Timo, Conduit’s creator, had been generally unavailable for a long time due to other obligations (which is reasonable). Unfortunately, this meant the project had stagnated. After much community pressure, one new maintainer was appointed, but Timo required all Rust code changes to be reviewed by him before being merged, which essentially defeated the point.
The newly appointed maintainer was Charles, who put in a lot of effort to clean up CI before burning out due to the issues enumerated in this section. After this, he essentially just became a defense mechanism against questions like “why is project development still so slow” and “will you appoint more maintainers”. Eventually, another maintainer was appointed and Charles stepped down.
Timo seems fixated on maintaining backwards compatibility of configuration and secrets handling forever, but there are issues with these that require breaking changes to fix.
Timo claims to care about testing and reliability. Conduit once had sytest running in CI, but no longer does. Charles thinks Complement never worked. Timo says this is because he doesn’t maintain CI. This claim and these (in)actions are in conflict.
After months of making unmateralized claims that a Conduit release will be made soon, a release was finally made, but only because of the threat of being overshadowed by a fork (Conduwuit). As a result, the release was very rushed and incomplete. Several users reported issues in Conduit’s Matrix room regarding the release shortly after its announcement.
There are many other instances of unmaterilized claims that something will happen soon, which gives the project the appearance of being active when it is actually not.
To be clear, it’s perfectly okay to not have the time to work on these things, the problem is about communicating this. More recently, Timo has since admitted to and apologized for not having enough time to dedicate to Conduit, hence the “prior” in this section’s header.
Conduwuit was not forked off of a release version of Conduit. Conduwuit’s first commit is 40908b24e74bda4c80a5a6183602afcc0c04449b, which is on top of Conduit’s 3bfdae795d4d9ec9aeaac7465e7535ac88e47756, which is not tagged as a release. The implication is that the Conduit’s maintainers did not feel that the code was production-ready at this point in time, which makes it a questionable foundation for a fork. In practice, however, it seems most HS operators using Conduit run the latest code anyway, so this doesn’t have that much weight.
The early post-fork commits are messy because the project was not originally intended to become a serious fork, just a personal one. It’s hard to get a good overview of what exactly changed since the fork and why.
Examples:
64084fb2d0ffa38f08777922c19c603366dd7bd5
200 is prescribed by the Matrix specification, other values should be rejected.af1f7404f155d75bc56248ad7845796ea035f0cc
87d1040386a0f396e719a6b773aa1f5c5472738c
d092820699ea39459a6e375f28cc454f4bc796c3
@Aranjedeath misunderstood what this MR does and was just experiencing the placebo effect.0c4604b4825f83c700854d771d4d8d94723bba34
JsOption is re-exported by ruma, no need to explicitly depend on it.8fffb6ea04c2a6b94009d8a62ba4423866e37109
In Conduwuit’s beginning, Strawberry would add a large number of commits to a dev branch and then merge them into main when they were satisfied with the code in order to make a release. Pushes to the dev branch were not gated on CI passing, and pull requests were intended to target the dev branch. This meant that any time an external contributor wanted to open a PR, there was a high chance CI would fail for their branch because CI was already failling on the base (dev) branch.
For some contributors, instead of going through PRs, Strawberry would cherry-pick their changes directly from their fork into the dev branch. Occasionally these changes were not even ready according to the commit’s author.
PR 322 exemplifies both of these problems. Charles wanted to work on a feature but first had to fix brokenness introduced on the dev branch, some of which was caused by a commit being cherry-picked into dev that was not ready according to its author.
Charles discussed this issue in DMs with Strawberry and proposed the alternative standard PR-based workflow used by most other projects on GitHub, which Strawberry was receptive to. For a period of time, this workflow was used.
However, it seems like Strawberry has reverted to adding an unreviewably large number of commits to a single branch and then self-merging without any reviews, as seen in PR 419. This brings us to the next section.
Large changes have been accepted with no scrutiny that result in many problems that other people have to spend hours of their life trying to solve, when the original changes should have simply not been accepted in the first place. The most egregious example of this was the merging of the hot-reloading PR, after which Olivia put in a lot of effort to fix build-related things here and here that were made much harder by the hot-reloading changes.
Strawberry, Conduwuit’s creator, irresponsibly disclosed a security vulnerability to the public before Conduit had a chance to ship a release with a fix. Strawberry only knew about this vulnerability because a Conduit maintainer was kind enough to inform them despite having no incentive to do so.
