Subject: Re: the sorry state of open source
To: None <netbsd-advocacy@netbsd.org>
From: Alistair Crooks <agc@pbox.org>
List: netbsd-advocacy
Date: 04/18/2007 07:31:10
On Tue, Apr 17, 2007 at 11:11:04AM -0700, Jan Schaumann wrote:
> Stefan 'Kaishakunin' Schumacher <stefan@net-tex.de> wrote:
> > Also sprach Hubert Feyrer (hubert@feyrer.de)
> > > On Mon, 16 Apr 2007, Jan Schaumann wrote:
> > > >http://beranger.org/feature/sorryfeature.php
> > > >
> > > >It'd be nice if somebody took the time to contact the author a about
> > > >NetBSD. He doesn't seme to know that (a) NetBSD is not dead and
>
> > He never claimed that NetBSD is dead. He cited C. Hannum and stated that
> > he cannot "make any judgments on that one".
>
> That is correct, but he makes the citation for a reason. It's a way of
> arguing that NetBSD is (at the very least) less than thriving without
> having to step up and say it yourself.
>
> I was suggesting that somebody point out to him the circumstances of
> Charles's comments.
The announcement of Charles's membership lapsing is in
http://mail-index.NetBSD.org/netbsd-announce/2006/09/01/0000.html
Charles had been asked to sign a developer's agreement, as had every other
NetBSD developer, and he was unwilling to do that.
For almost 18 months prior to that, Charles's ssh access to all of the
project machines had been suspended, as described in the mail below
which I sent to an internal project list. The reason for the insistence
on a completed developer's agreement for people with write access to
the repositories is hopefully apparent.
As far as the "NetBSD is dead" thread - if anyone thinks that, they
have obviously not read source-changes or pkgsrc-changes just
recently.
Regards,
Alistair
> Date: Wed, 16 Mar 2005 18:07:21 +0000
> From: Alistair Crooks <agc@NetBSD.org>
> To: an internal project list, required reading for all NetBSD committers
> Subject: The Recent CVS Incident.
> User-Agent: Mutt/1.4.1i
>
>
> On Sunday morning, it became apparent that something had been changed
> in the CVS repository. Some files in the sys/ directory and
> subdirectories, which had previously been modified to remove trailing
> whitespace, were modified using the "cvs admin" command to delete these
> revisions, and some RCS tags were changed, again using "cvs admin".
> The net effect of this was that people with checked-out trees which
> included the whitespace deletion revisions were left with trees which
> cvs could not recognise, as the checked-out revisions were no longer
> in the repository. In addition, the repository itself was internally
> inconsistent because tags were pointing to deleted revisions.
>
> When the problem was identified, cvs.NetBSD.org was taken down, and
> people from board and admins worked on reverting these "cvs admin"
> changes for 11 hours, as well as taking steps to ensure that a similar
> attack could not take place in future.
>
> The developer whose credentials were used to do this has been
> identified and has had his ssh access suspended on all project
> machines. However, as he is not answering email, telephone or any
> other attempts at communication, we cannot tell if this was done
> intentionally or if his account was compromised. Therefore we feel it
> would be inappropriate to name him in public right now. This is also
> the reason that this explanatory mail has been delayed.
>
> I have absolutely no idea why the repository was damaged in this way.
> It could be that the developer in question has been hacked, or it
> could have been a prank that went wrong, although the timing, coming
> just before the 3.0 branch, couldn't have been worse.
>
> Moving on...
>
> The cvs binary on cvs.NetBSD.org has been modified so that it will no
> longer provide the "admin" or "init" commands. If you wish to change
> a log message, you will have to contact admins for just now. A longer
> term solution is being worked on right now.
>
> I'd like to thank Thor and the other people who spent their Sunday
> cleaning up the damage to the repository. I'd also like to thank the
> developers who offered rsync'ed snapshots of the cvs repository, and
> to thank you all for being patient while the whole incident was
> resolved.
>
> Regards,
> Alistair
>
> On Behalf of the Board of Directors
> The NetBSD Foundation