frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

OpenMandriva: Statement regarding attempted distribution sabotage

https://forum.openmandriva.org/t/statement-regarding-attempted-distribution-sabotage/8997
30•workethics•2h ago

Comments

crote•1h ago
How did it go from "He even performed a backup/mirror of several dozen of our repositories." to "He deleted part of our repository from GitHub. (..) [He published] an empty package in the cooker repository, which obsoleted all gnome and cosmic packages."?

I feel like there's a few steps missing there. How does it go from "a new person joins the community" to "he's able to nuke everything"? Sure, he might be reasonably well-known, but in the post it doesn't sound like he was a core maintainer, or even a very active community member. Do they just randomly hand out admin access to anyone?

throw1234567891•57m ago
There aren’t, they just don’t write it because it’s shameful for them. They trusted a man who brought two more people in, and they thought they were sheriffs.
OhSoHumble•49m ago
It's hard to maintain open source software that needs infrastructure. Everyone is a volunteer and it's not like the Mandriva project has the resources to fully vet people as well as have a high quality RBAC and access control system. This guy sounds like maintained a large project, offered to help, and Mandriva saw the Trojan horse as a way to alleviate a lot of their problems.

And it didn't sound like he was able to "nuke everything" - it sounds like he had access to their repository infrastructure (which is reasonable given he was volunteering to host it) and then lashed out.

If anything, I think it's a bigger organizational red flag that they agreed to privately host their source code on some random git forge and not a larger, more communal one. I mean, even if they didn't want to use GitHub (did this even cost money for them) then there are other providers to choose from.

It just sounds like the Mandriva maintainers are trusting and good folk who may be overworked running an open source project and that led to a bad apple entering the bunch. It's hard for me to be mad in that kind of situation.

whalesalad•53m ago
TIL Mandriva/Mandrake Linux is still around.
jitix•12m ago
Me too. It was my first Linux back in 2003 and I was immediately hooked. Back then codecs weren't as much of an issue as they were in the late 2000s to early 2010s so everything worked out of the box and the performance on Pentium 4 with 128 MB RAM was phenomenal compared to Windows XP.

I'm so glad the project is still around.

Chatto is now Open Source

https://www.hmans.dev/blog/chatto-is-open-source
506•speckx•5h ago•135 comments

SWE-1.7 Reach Near GPT 5.5 and Opus Intelligence

https://cognition.com/blog/swe-1-7
191•mekpro•4h ago•104 comments

Mistral's Robostral Navigate: a state of the art robotics navigation model

https://mistral.ai/news/robostral-navigate/
341•ottomengis•6h ago•81 comments

Decoding the obfuscated bash script on a Uniqlo t-shirt

https://tris.sherliker.net/blog/obfuscated-self-evaluating-bash-script-by-cdn-akamai-being-suppli...
1175•speerer•11h ago•190 comments

Show HN: Microsoft releases Flint, a visualization language for AI agents

https://microsoft.github.io/flint-chart/#/
103•chenglong-hn•2h ago•44 comments

Cloudflare Drop

https://www.cloudflare.com/drop/
43•coloneltcb•1h ago•24 comments

GPT‑Live

https://openai.com/index/introducing-gpt-live/
457•logickkk1•3h ago•313 comments

A bug which affected only left handed users

https://shkspr.mobi/blog/2026/07/a-bug-which-only-affected-left-handed-users/
35•sixhobbits•7h ago•11 comments

OpenMandriva: Statement regarding attempted distribution sabotage

https://forum.openmandriva.org/t/statement-regarding-attempted-distribution-sabotage/8997
30•workethics•2h ago•5 comments

Cloudflare Meerkat - Globally distributed consensus

https://blog.cloudflare.com/meerkat-introduction/
181•bobnamob•7h ago•38 comments

EU now one step away from reviving private message scanning rules

https://cyberinsider.com/eu-now-one-step-away-from-reviving-private-message-scanning-rules/
234•ggirelli•3h ago•101 comments

I Built a Telegram Client for Pi

https://www.npmjs.com/package/@atharva-again/pi-tg
23•atharva-again•2d ago•8 comments

OpenBSD has a use-after-free allowing local privilege escalation to root

https://nvd.nist.gov/vuln/detail/cve-2026-57589
216•linggen•7h ago•101 comments

GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos

https://noma.security/blog/gitlost-how-we-tricked-githubs-ai-agent-into-leaking-private-repos/
479•ColinEberhardt•15h ago•184 comments

TypeScript 7

https://devblogs.microsoft.com/typescript/announcing-typescript-7-0/
304•DanRosenwasser•4h ago•114 comments

Understanding B-Tree Indexes in PostgreSQL: A Comprehensive Guide– Part 1

https://medium.com/@devli0/b-tree-indexes-in-postgresql-part-1-theory-eb2668c52520
20•corvus-cornix•3d ago•1 comments

What Do We Know About the Microplastics Inside Us?

https://e360.yale.edu/features/cassandra-rauert-interview
142•speckx•2h ago•66 comments

Show HN: Follow London Trains in 3D

https://ride.nexttrain.london/
113•mgranados•4d ago•48 comments

EVE Online's Carbon engine is now open source: Fenris Creations explains why

https://www.gamesindustry.biz/eve-onlines-carbon-engine-is-now-open-source-fenris-creations-expla...
350•Stevvo•4d ago•120 comments

TabFont – guitar tabs rendered as you type

https://philatype.com/tabfont/
63•ChrisArchitect•3d ago•19 comments

Grok 4.5

https://x.ai/news/grok-4-5
307•BoumTAC•2h ago•234 comments

Show HN: Agent Draw: An agent draws while you talk, built on TLDraw

https://techstackups.com/articles/tldraw-agent-draw/
13•jameswhitford•2d ago•0 comments

Show HN: Hnwork.app – UI for Who is hiring posts

https://hnwork.app/
8•scottilee•41m ago•0 comments

PlayStation can delete all your digital games after 3 years of inactivity (EU)

https://www.flatpanelshd.com/news.php?subaction=showfull&id=1783340582
133•thewebguyd•2h ago•64 comments

Sometimes it is the network: a war story

https://utcc.utoronto.ca/~cks/space/blog/sysadmin/SometimesItIsTheNetwork
7•srijan4•2d ago•1 comments

Apple to increase spend with Broadcom to produce billions more U.S. chips

https://www.apple.com/newsroom/2026/07/apple-to-increase-spend-with-broadcom-to-produce-billions-...
270•soheilpro•9h ago•218 comments

Japan's Hayabusa2 probe to conduct flyby of Torifune asteroid

https://www3.nhk.or.jp/nhkworld/en/news/20260705_01/
152•dvh•3d ago•17 comments

How to Build a Minimal ZFS NAS Without Synology, QNAP, TrueNAS (2024)

https://neil.computer/notes/how-to-setup-minimal-zfs-nas-without-truenas/
327•4diii•16h ago•220 comments

Tenda firmware (multiple versions) contains hidden authentication backdoor

https://kb.cert.org/vuls/id/213560
337•miniBill•20h ago•115 comments

NoiseLang: Where N = 5 is a Dirac delta

https://manualmeida.dev/articles/noiselang/
101•manucorporat•2d ago•48 comments