On Tue April 2 2019 07:30:58 Jaromil wrote: > 1. There was no break-in on any part of Devuan's infrastructure on 1st > April. This was the most skillfull prank I've witnessed in my life.
You are easily impressed. And you double down on KatolaZ's irresponsible vandalism with a display of lazy wishful thinking. You are claiming no break-in but you have reported nothing to establish the integrity of your systems and software from the ground up as any real Veteran Unix Admin knows how to do. Your claim comes after KatolaZ wrote: We know. Seems to be quite serious. No access to our infra. We are working on it, and we will post updates. And Evilham wrote: Had it been just about devuan-web, it wouldn't have been as terrible as this is: going the lengths of doing it with gdo and the build system undermines that trust of users towards Devuan. It's been now well over 12 hours and the "joke" is still on, it still hints at all parts of the infraestructure being compromised, it still looks as if gdo and the build system were compromised. While golinux indicated this had not been discussed in advance by the team: I was not aware of any discussion about this action. Nor has there been any explanation of why other core team members were unable to shutdown or redirect DNS, shutdown or repair the compromised systems, or take any other measures to mitigate the attack during the 24 hours it lasted. You simply don't know what happened during those 24 hours or what is still compromised and any reliance on the claims of an admitted attacker is beyond ridiculous. If any of you were the Veteran Unix Admins that you claimed to be you would know that a hand-waving "nothing happened" is utterly inadequate to prove that your systems and software have not been compromised without your knowledge. You have taken zero steps to prove Devuan trustworthy and you seem to think that's the end of the matter. Sysadmins will now each decide for themselves or with their lawyers whether they can continue to use Devuan. I'll be reading this list until our switch is complete. If anyone finds a lawyer who says that it's safe to keep a production system on Devuan I'd love to hear their reasoning. The work now to switch distros is a drag but worst of all is that you have just done more in one day to undermine the viability of alternatives to SystemD than its proponents could ever have dreamed of. > 2. Devuan comes WITHOUT ANY WARRANTY. Bluntly put, if you > want to hold someone liable, you need a contract. That's why people who cause airports to be evacuated by shouting "bomb" can't be both sued for the cost of the delays and prosecuted, right? No contract? How many billable person hours do you think your little stunt is going to end up costing worldwide? --Mike _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng