Following is on a personal note after having tried to fix things
curtains and to get something "official" out.
First things first and because I think somebody has to say it in
right tone the situation merits:
I am really sorry for the mess of today (+/- 13 hours because
and I hope it does not impact too negatively the trust of users in
project in the long-run.
Further clarifying things: **to my knowledge**(*) nothing has been
compromised, but it is indeed a very elaborated prank.
I hope this helps reassure those who are rightfully concerned,
disappointed or disgusted by the whole thing and that a more
"official"/definitive/detailed announcement comes soon.
(*): **to my knowledge** means that I am still trusting the
communications and the project, even if I decided keep in place
temporarily disconnect of my systems from devuan's infra.
> Dear all,
> this is being sent privately, but with the perspective of it
> I won't go into the stupidity of April's fools as a general
> concept, but
> instead meet halfway and consider that a valid thing to do (even
> your users are not exclusively in the limited parts of the world
> that's a thing) and instead analyse the way this was done.
> This is not an April's fools joke, this reflects very badly on
> Devuan as
> a distribution that is something beyond someone's playground.
> I will explain: we, as Devuan, need people's trust, the fact
> anybody uses Devuan (or any distribution/Operating System),
> implies a
> huge degree of trust on the team behind it.
> After all, if you control an Operating System, you control in
> fact, a
> trivial way to gain root on everyone's systems.
> Even assuming a fakely claimed security issue were funny, this
> done. Had it been just about devuan-web, it wouldn't have been
> as this is: going the lengths of doing it with gdo and the build
> undermines that trust of users towards Devuan.
> It's been now well over 12 hours and the "joke" is still on, it
> still hints
> at all parts of the infraestructure being compromised, it still
> looks as
> if gdo and the build system were compromised.
> For anyone wanting to do serious things while using Devuan, this
> extremely bad taste.
> I know of at least 5 people wasting a few hours of their lives
> included) over this, *obviously* if the peope you trust are
> telling you
> "Devuan is fucked, we don't even have access to the infra", the
> first thing you are going to do is start all your contingency
> plans, not
> bother with "obvious" puzzles and hints.
> We are talking about critical infrastructure here, this is the
> equivalent of being in an airport and shouting "THERE IS A BOMB!
> just kidding". It is not only childish, it is irresponsible.
> I kindly ask everyone to reconsider and bring the thing down as
> soon as
> possible and publish a public apology.
> In the end, this is not a PR stun, it's a PR disgrace and it's
> with the people who care about the distribution and the
> always-lingering reputation.
> Even if there is no public apology, I will at least on a
> do what I consider right and publish this email on DNG.
This message was posted to the following mailing lists: