https://forum.openmandriva.org/t/statement-regarding-attempted-distribution-sabotage/8997
The OpenMandriva Linux project has announced it was the target of an attempted act of internal sabotage carried out by a former contributor following a dispute within the community. According to long-time developer and maintainer, the incident was triggered by a contributor’s abusive behaviour towards other users and members of the distribution, which ultimately caused several contributors to leave the project. In response, the accused leveraged his administrative privileges to delete portions of a repository the team had spent nearly a decade building. The person had originally been granted those privileges after assisting with migrating and mirroring project repositories to his private OneDev instance.
The destructive actions went beyond simply wiping GitHub repositories. The person also pushed an empty package into OpenMandriva’s Cooker development repository that effectively obsoleted packages for both the GNOME and Cosmic desktop environments, potentially putting users’ systems at risk. The OpenMandriva team is currently working to restore the deleted repositories and packages, while also conducting a full system audit to identify any further unauthorised changes. The person has since disputed the characterisation of his actions, claiming that his intent was not to harm the distribution or its users, and that the deletions were a deliberate but targeted response to what he described as other members removing build specification files from repositories without consultation.
Despite acknowledging that the actions likely constitute a criminal offence, the OpenMandriva team has confirmed it will not be pursuing legal action against the former contributor. The incident serves as a reminder of the security risks that can arise from insider access within open-source community projects, particularly when contributor relationships break down.