OpenMandriva Linux is facing a serious internal security dispute after it said a former contributor abused administrative access to damage the project’s infrastructure. The alleged actions included deleting GitHub repositories and publishing an empty package that could have broken desktop systems for users of GNOME and COSMIC.
According to the project, the problem did not begin with code but with conflict inside the community. OpenMandriva says an abusive incident in its Matrix chat led to one contributor being removed, which then triggered a chain of resignations and escalating anger among some members.
The most damaging part of the incident involved repository access. Long-time maintainer AngryPenguin said the contributor had admin privileges because he had previously helped migrate and mirror project repositories to a private OneDev instance, and that access was later used to delete part of a repository the team had maintained for nearly 10 years.
OpenMandriva also says the contributor pushed an empty package into its Cooker development branch. That package obsoleted the GNOME and COSMIC packages, meaning it could have caused real disruption for people relying on those desktop environments if the issue had not been caught quickly.
The accused contributor, Davide Beatrici, rejects the sabotage allegation and says his goal was not to harm users or the distro itself. He argues that his actions were tied to a dispute over the project’s direction, including disagreement about OpenMandriva’s support for GNOME and COSMIC alongside KDE and LXQt.
OpenMandriva says it is now restoring deleted repositories, repairing affected packages, and conducting a full audit to confirm that nothing else was altered.
OpenMandriva says it is now restoring deleted repositories, repairing affected packages, and conducting a full audit to confirm that nothing else was altered.
The project has also said the incident may meet the threshold of a criminal offense, though it has chosen not to pursue legal action at this stage.
This case is a reminder that open-source projects do not only face technical threats from outside attackers. Internal access, trust, and governance can become just as dangerous when disputes turn personal and administrative privileges are misused.
This case is a reminder that open-source projects do not only face technical threats from outside attackers. Internal access, trust, and governance can become just as dangerous when disputes turn personal and administrative privileges are misused.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article:
