The definitive guide to CentOS

2009-07-31
And now for something good: “The book” is out. It still feels strange to see your own name on the cover of a book, but also very good. More about the book.

Geschrieben um 13:43

[/centos] [permanent link] [Startseite]

An open letter to Lance

2009-07-30
As some of you might have noticed during the last weeks or months, the CentOS project wasn’t running as smoothly as it could or should. There was a reason behind that which I couldn’t mention to others when asked. Now that it is in the open, let me share a few of my thoughts. And let us hope that we now can get back to the level of openness and transparency we once had.

But first things first: An open letter to Lance Davis, one of the CentOS Project founders, has been published on the CentOS web site and on the main CentOS mailing list, so you might want to read that before reading further here.

Back? Good. I’ve been following the CentOS project since some time in 2004 and have been an active member of the CentOS team since 2006. Lance has been around for longer, being a founder and all. First time I met Lance was in 2007 at Fosdem in Brussels and then again at LinuxTag in Berlin. Everything seemed fine there. But from then on things seemed to deteriorate.

Lance vanished from the project some time in 2008. Everybody needs time off from projects from time to time, so there was no real need to worry about that. What there was to worry about is the following: Lance is the only one, who can make active changes to the centos.org domain, as he “owns it”. Nobody else in the team is able to add nameservers, for instance. Recently he put an anonymizing service on the domain, so that nobody from the outside can see who that domain belongs to.

The third thing - and that is the one which hurts me the most - is that Lance is the one who has access to the Google AdSense and the Paypal accounts, again without a backup. We have asked for overviews of the accounts several times now and haven’t gotten back any answers. This money was donated towards the project and could have been used for professionally made media for fairs and conventions, professionally made advertisement material for the same, hardware, community support (give out media to people who want to show off CentOS) and so on. To make it clear: Nobody in the CentOS team wants to make money off the project, we all have jobs and do CentOS in our free time.

This means that the project depends on one person in too many ways. Add to that a person who doesn’t answer calls, isn’t available as meetings, doesn’t publish things he promised to do - we have a problem. And this is unacceptable. We as a project have to be more transparent. And this is one of the things blocking this.

As Lance hasn’t answered requests regarding that over the last few months, the remaining team now has put a stop on that. For the moment all ads have been removed from website and wiki and we are not accepting any paypal donations anymore.

We still want Lance to be able to answer all of that in a good fashion, so that everything can be corrected. So the step might seem a bit drastic at the moment (but this has been lingering for quite some time now). It might also seem like our reaction has come too late. It might also mean that we will lose the centos.org domain. And all the money people have donated towards the project and not to one person. I would like to offer my apologies for that.

But either way, we will continue and get the project back on track. With your help, I hope, as I still think that CentOS is one heck of a cool project to work on.

Other people’s thoughts about this issue: Tim Verhoeven’s Blog, Karanbir Singh’s Blog and Russ Herrold’s Blog. There will also be much discussion in the mailing lists, I guess. Please partake if you want to add your opinion.

Here is the letter:

July 30, 2009 04:39 UTC

This is an Open Letter to Lance Davis from fellow CentOS Developers

It is regrettable that we are forced to send this letter but we are left with no other options. For some time now we have been attempting to resolve these problems:

You seem to have crawled into a hole … and this is not acceptable.

You have long promised a statement of CentOS project funds; to this date this has not appeared.

You hold sole control of the centos.org domain with no deputy; this is not proper.

You have, it seems, sole ‘Founders’ rights in the IRC channels with no deputy ; this is not proper.

When I (Russ) try to call the phone numbers for UK Linux, and for you individually, I get a telco intercept ‘Lines are temporarily busy’ for the last two weeks. Finally yesterday, a voicemail in your voice picked up, and I left a message urgently requesting a reply. Karanbir also reports calling and leaving messages without your reply.

Please do not kill CentOS through your fear of shared management of the project.

Clearly the project dies if all the developers walk away.

Please contact me, or any other signer of this letter at once, to arrange for the required information to keep the project alive at the ‘centos.org’ domain.

Sincerely,

Russ Herrold
Ralph Angenendt
Karanbir Singh
Jim Perrin
Donavan Nelson
Tim Verhoeven
Tru Huynh
Johnny Hughes

Geschrieben um 13:00

[/centos] [permanent link] [Startseite]

Break-In attempt on www.centos.org

2009-07-04
Dear Users: on Friday evening, July 3rd (UTC) we found a few suspicious files on the CentOS webserver. Upon investigating we found out that the files had been put there through Xoops (the CMS www.centos.org runs on) - and that this was possible due to a an administrative error which has been corrected.

As far as we can see there has been no data or binary injected into the system or taken from the system. The machine hasn’t been used as a source for sending spam (in the widest possible meaning) either.

We have been able to identify the source of the attacks, but have not been able to find out if the files have been put there through a compromised user account in the Xoops system. Although we are fairly sure that there has been no such compromise, we have enforced a password expiry on all accounts on the system. wiki.centos.org and bugs.centos.org - though being on the same machine - have not been affected by this.

All users having an account on www.centos.org need to acquire a new password through the “lost password” system of Xoops.

We are terribly sorry for any inconvenience this might cause you and would like to apologize for that.

Geschrieben um 03:22

[/centos] [permanent link] [Startseite]

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.0 Germany License.