Here you can see Strawberry making fun of Conduit for not having made a release with a fix for the security vulnerability yet:
{
"content": {
"body": "also conduit is still vulnerable ",
"msgtype": "m.text"
},
"origin_server_ts": 1715011819091,
"room_id": "!n8DKU1BeeJilOJXDPr:seirdy.one",
"sender": "@strawberry:puppygock.gay",
"type": "m.room.message",
"unsigned": {},
"event_id": "$Wexiein_XOVYAi2KT4_R98mCjqHBh2GxMLrUroRE6WM",
"user_id": "@strawberry:puppygock.gay"
}
And here (and around this message) you can see them explaining what the vulnerability is:
{
"content": {
"body": "rendering untrusted HTML is not intended, end of story",
"msgtype": "m.text"
},
"origin_server_ts": 1715013727510,
"room_id": "!n8DKU1BeeJilOJXDPr:seirdy.one",
"sender": "@strawberry:puppygock.gay",
"type": "m.room.message",
"unsigned": {},
"event_id": "$aTpHtyh9ZZCk_kNg8_g1G8bqXplNAxqz0Mk9Rep0I9c",
"user_id": "@strawberry:puppygock.gay"
}
In a direct message conversation between Charles and Strawberry, Strawberry made it clear that they expect Conduit to find a way to report security vulnerabilities if they find any, despite Strawberry having banned the Conduit maintainers from the Conduwuit room and leaving their DM with Timo.
Later on, https://github.com/girlbossceo/conduwuit/pull/406 was created to fix security vulnerabilities that are shared with Conduit before so much as informing Conduit of the existence of these problems. Conduit has since fixed these issues in https://gitlab.com/famedly/conduit/-/commit/48c1f3bdba95d6f0522923ec0cea65393ee8bfd1 and https://gitlab.com/famedly/conduit/-/commit/c453d45598f1043b432149b714e2565f12f32360, notably well after Conduwuit publicized the issues by making their patches public.
Dissenting discussion about the project’s direction and management is often met with censorship. Dissent is often assumed to be rooted in bad faith, despite a lack of evidence to suggest it.
Olivia, Charles, and Lambda/Xiretza were all banned from Conduwuit’s Matrix room and GitHub repository at roughly 2024-06-01T12:00:00-07:00 for “malicious libel/defamation against conduwuit”. K900 was also banned due to “association with hostile users”. Presumably, this happened because Strawberry read this document. Charles feels this proves the point.
[
{
"content": {
"membership": "ban",
"reason": "malicious libel/defamation against conduwuit"
},
"origin_server_ts": 1717268250442,
"room_id": "!n8DKU1BeeJilOJXDPr:seirdy.one",
"sender": "@strawberry:puppygock.gay",
"state_key": "@charles:computer.surgery",
"type": "m.room.member",
"unsigned": {
"replaces_state": "$aoF1lEvG1WXW6dpA6-rbdRlw1LH-WvBI9_iP1Ax27NA",
"prev_content": {
"avatar_url": "mxc://computer.surgery/JZw3HhMjUXieIyyGl9tE5dcHys5ywUVU",
"displayname": "Charles 👉️👈️",
"membership": "join"
},
"prev_sender": "@charles:computer.surgery"
},
"event_id": "$53oXJ26QVJzoMiln-r3oIt_2Y6s7IbK11R2FQkvjbAo",
"user_id": "@strawberry:puppygock.gay",
"replaces_state": "$aoF1lEvG1WXW6dpA6-rbdRlw1LH-WvBI9_iP1Ax27NA",
"prev_content": {
"avatar_url": "mxc://computer.surgery/JZw3HhMjUXieIyyGl9tE5dcHys5ywUVU",
"displayname": "Charles 👉️👈️",
"membership": "join"
}
},
{
"content": {
"membership": "ban",
"reason": "malicious libel/defamation against conduwuit"
},
"origin_server_ts": 1717268257729,
"room_id": "!n8DKU1BeeJilOJXDPr:seirdy.one",
"sender": "@strawberry:puppygock.gay",
"state_key": "@xiretza:xiretza.xyz",
"type": "m.room.member",
"unsigned": {
"replaces_state": "$LqPZHuFfknBrf2VEaYJ5WxEygFIWoqULRzzo6zGJCh8",
"prev_content": {
"avatar_url": "mxc://xiretza.xyz/EnKIfRKPubPbJUvjzWRfOjMj",
"displayname": "xiretza",
"membership": "join"
},
"prev_sender": "@xiretza:xiretza.xyz"
},
"event_id": "$dC2NT9U9PpFDsQEXy90g_4CoXqEwOpIgSnEQWZiFjx8",
"user_id": "@strawberry:puppygock.gay",
"replaces_state": "$LqPZHuFfknBrf2VEaYJ5WxEygFIWoqULRzzo6zGJCh8",
"prev_content": {
"avatar_url": "mxc://xiretza.xyz/EnKIfRKPubPbJUvjzWRfOjMj",
"displayname": "xiretza",
"membership": "join"
}
},
{
"content": {
"membership": "ban",
"reason": "malicious libel/defamation against conduwuit"
},
"origin_server_ts": 1717268305363,
"room_id": "!n8DKU1BeeJilOJXDPr:seirdy.one",
"sender": "@strawberry:puppygock.gay",
"state_key": "@benjamin:computer.surgery",
"type": "m.room.member",
"unsigned": {
"replaces_state": "$waCFFL2OgQt5wt0nvCOEgboCl_vOqq_fMmZerfeP1ck",
"prev_content": {
