Update: here's a fresh Steam Deck guide with Prism Launcher.
Unfortunately, it seems a developer on the Minecraft launcher PolyMC went completely rogue and so for your own safety, you should remove PolyMC from all systems. Last night I was made aware of the situation and posted about it on Twitter but for those who don't follow along, here's what happened.
14 hours ago, according to GitHub, the creator removed the Code of Conduct with a commit message titled "reclaim polymc from the leftoids". After that, they then kicked out the other developers from the project in some kind of completely hostile takeover.
People thought they got hacked but unfortunately this person seemingly just decided to attack others. In a message in the PolyMC Discord, they said this:
Regardless on your views, this kind of behaviour is not something anyone of any sane mind should support. What they've done is only show how they are completely untrustworthy, and they've basically killed the project. You should 100% consider PolyMC to be compromised and move onto another launcher. There's nothing to indicate malware or anything like that but any trust is simply gone, who knows what they would do next?
Sadly, this means the various videos and guides I did on PolyMC are no longer valid, and so I will be looking to cover other launchers in future. You should also revoke any permissions you gave to PolyMC via your Microsoft account.
What are your options for right now? You can try:
Although, MultiMC comes with its own controversy for Linux packaging and licensing stuff but at least the developer isn't malicious.
Is there some good news? Seemingly so. The team who were kicked out have banded together to carry it on under PrismLauncher but it's very early days on that yet.
Article was updated after publishing to clarify malware was not an issue at the time. The issue is the developer and what they did.
Article taken from GamingOnLinux.com.
It seems like the first development builds of Prism Launcher are already available at their GitHub actions: https://github.com/PlaceholderMC/PrismLauncher/actions
Quoting: KohriasSeems like Microsoft is blocking polymc now. Existing MS accounts in polymc went into status "expired" and trying to register a new MS account does not work.
That's good to hear, hope that can't be reversed by itself, how do I check it? Just in case
Quoting: jordicomaCan someone simply fork the project and name it another thing? I suppose that has some legal problems.
Did you read the article and comments? That's what PrismLauncher is about.
No legal issues thanks to OSS: you are allowed to do that kind of thing for any OSI-compatible license.
Quoting: KohriasSeems like Microsoft is blocking polymc now. Existing MS accounts in polymc went into status "expired" and trying to register a new MS account does not work.
I guess that is the reason for the latest commit that updates the MSA Client ID
But yeah, i wanted to remove polymc from the authorized apps and it wasn't there anymore, so i'm impressed microsoft reacted so quickly!
Last edited by Termy on 18 October 2022 at 10:37 am UTC
Quoting: GuestDo I understand that correctly, we should stop using soft cuz dev removed Code of Conduct, or there is another reason than political drama?
You could probably classify 'removing all other contributors from the repo' as a political drama - for me, it disqualifies that person from being trustworthy enough to handle a foss-project.
superboybot Oct 18, 2022
I understand that people's confidence in the project may be shaken. No one likes a creator meltdown on a project they use. One of the cool things about open source is the ability to swap to a competitor for any reason, or for no particular reason at all. I personally wish PrismLauncher the best of luck.
That said, I think the only reason the community is rallying around this is because of the politics of it. The urgency of the message ("remove it immediately") on Twitter particularly is IMO unwarranted. I don't see any malicious commits, and even if there were any, the more level-headed response would be to reach out to distro/repo maintainers and ask them not to update the package until further notice. If there were people who feel inherently uncomfortable with using software made by a right-winger, that would justify the urgency. I'm just one voice, but that attitude, if present, is not healthy for the community long term.
Finally, I would like to point to the irony of this project being considered compromised due to these circumstances when it's a launcher for a game made by Notch. We either separate the creator from the creation, or there isn't any use for a Minecraft launcher, open-source or otherwise.
EDIT: On the contributors, he said he removed people's permissions. He's allowed to do that as creator, but as I said previously, that can shake people's confidence. This comment is not to pressure or even suggest people not go to alternatives. I have no reason to do that. My concerns regarding FOSS are the maintainers/contributors actually pushing malicious code, not engaging in drama or even weakening the project; to my knowledge, the risk of that happening, in this case, is still pretty low.
Last edited by superboybot on 18 October 2022 at 11:54 am UTC
Quoting: superboybotI think the only reason the community is rallying around this is because of the politics of it.
We've seen developers throw temper tantrums before and their products end up with malware. There was an NPM package which wiped the data of russians who used it and the community then rightfully reacted with the same urgency they did now. Even though the left is generally in favor of Ukraine (or at least against countries being invaded).
When you're using a system that has the potential for auto update it's important that the developers of it prove themselves as hinged. PolyMC's dev demonstrated unhinged behavior.
Patreon
PayPal
See more from me