Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Saturday May 04 2019, @12:01AM   Printer-friendly
from the apparently-sysvinit-on-debian-works-now dept.

https://lwn.net/Articles/786593/

An April Fools joke that went sour seems to be at least the proximate cause for a rather large upheaval in the Devuan community. For much of April 1 (or March 31 depending on time zone), the Devuan web site looked like it had been taken over by attackers, which was worrisome to many, but it was all a prank. The joke was clever, way over the top, unprofessional, or some combination of those, depending on who is describing it, but the incident and the threads on the devuan-dev mailing list have led to rancor, resignations, calls for resignations, and more.

Quick summary:

- Nicosia (a core dev) posted to the mailing list saying Devuan was compromised.
- Nicosia kept up the joke for some time.
- Nicosia admitted it was a prank later.
- Mike Bird suggested legal action against Nicosia and auditing/rebuilding the affected servers.
- Nicosia stepped down on April 11.
- Roio (a core dev) accused CenturionDan (a core dev) of causing Nicosia to step down.
- Reurich (a core dev) commented on the divide between people who want to use Devuan professionally and people who use Devuan for fun.
- Roio objected to Reurich.
- Reurich considered stepping down.

Some facts (?) gathered from the comments:

- Many core devs were unaware of the joke. They thought the compromise was real, as everyone but Nicosia was blocked from logging in to the affected server. They worked to shut down their infrastructure and isolate it from the supposedly compromised machine.
- The Devuan continuous integration server is apparently still down.

Related: Devuan Site Possibly Hacked


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by rleigh on Saturday May 04 2019, @10:35AM (1 child)

    by rleigh (4887) on Saturday May 04 2019, @10:35AM (#838783) Homepage

    Yes, it was unforgivably stupid. While it's had its detractors, Devuan had been quietly working away building a solid distribution up over many months, and quite a lot of people, including myself, had placed a good deal of trust in their hard work. From all the infrastructure work, to the systemd-free packaging, and their principles and philosophy. Unfortunately, it only takes one immature "prank" to destroy that hard-won trust.

    I unsubscribed from the lists a couple of days after the fallout began. I'm really sorry for all the other Devuan people who put in so much time and effort in making it a respectable distribution with its own dedicated following. I might revisit it in time. April fools jokes are lame and immature at the best of times. But this one went too far, and showed a complete lack of sensible judgement on the part of the developer/admin involved. Not only in thinking it was a good idea in the first place, but then not telling the truth afterwards. The trust we place in a distribution is based upon the trust we have in the developers and admins working on it that they will behave sensibly and responsibly with the interests of the distribution and end users first and foremost, and that trust was squandered for a stupid "joke".

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 3, Interesting) by rleigh on Saturday May 04 2019, @12:09PM

    by rleigh (4887) on Saturday May 04 2019, @12:09PM (#838790) Homepage

    I'll just follow up on this with a further point. Over the last three decades, the free/open software movement has gained a lot of traction. It's gone from being trivially dismissed as substandard amateur rubbish, to having real significance and held in high regard globally. In large part, that's due to companies and individuals being able to recognise that software written by individuals or by collective open projects can deliver software which is on a par, or better than, the best which commercial corporate teams could produce. But that is all dependent upon being able to have trust in the projects and developers concerned.

    I've been working on free software projects for over two decades at this point. The teams I've worked with have for the most part made a huge effort to act and present themselves as competent, skilled professionals who could do great work and be trusted to behave responsibly. This led to both success in the free software world, as well as adoption by large corporations. One example would be CUPS and Gutenprint. These went from small company open source product and free software printer driver project, respectively, to being the default printing system and drivers on Linux, and laterbought and adopted, respectively, by Apple for use with MacOS X.

    Not all free/open projects have this attitude and philosophy, but all the successful ones do for the most part. Technical excellence isn't enough on its own; you also need to act in a responsible and trustworthy manner for the long term as well. You don't see the Python, Perl or PostgreSQL developers doing antics like this. And as a result, these projects are well regarded and well adopted. But if you ever saw any one of these projects do something similarly stupid, you would see rapid abandonment for alternatives. Trust matters, when you want others to be able to depend upon you.

    I've recently switched jobs from writing open source C++ libraries to working on a proprietary embedded C application. It's very interesting to see how free/open source stuff is seen from the other side of the fence. While some open source stuff is used, where appropriate and possible, there's also a large degree in trust in commercial proprietary products and relationships which you don't see on the hard-core "free software" side, as well as a skepticism as to the quality of random open source projects (which is not entirely incorrect, there's a lot of rubbish out there).