"avatar_url": "mxc://computer.surgery/SK68XyD4pa5vA58lQ0yQYRt90KLa6pHz",
"displayname": "benjamin",
"membership": "leave"
},
"prev_sender": "@benjamin:computer.surgery"
},
"event_id": "$vukhhI_1koqxWB7w-S8JTuMgbbc5tuAFagRnmIrsylM",
"user_id": "@strawberry:puppygock.gay",
"replaces_state": "$waCFFL2OgQt5wt0nvCOEgboCl_vOqq_fMmZerfeP1ck",
"prev_content": {
"avatar_url": "mxc://computer.surgery/SK68XyD4pa5vA58lQ0yQYRt90KLa6pHz",
"displayname": "benjamin",
"membership": "leave"
}
},
{
"content": {
"membership": "ban",
"reason": "malicious libel/defamation against conduwuit"
},
"origin_server_ts": 1717268327222,
"room_id": "!n8DKU1BeeJilOJXDPr:seirdy.one",
"sender": "@strawberry:puppygock.gay",
"state_key": "@lambda:blep.space",
"type": "m.room.member",
"unsigned": {
"replaces_state": "$nLWmzRfC-1MkabyfX342dxnZcU3jyus2tCAk6qOYekE",
"prev_content": {
"avatar_url": "mxc://blep.space/GPT5ou9mlSXU98l8fyep6YDZghxVY2mf",
"displayname": "Lambda 🏳️⚧️",
"membership": "leave"
},
"prev_sender": "@lambda:blep.space"
},
"event_id": "$pN-iDdKHJbB6nAuludvAyRR3OHtWUlpWo1A2q8rLl7w",
"user_id": "@strawberry:puppygock.gay",
"replaces_state": "$nLWmzRfC-1MkabyfX342dxnZcU3jyus2tCAk6qOYekE",
"prev_content": {
"avatar_url": "mxc://blep.space/GPT5ou9mlSXU98l8fyep6YDZghxVY2mf",
"displayname": "Lambda 🏳️⚧️",
"membership": "leave"
}
},
{
"content": {
"membership": "ban",
"reason": "association with hostile users"
},
"origin_server_ts": 1717273653854,
"room_id": "!n8DKU1BeeJilOJXDPr:seirdy.one",
"sender": "@strawberry:puppygock.gay",
"state_key": "@k900:0upti.me",
"type": "m.room.member",
"unsigned": {
"replaces_state": "$JYlc_2NPiblq3IAqqBc57BJ0VOq_28shtVTNIX1UdaM",
"prev_content": {
"avatar_url": "mxc://0upti.me/nGiebPxAshoa4R1tEINhpcQe2itAj5ce",
"displayname": "K900",
"membership": "join"
},
"prev_sender": "@k900:0upti.me"
},
"event_id": "$l_nLbzZliwHt8zm_5-sVjkgHYkrkWOJPf-zx2YozR2o",
"user_id": "@strawberry:puppygock.gay",
"replaces_state": "$JYlc_2NPiblq3IAqqBc57BJ0VOq_28shtVTNIX1UdaM",
"prev_content": {
"avatar_url": "mxc://0upti.me/nGiebPxAshoa4R1tEINhpcQe2itAj5ce",
"displayname": "K900",
"membership": "join"
}
}
]
Jason has been involved in Matrix for many years, during which he developed his notoriety for being very difficult to work with due to his historically toxic behavior. He has been a high-volume contributor to Conduwuit’s codebase and its Matrix room’s chat logs. For unknown reasons, Strawberry tolerated his behavior for a very long time, despite having an otherwise very low tolerance for toxicity, which is one of the reasons Conduwuit was created in the first place. Eventually, Jason dug a very deep hole during a conversation that has since been deleted by Strawberry (but Charles has a chat export). After this, Strawberry banned him from the Matrix room, giving the following statement:
{
"content": {
"body": "> * <@travis:t2l.io> looks to the moderators for what the culture/expectations are here\n\nto speak to this:\nthe conversation absolutely did not need any assumed malice or toxicity, and that's most certainly not the standards or goals of this room and i do not wish this community to behave like that.\n\n\nto speak to the room:\n\nit's extremely unfortunate that his has happened numerous times and it's completely my fault for continuing to let this happen and not deal with it early on. so i sincerely apologise and hope the community does not see any negativity in me from this point forward.\nsimilar users have been banned from the conduwuit community for this exact behaviour historically, and i should have identified this to be the same pattern from the start, same way i did with those users.\n\neither way, to set the precedence for how this room should behave, and to deal with the issue;\n\nJason will be banned from the community as this has happened multiple times before. Jason is a highly valuable contributor, but their actions are not how this room/community should behave and has happened repeatedly.\n\n\nagain i truly apologise and it's completely my fault for letting this happen far too long, and not doing anything about it. i hope all of you will accept my apology and the actions taken, we can move forwards with conduwuit as a whole, and i take this as a lesson learned on my part here. i will be taking a short break from development on my part as all of this has taken a huge toll on my mental health on top of what i'm already dealing with. again, i'm sorry, i won't let this happen again, and i hope i can earn all of your trust back.",
