Sure, but disclosing a security issue publicly rather than reporting it to the people who would fix it and giving them time to do so, is a major mistake at best. Especially since to my understanding, this is common cybersecurity practice.
The issue is less that they’re making money and more that they’re intentionally keeping functionality proprietary to reduce competition with the entirely free, open-source version of Nix. There are also still ways for companies to make money off of open-source projects, such as providing commercial support like Canonical does with Ubuntu.
According to the post @cafkafk linked regarding this, the leader of the documentation team deleted the starter templates and not long after, Detsys launched their own documentation site. It is at the very least suspicious. Also could you point out specific examples of people acting “in ways that caused fragmentation” in that thread?
Does that exempt them from disclosing conflicts of interest? I would say DetSys’s ties with Anduril were especially relevant during the sponsorship fiasco, for example.
Correct me if I am wrong, but I think @cafkak was referring to things like sealioning in discussions of diversity measures rather than a “culture war.” Considering how DetSys placed themselves squarely in the center of the Nix community, I think it is a reasonable concern that they remained silent rather than making a statement.
In my humble opinion, denying that there is a problem and blaming the person bringing it up for having a problem with it is not a particularly compelling or productive argument.