OpenMandriva, a Linux distribution project, has accused a former trusted admin of deliberately damaging its infrastructure by deleting critical repositories and uploading a problematic package that risked breaking desktop installations amid a heated community dispute.

  • Former admin deleted years of development from GitHub repos
  • Malicious package in rolling branch could disrupt installs
  • Project restoring repos, auditing systems, and reconsidering controls

What happened

OpenMandriva revealed that after a series of community conflicts, a former contributor with administrator privileges allegedly deleted several years of development history from the project’s GitHub repositories. This contributor had earlier offered to migrate and mirror OpenMandriva's repositories to his privately managed OneDev platform, a move that some maintainers initially felt uneasy about but accepted due to his reputation.

Tensions escalated when further contributors joined and interpersonal issues intensified, causing some members to leave. After ejecting a problematic participant from certain chat channels, the accused admin resigned along with another contributor. When OpenMandriva decided to stop using the admin’s private infrastructure for repository mirroring, the admin purportedly retaliated by abusing his access—deleting repositories and uploading an empty package to the project’s ‘Cooker’ development branch that could disrupt users running GNOME or Cosmic desktops.

Why it matters

Such destructive actions within open source projects can threaten years of collaborative work, undermine community trust, and disrupt user experiences. Although the affected packages were in the rolling development branch rather than stable releases, the incident demonstrated how unchecked administrative control can pose significant risks to project continuity and integrity.

The episode highlights the challenges faced by decentralized software projects in managing access and governance, especially around trusted individuals. It underscores the importance of clear contributor roles, access controls, and swift conflict resolution to prevent personal disputes from escalating into damaging sabotage events.

What to watch next

OpenMandriva is currently working to restore the deleted repositories and repair any impacted packages. It has conducted a full audit and found no further violations beyond those already identified. The project has also decided against pursuing legal action, though it acknowledged the sabotage could constitute a criminal offense.

Going forward, the community and similar projects will likely monitor how OpenMandriva adjusts its administrative access policies and infrastructure controls. Observers may also watch for broader discussions in open source circles about balancing trust with safeguards to prevent future incidents involving disgruntled contributors wielding high-level privileges.

Source assisted: This briefing began from a discovered source item from The Register Headlines. Open the original source.
How SignalDesk reports: feeds and outside sources are used for discovery. Public briefings are edited to add context, buyer relevance and attribution before they are published. Read the standards

Related briefings