"format": "org.matrix.custom.html",
"formatted_body": "<mx-reply><blockquote><a href=\"https://matrix.to/#/!n8DKU1BeeJilOJXDPr:seirdy.one/$dkc96kaPlSvzlnjh35QMyuS7esbjorogXIAnIaKfo_c?via=awawawawawawawawawawawawawawawawawawawawawawawawawawawawawawaw.gay&via=transfem.dev&via=matrix.org\">In reply to</a> * <a href=\"https://matrix.to/#/@travis:t2l.io\">@travis:t2l.io</a><br>looks to the moderators for what the culture/expectations are here</blockquote></mx-reply><p>to speak to this:<br>the conversation absolutely did not need any assumed malice or toxicity, and that's most certainly not the standards or goals of this room and i do not wish this community to behave like that.</p>\n<p>to speak to the room:</p>\n<p>it's extremely unfortunate that his has happened numerous times and it's completely my fault for continuing to let this happen and not deal with it early on. so i sincerely apologise and hope the community does not see any negativity in me from this point forward.<br>similar users have been banned from the conduwuit community for this exact behaviour historically, and i should have identified this to be the same pattern from the start, same way i did with those users.</p>\n<p>either way, to set the precedence for how this room should behave, and to deal with the issue;</p>\n<p>Jason will be banned from the community as this has happened multiple times before. Jason is a highly valuable contributor, but their actions are not how this room/community should behave and has happened repeatedly.</p>\n<p>again i truly apologise and it's completely my fault for letting this happen far too long, and not doing anything about it. i hope all of you will accept my apology and the actions taken, we can move forwards with conduwuit as a whole, and i take this as a lesson learned on my part here. i will be taking a short break from development on my part as all of this has taken a huge toll on my mental health on top of what i'm already dealing with. again, i'm sorry, i won't let this happen again, and i hope i can earn all of your trust back.</p>\n",
"m.relates_to": {
"m.in_reply_to": {
"event_id": "$dkc96kaPlSvzlnjh35QMyuS7esbjorogXIAnIaKfo_c"
}
},
"msgtype": "m.text"
},
"origin_server_ts": 1717040913033,
"room_id": "!n8DKU1BeeJilOJXDPr:seirdy.one",
"sender": "@strawberry:puppygock.gay",
"type": "m.room.message",
"unsigned": {},
"event_id": "$eB_HRba2DzN6q1XGfLfR74n_UreAgbhIfm6j9vXDXPg",
"user_id": "@strawberry:puppygock.gay"
}
After banning us, Strawberry seems to have compromised on their statement above (in particular, “Jason will be banned from the community”, emphasis Charles’), because new commits authored by Jason are being added to the repository, the first of which is faa2b95c84794f993fde68588c2ff6d59d66fdcf.
Some time later, Strawberry unbanned Jason from the project’s Matrix room too, entirely doubling back on their statement.
The following commits were cherry-picked from Grapevine but had their commit metadata wiped so it appears as if Strawberry is the sole author:
Conduwuit has issued at least one ban to someone purely because they were using Grapevine to participate in their room.
Issues we would open on their GitHub repository but can’t because we’re banned.
The specification says authenticated media should be checked first and unauthenticated media should be used as a fallback if that fails (source). Conduwuit is doing it backwards.
The author of this document is also the person who started the Grapevine project.
Grapevine does not see as high development velocity as other homeserver implementations. This is partially a deliberate choice in an attempt to ensure reliability and avoid burnout, and partially due to the demoralizing state of Matrix as a whole.
Synapse can be hard to operate because it requires the configuration of workers to stay performant, and to Charles’ knowledge it struggles to run on hardware that Conduit and its derivatives can do just fine on. Its performance is also deliberately not as good as it could be to sell more Synapse Pro.
The project has a Contributor License Agreement. We all know how this goes. See also Synapse Pro.
This does not necessitate explanation.