OpenMandriva:关于试图破坏分发的声明
OpenMandriva: Statement regarding attempted distribution sabotage

原始链接: https://forum.openmandriva.org/t/statement-regarding-attempted-distribution-sabotage/8997

OpenMandriva 近期在贡献者 Davide Beatrici 及其同伙加入后,经历了一场严重的内部动荡。在相关人员对社区进行辱骂行为后,管理层最终介入并将一名施暴者移出了聊天频道。 作为报复,Beatrici 与另外两人辞职。在断开其个人基础设施的连接后,Beatrici 滥用了他剩余的管理员权限对发行版进行了破坏。他删除了多年积累的仓库数据,并发布了旨在使关键软件失效的恶意软件包,这可能导致用户系统受损。 团队目前正在努力恢复受影响的仓库和系统。发布此声明旨在保持完全透明,并就 Beatrici 的行为向更广泛的开源社区发出警示。尽管团队承认这些行为已构成刑事犯罪,但目前选择不采取法律行动。审计结果确认,除了蓄意删除的数据和被破坏的软件包外,系统依然安全。

```Hacker News 最新 | 过往 | 评论 | 提问 | 展示 | 招聘 | 提交 登录 OpenMandriva:关于企图破坏发布活动的声明 (openmandriva.org) 10 点,由 workethics 发布于 1 小时前 | 隐藏 | 过往 | 收藏 | 1 条评论 帮助 crote 2 分钟前 [–] 从“他甚至备份/镜像了我们的几十个仓库”到“他删除了我们在 GitHub 上的部分仓库。(..) [他]在 cooker 仓库中发布了一个空包,导致所有的 gnome 和 cosmic 软件包失效”,这中间发生了什么? 我觉得中间少了几步。怎么就从“一个新人加入社区”变成了“他有能力毁掉一切”?当然,他可能确实比较出名,但在文章里看起来他并不是核心维护者,甚至算不上非常活跃的社区成员。他们难道是随便把管理权限发给任何人的吗? 回复 指导原则 | 常见问题 | 列表 | API | 安全 | 法律 | 申请 YC | 联系 搜索:```
相关文章

原文

In recent days, our distribution has experienced several disruptions that we need to inform our community about to maintain full transparency.

Davide Beatrici, known for his work on the instant messaging app Mumble, joined our distribution some time ago. The team had no hesitation in trusting him; after all, he was such a well-known figure that we didn’t expect anything bad. Although Davide didn’t make many contributions to the system, he offered to migrate our repository infrastructure from GitHub to his private instance, OneDev. He even performed a backup/mirror of several dozen of our repositories. Some of the team had mixed feelings, as we didn’t want to place our repository in the private hands of one person, we preferred a publicly available infrastructure like GitHub currently has.

Two other people joined the distribution along with Davide. And that’s where the problem began. After a while, one of them began to behave in abusive ways towards certain users and members of the distribution. Some people left the distribution because of this behavior. We didn’t know about every incident immediately, as many of these hateful behaviors occurred in PMs. However, the series didn’t end there, and when another person was attacked in our chat and on GitHub, I decided to take action and kicked the attacker out of the chat.

I didn’t ban him, just kicked him out of one of the chat (specifically, the matrix chat for the OpenMandriva-Cooker channel). We didn’t forbid him from further collaboration and didn’t impose a ban on him. Although, in retrospect, I personally regret not reacting sooner, as these steps should have been taken when some people left the distribution because of him - for which I apologize to everyone affected by this aggressive behavior

This triggered a cascade of events. In protest, two people left the distribution, including Davide, a friend of the attacker.

No longer seeing any point in maintaining a mirror to Davide’s private infrastructure, I decided to sever the connection (at least some of the mirrors that were in the packages of which I am maintainer).

This infuriated Davide so much that, abusing of the administrative privileges he still had, he sabotaged the distribution today in the early morning hours.

He deleted part of our repository from GitHub—things we’d been working on for many years, and I myself had been working on for a decade (specifying that the decade will end in September 2026). Davide also decided to publish an empty package in the cooker repository, which obsoleted all gnome and cosmic packages, which could have damaged the systems of people using gnome or cosmic.

We are currently working to restore the deleted repositories and restore the functionality of the obsolete packages.

We are writing this to be transparent with the community and to warn the open source community about Davide Beatrici (known for his work on the Mumble project, among other things) so they don’t repeat our mistakes.

We understand that Davide’s actions were unacceptable and shameful, and that we could have pursued legal action because Davide’s actions constituted a criminal offense, but we have decided not to do so.

We performed a full system audit and, aside from the removed packages, we found no other violations.

联系我们 contact @ memedata.com