, I'm not happy with this change". So the question is why the company made the decision that ignored the right people and followed the wrong people (hint, it's HiPPO).
Firing Paul Machle won't fix GitLab's problem. GitLab needs to figure out how to change its culture so that it listens to the right people, even if they're not the highest paid.
I sincerely believe that our society would be a much more just place if C-level executives were held accountable for profit motivated decisions that harm the privacy and security of their users.
He is choosing to go override his engineers moral and legal objections in the hopes that it will make his stock go up in value by a few percentage points. This kind of greed motivated behavior is at the heart of nearly every evil brought upon society by silicon valley.
Do I expect my post to actually affect Paul Machle in any way? Probably not, but I really hope it does. Society will be better off without these greed-at-any-cost types having positions of power.
Imagine the backlash if we started posting things like "See this engineer here! They caused the bug that resulted in downtime and a loss of $10mm for the company" and attempted to Google-shame them for posterity.
I can't agree with the comparison. An accidental & unexpected software bug is not the same as an intentional, calculated, executive level business decision.
I think the officers should be scrutinized more than a lower level engineer. They are the leaders and set the tone fore the company culture
I agree with hn_throwaway_99, this is very concerning as to what path the company is on. But, I'll give them credit for realizing the error & trying to correct it.
That being said, I love GitLab's product. We use it in my workplace, but we self host the comunity edition, so this wouldn't have effected us.
I dont imagine I will ever be more than a CE level user, even in personal projects, but I can imagine the panic this caused for many companies on the hosted enterprise version.
(For the record: I don't know this person, I am not this person, I'm pretty sure I don't know anyone at GitLab at all.)