SoylentNews is people
SoylentNews
from the apparently-sysvinit-on-debian-works-now dept.
https://lwn.net/Articles/786593/
An April Fools joke that went sour seems to be at least the proximate cause for a rather large upheaval in the Devuan community. For much of April 1 (or March 31 depending on time zone), the Devuan web site looked like it had been taken over by attackers, which was worrisome to many, but it was all a prank. The joke was clever, way over the top, unprofessional, or some combination of those, depending on who is describing it, but the incident and the threads on the devuan-dev mailing list have led to rancor, resignations, calls for resignations, and more.
Quick summary:
- Nicosia (a core dev) posted to the mailing list saying Devuan was compromised.
- Nicosia kept up the joke for some time.
- Nicosia admitted it was a prank later.
- Mike Bird suggested legal action against Nicosia and auditing/rebuilding the affected servers.
- Nicosia stepped down on April 11.
- Roio (a core dev) accused CenturionDan (a core dev) of causing Nicosia to step down.
- Reurich (a core dev) commented on the divide between people who want to use Devuan professionally and people who use Devuan for fun.
- Roio objected to Reurich.
- Reurich considered stepping down.
Some facts (?) gathered from the comments:
- Many core devs were unaware of the joke. They thought the compromise was real, as everyone but Nicosia was blocked from logging in to the affected server. They worked to shut down their infrastructure and isolate it from the supposedly compromised machine.
- The Devuan continuous integration server is apparently still down.
Related: Devuan Site Possibly Hacked
(Score: 3, Insightful) by Anonymous Coward on Saturday May 04 2019, @02:27AM (3 children)
It stopped being a dumb joke once the dev went and kept up the charade saying that they were actually hacked.
From there, the rest of the team (who were not in on the joke) reacted responsibly -- they treated it like an actual attack because for all they knew, it was. It was April Fools after all, it's a fairly expectable date for some actual crackers having a laugh to go defacing a website.
It was so poorly executed of a joke that it completely wiped whatever credibility they've managed to accrue.
Keeping the rest of the team in the dark was the biggest issue, whether from a project point of view or even just as a "well, how are we going to go about doing our April Fools joke" discussion, which would have probably kept the worst aspects of this (like actually declaring that you were actually compromised) at bay.
(Score: 1) by redneckmother on Saturday May 04 2019, @05:34AM
That's so sad. I was quite "taken" by devuan, after being fsck'd so hard over the years with Fedora's adoption of systemd.
I hope all this sh*t will settle down soon.
I'm enjoying all the convos about non-systemd distros. I was a long time admin (for corporations) of various 'nix flavors, and could never wrap my head around the abandonment of KISS, and the windblows bastardization of distros via systemd.
Okay, contrarians, FLAME ON if you wish. I don't care, I just want my systems to be manageable. Give me a text logfile when sh*t fails. I don't need no f*ckin impediments, as I'm losing my cognitive abilities as I age, anyway.
Mas cerveza por favor.
(Score: 3, Insightful) by rleigh on Saturday May 04 2019, @10:35AM (1 child)
Yes, it was unforgivably stupid. While it's had its detractors, Devuan had been quietly working away building a solid distribution up over many months, and quite a lot of people, including myself, had placed a good deal of trust in their hard work. From all the infrastructure work, to the systemd-free packaging, and their principles and philosophy. Unfortunately, it only takes one immature "prank" to destroy that hard-won trust.
I unsubscribed from the lists a couple of days after the fallout began. I'm really sorry for all the other Devuan people who put in so much time and effort in making it a respectable distribution with its own dedicated following. I might revisit it in time. April fools jokes are lame and immature at the best of times. But this one went too far, and showed a complete lack of sensible judgement on the part of the developer/admin involved. Not only in thinking it was a good idea in the first place, but then not telling the truth afterwards. The trust we place in a distribution is based upon the trust we have in the developers and admins working on it that they will behave sensibly and responsibly with the interests of the distribution and end users first and foremost, and that trust was squandered for a stupid "joke".
(Score: 3, Interesting) by rleigh on Saturday May 04 2019, @12:09PM
I'll just follow up on this with a further point. Over the last three decades, the free/open software movement has gained a lot of traction. It's gone from being trivially dismissed as substandard amateur rubbish, to having real significance and held in high regard globally. In large part, that's due to companies and individuals being able to recognise that software written by individuals or by collective open projects can deliver software which is on a par, or better than, the best which commercial corporate teams could produce. But that is all dependent upon being able to have trust in the projects and developers concerned.
I've been working on free software projects for over two decades at this point. The teams I've worked with have for the most part made a huge effort to act and present themselves as competent, skilled professionals who could do great work and be trusted to behave responsibly. This led to both success in the free software world, as well as adoption by large corporations. One example would be CUPS and Gutenprint. These went from small company open source product and free software printer driver project, respectively, to being the default printing system and drivers on Linux, and laterbought and adopted, respectively, by Apple for use with MacOS X.
Not all free/open projects have this attitude and philosophy, but all the successful ones do for the most part. Technical excellence isn't enough on its own; you also need to act in a responsible and trustworthy manner for the long term as well. You don't see the Python, Perl or PostgreSQL developers doing antics like this. And as a result, these projects are well regarded and well adopted. But if you ever saw any one of these projects do something similarly stupid, you would see rapid abandonment for alternatives. Trust matters, when you want others to be able to depend upon you.
I've recently switched jobs from writing open source C++ libraries to working on a proprietary embedded C application. It's very interesting to see how free/open source stuff is seen from the other side of the fence. While some open source stuff is used, where appropriate and possible, there's also a large degree in trust in commercial proprietary products and relationships which you don't see on the hard-core "free software" side, as well as a skepticism as to the quality of random open source projects (which is not entirely incorrect, there's a lot of rubbish out there).