Respository vandalism by root at ...fd.o

Eirik Byrkjeflot Anonsen eirik at opera.com
Wed Nov 24 00:00:52 PST 2010 

Luc Verhaegen <libv at skynet.be> writes:

> On Wed, Nov 24, 2010 at 04:36:17PM +1000, Dave Airlie wrote:
>> On Wed, Nov 24, 2010 at 4:31 PM, Luc Verhaegen <libv at skynet.be> wrote:
>> >
>> > See, this was exactly the problem here. It _was_ a freedesktop admin.
>> > And it was pretty clear that it was that from the onset too. Mailing
>> > fd.o admins, even if i could've dug up an email address in the split
>> > second that i wrote the email (heck, i even mistyped repository), was
>> > not the right course of action.

(As an aside: maybe it would be a good idea to spend more than a split
second on writing an email of this kind?)

>> So you mailed 2 mailing lists consisting of 2-300 people who could do
>> nothing about it?
>> 
>> nice work.
>> 
>> Dave.
>
> Stop the counter-attack dave, it's far too obvious what you are doing 
> here.

His response seems quite reasonable to me, assuming that he thought your
intention was to get the problem looked into rather than just raising a
stink.  On the other hand if your intention was primarily to make a lot
of noise, then clearly your action was a reasonable one.  Which brings
me to:

> The means to the end were perfectly justifiable under the circumstances, 
> and this includes the years of experience i have with dealing with X.org 
> community. This especially includes the experience of something as noble 
> as the radeonhd driver project.

Then what was your intended "end"?  Has it been accomplished?

As far as I can see, all you've managed to do is to create a lot of
noise about what is, in itself, a fairly minor incident.  Yes, it is
serious that a "trusted admin" abuses his powers.  However, that happens
and will continue to happen.  Humans are like that.  We often show a
remarkable lack of good judgement.  And in this case, I think the
pattern matches well with "bad judgement" rather than "evil intent".

What I'm far more worried about are the admins (and non-admins) who have
made changes with "evil intent" that we have not noticed.  I am not
particularly worried about this incident, as anyone with true "evil
intent" would not have advertised their actions like this.  However,
that doesn't mean that no-one have acted with "evil intent", and been
successful at it.

There are two things that I feel are important about this:

1. What systems do we have in place that enables us to detect when a
   "trusted admin" acts in "bad judgement" or with "evil intent"?  What
   is the probability that such actions will be noticed?  Can we do
   anything to increase this probability?

2. What systems do we have in place that enables us to detect "evil
   commits" once they actually make their way into the repository?  What
   is the probability that they will be noticed?  Can we do anything to
   increase this probability?

You'll notice that none of these are directly related to this incident.
This incident only provides an excuse for bringing up such issues.  If
that was your goal, then I feel that it has not yet been accomplished,
but making noise about it may have been a reasonable approach anyway.


More related to this incident (and your comments) could be this issue,
which I consider slightly less important than the previous two, but is
still a quite significant point:

3. When incidents are detected (break-ins, abuse of admin rights, evil
   commits, what have you...), what processes are in place to deal with
   this?  What information is published, and in which fora, and when?
   What investigations are performed, and what actions are carried out
   as a result of such investigations?  Where are these processes
   documented?


Of course, I have my own suspicions about the answers to all three
questions, but that's not the point.  The point is that the people who
actually deal with these things must reflect over whether what we are
doing is "good enough" or whether we should do better.  (It goes without
saying that we could do better, the question is whether it is worthwhile
to spend effort on actually doing better.)

I know that all this work is largely carried out by volunteers in their
spare time.  That doesn't make my three questions unimportant.


(I'll just end by pointing out that whenever I say "we" above, of course
I mean "you", considering how much I personally have contributed to this
project.  Thank you for all the good work, it is deeply appreciated.)

eirik

More information about the xorg mailing list