OpenMandriva: Statement regarding attempted distribution sabotage
- Open Source
- Security
- Infrastructure
- Linux
OpenMandriva says a contributor who had become trusted enough to mirror repositories and help with infrastructure later retaliated after a separate maintainer dispute. According to the project, he deleted part of the GitHub repo and pushed an empty package into the cooker repository that obsoleted GNOME and COSMIC packages. The post reads as an incident statement, not a deep postmortem, so people immediately fixated on the missing operational details. The big unanswered question was not whether the act was malicious. It was how someone who was apparently not core leadership ended up with enough access to damage source and packaging at all.
If your product or infrastructure depends on volunteer-run upstreams, evaluate their release controls and recovery process instead of treating all Linux distributions as equivalent. For your own projects, remove any path where one person can ship or delete broadly without independent review, fast rollback, and offline backups.
-
forum.openmandriva.org
- Discuss on HN