:: [DNG] Fwd: April's fools mess
Top Page
Delete this message
Reply to this message
Author: Evilham
Date:  
To: dng
Subject: [DNG] Fwd: April's fools mess
Following is on a personal note after having tried to fix things
behind
curtains and to get something "official" out.

First things first and because I think somebody has to say it in
the
right tone the situation merits:
I am really sorry for the mess of today (+/- 13 hours because
timezones)
and I hope it does not impact too negatively the trust of users in
the
project in the long-run.

Further clarifying things: **to my knowledge**(*) nothing has been
compromised, but it is indeed a very elaborated prank.

I hope this helps reassure those who are rightfully concerned,
disappointed or disgusted by the whole thing and that a more
sensible
"official"/definitive/detailed announcement comes soon.

(*): **to my knowledge** means that I am still trusting the
communications and the project, even if I decided keep in place
the
temporarily disconnect of my systems from devuan's infra.


Evilham writes:

> Dear all,
>
> this is being sent privately, but with the perspective of it
> being
> public.
>
> I won't go into the stupidity of April's fools as a general
> concept, but
> instead meet halfway and consider that a valid thing to do (even
> when
> your users are not exclusively in the limited parts of the world
> where
> that's a thing) and instead analyse the way this was done.
>
> This is not an April's fools joke, this reflects very badly on
> Devuan as
> a distribution that is something beyond someone's playground.
>
> I will explain: we, as Devuan, need people's trust, the fact
> that
> anybody uses Devuan (or any distribution/Operating System),
> implies a
> huge degree of trust on the team behind it.
>
> After all, if you control an Operating System, you control in
> fact, a
> trivial way to gain root on everyone's systems.
>
> Even assuming a fakely claimed security issue were funny, this
> was
> badly
> done. Had it been just about devuan-web, it wouldn't have been
> as
> terrible
> as this is: going the lengths of doing it with gdo and the build
> system
> undermines that trust of users towards Devuan.
>
> It's been now well over 12 hours and the "joke" is still on, it
> still hints
> at all parts of the infraestructure being compromised, it still
> looks as
> if gdo and the build system were compromised.
>
> For anyone wanting to do serious things while using Devuan, this
> is
> extremely bad taste.
>
> I know of at least 5 people wasting a few hours of their lives
> (me
> included) over this, *obviously* if the peope you trust are
> telling you
> "Devuan is fucked, we don't even have access to the infra", the
> very
> first thing you are going to do is start all your contingency
> plans, not
> bother with "obvious" puzzles and hints.
>
> We are talking about critical infrastructure here, this is the
> internet
> equivalent of being in an airport and shouting "THERE IS A BOMB!
> Nah
> just kidding". It is not only childish, it is irresponsible.
>
> I kindly ask everyone to reconsider and bring the thing down as
> soon as
> possible and publish a public apology.
>
> In the end, this is not a PR stun, it's a PR disgrace and it's
> messing
> with the people who care about the distribution and the
> distribution's
> always-lingering reputation.
>
> Even if there is no public apology, I will at least on a
> personal
> level
> do what I consider right and publish this email on DNG.