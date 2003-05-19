from the apparently-sysvinit-on-debian-works-now dept.
An April Fools joke that went sour seems to be at least the proximate cause for a rather large upheaval in the Devuan community. For much of April 1 (or March 31 depending on time zone), the Devuan web site looked like it had been taken over by attackers, which was worrisome to many, but it was all a prank. The joke was clever, way over the top, unprofessional, or some combination of those, depending on who is describing it, but the incident and the threads on the devuan-dev mailing list have led to rancor, resignations, calls for resignations, and more.
Quick summary:
- Nicosia (a core dev) posted to the mailing list saying Devuan was compromised.
- Nicosia kept up the joke for some time.
- Nicosia admitted it was a prank later.
- Mike Bird suggested legal action against Nicosia and auditing/rebuilding the affected servers.
- Nicosia stepped down on April 11.
- Roio (a core dev) accused CenturionDan (a core dev) of causing Nicosia to step down.
- Reurich (a core dev) commented on the divide between people who want to use Devuan professionally and people who use Devuan for fun.
- Roio objected to Reurich.
- Reurich considered stepping down.
Some facts (?) gathered from the comments:
- Many core devs were unaware of the joke. They thought the compromise was real, as everyone but Nicosia was blocked from logging in to the affected server. They worked to shut down their infrastructure and isolate it from the supposedly compromised machine.
- The Devuan continuous integration server is apparently still down.
The Devuan website looks hacked. Given the timing, it's probable that it is an April's Fools Joke, though it's not clear if it's the Devuan devs' April's Fools joke or the hackers' April's Fools Joke. In any case, it's probably better for any Devuan users to avoid updating their packages and keep an eye out for signs of compromise.
If it is a joke by the devs, then they are taking it pretty far since official channels of communication say that the hack is real (but package are not compromised): https://lists.dyne.org/lurker/message/20190331.191104.169aaf9a.en.html
In any case, it's a warning about taking Devuan too seriously; either they don't know how to secure their servers, or they don't know what it means to take a joke too far.
https://www.devuan.org/ redirects to https://www.devuan.org/pwned.html which displays:
(Score: 1, Insightful) by Anonymous Coward on Saturday May 04, @12:08AM (7 children)
Please get back to a systemd free Linux we desperately need!
(Score: 3, Informative) by Azuma Hazuki on Saturday May 04, @12:19AM (3 children)
We have those. They are called Slackware, Gentoo, Alpine, and my personal favorites, Void and Artix. Devuan always felt a little "off" to me, and it seems the climate of its maintainers transferred into the finished product itself. This explains rather a lot.
I am "that girl" your mother warned you about...
(Score: 2) by bobthecimmerian on Saturday May 04, @12:49AM
I can't speak for the others, but in Gentoo there are several supported init systems and systemd is one of them. You may know that already, I was just posting it for the sake of completeness.
There's also GuixSD, which uses GNU Shepherd as its init system.
I don't hate systemd, but choice is nice.
(Score: 2) by epitaxial on Saturday May 04, @12:53AM
Yeah its called Slackware and its still maintained by the original author. He had a lot of financial issues last year with his web store stealing most of his income. I donated a few bucks and you should too. https://www.linuxquestions.org/questions/slackware-14/donating-to-slackware-4175634729/ [linuxquestions.org]
(Score: 1, Interesting) by Anonymous Coward on Saturday May 04, @12:41AM
On the upside, I had never heard for Devuan before. So all publicity is good publicity ...