OpenMandriva Says Former Contributor Sabotaged Its Repositories

OpenMandriva Says Former Contributor Sabotaged Its Repositories

OpenMandriva, one of the successors to the legendary Mandrake Linux, has published a public statement warning its community about what it describes as an attempted sabotage of the Linux distribution following an internal dispute among contributors.

The project says the incident began after several team disruptions involving contributor behavior, private messages, and access to OpenMandriva’s infrastructure. According to the statement, Davide Beatrici, who is known for his work on the Mumble project, joined OpenMandriva some time ago and later offered to move or mirror several of the distribution’s repositories to his private OneDev instance.

However, OpenMandriva says some team members were not comfortable with this setup. They preferred to keep the project’s infrastructure on a public platform like GitHub instead of letting one person control important repositories.

The situation reportedly got worse after another contributor was removed from one of OpenMandriva’s Matrix chats for what the project describes as abusive behavior toward users and team members. OpenMandriva says this caused two people to leave the project, including Beatrici.

After that, the project started to cut ties with the private infrastructure mirror. OpenMandriva claims this led to the sabotage attempt.

In its statement, the project says Beatrici used his remaining administrative privileges to delete part of OpenMandriva’s GitHub repository work, including material that had been kept for years. More seriously for users, an empty package was also published in the Cooker repository, which replaced all GNOME and COSMIC packages.

This could have harmed systems running those desktop environments, especially since Cooker is OpenMandriva’s rolling development branch. Users there expect faster updates and accept more risk than on stable releases.

The project says it is now restoring the deleted repositories and fixing the affected packages. Additionally, the distro conducted a full system audit and found no other problems aside from the removed packages.

Although OpenMandriva called the actions unacceptable and said it could have taken legal action, the project has decided not to do so.

So, what is the conclusion of all this? Above all, trust is important, but so is proper access control. As you know, community projects often rely entirely on volunteers, but giving too much control to a few people can be risky when disputes happen.

Currently, the project is working to restore the affected repositories and packages.

For additional details, see OpenMandriva’s statement.

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *