5379967
story
Comments: 492 +- Linux: CentOS Project Administrator Goes AWOL on Thursday July 30 2009, @08:29AM
background: url(//a.fsdn.com/sd/topics/topicos.gif); width:66px; height:49px;
os
background: url(//a.fsdn.com/sd/topics/topicsoftware.gif); width:65px; height:65px;
software
background: url(//a.fsdn.com/sd/topics/topiclinux.gif); width:60px; height:70px;
linux
An anonymous reader writes "Lance Davis, the main project administrator for CentOS, a popular free 'rebuild' of Red Hat's Enterprise Linux, appears to have gone AWOL. In an open letter from his fellow CentOS developers, they describe the precarious situation the project has been put in. There have been attempts to contact him for some time now, as he's the sole administrator for the centos.org domain, the IRC channels, and apparently, CentOS funds. One can only hope that Lance gets in contact with them and gets things sorted out."
Related Stories
Submission: CentOS Project Administrator Goes AWOL by Anonymous Coward
CentOS Administrator Reappears 211 comments
One person's error is another person's data.
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.
Peace (Score:4, Insightful)
If you read the message in TFA, it kind of seems like a cry for your ex-gf to get back together.
Joking aside, I dont think it's really a surprise for anyone that people have other things to do sometimes, or even getting interested in different stuff. I actually feel sorry for the guy that this got slashdotted and all. If he's on holiday, it's gonna ruin his day. If he's away doing other stuff, he probably dont want to hear his co-admins crying to get him back.
Really, give the guy a peace. I bet he has used serious amount of time on CentOS project and deserves some time off and respect.
Re:Peace (Score:5, Insightful)
Parent
Re:Peace (Score:5, Interesting)
Somewhat concerning, considering the number of CentOS servers I have in the wild.
I'd suggest disabling yum updates on your CentOS boxes until this gets sorted out. Might want to do updates by rebuilding src rpms directly from Redhat.
Just the fact they even have to address an issue like this makes me nervous.
Parent
Re:Peace (Score:5, Funny)
Parent
Re:Peace (Score:5, Insightful)
Parent
Re:Peace (Score:5, Informative)
Not really. CentOS isn't going to stop working any time soon, the source code and repositories are still around and this will get sorted one way or the other even if it means new domains and changing the name of the project or something or learning from mistakes and setting up some non-profit organisation.
Parent
Re:Or or course you might go with close source... (Score:5, Insightful)
This specific scenario is unlikely to happen with a large corporation supporting the OS; but where's your support for Solaris 8? Or Irix? Or OpenVMS? Dead as doornails, but still in use, because critical software only runs on those older platforms.
Just because you're paying money doesn't mean it won't go away. To think so is typical of the naive faith of capitalist believers.
In fact, given that CentOS is the major contributor to the patching effort of RHEL, if CentOS were to go away, and all the devs moved onto something else, Red Hat would be left footing the bill for the unresolved patches. Given their current track record for patching, this does not bode well for that platform. Just by way of example, Firefox 3.0.0.12, which fixes several zero-day vulnerabilities, is still not backported to RHEL 4.
Parent
Re:Peace (Score:5, Funny)
Someone who isn't actively connected to the project won't f*ck up alot of other people's servers just for the hell of it. Right now there's not a problem (legally), but if he intentionally screws up packages there will be. Yeah if you're paranoid, don't update your servers and/or rebuild from official RH srpms. Or buy RH support.
I just asked a friend who works for RH and he can't confirm or deny they've kidnapped him. Hmm .....
Parent
Re:Peace (Score:5, Insightful)
There is no need to disable updates, I don't think. All of the updates that I've seen on the centos-announce mailing list come from two people, and I believe those are the people with the GPG keys on the packages, too.
If Lance is still around, it is safe to say that he has had all of his access removed. If he has both access to the repositories and the GPG keys, I'd worry (assuming his intent is malicious, which I somewhat doubt would be the case) -- but until the current developers who rebuild/push the updates advise that we kill updates, I definitely will not be doing so. A great example was the BIND vulnerability a day or two ago.
Seriously, if you are a centos administrator, you should do a couple things:
1) Sign up for the centos-announce list, here: http://lists.centos.org/mailman/listinfo/centos-announce [centos.org]
2) Watch it like a hawk.
It is safe to say that the existing developers will use it if they have a huge need to communicate an apocalypse situation where it would be wise to stop updating.
Parent
Re:Peace (Score:5, Funny)
Parent
OMG You Didn't (Score:5, Funny)
OMG, you guys hired Soandso. He was with our company. He knocked up 3 admin assistants, and the guy that fixes the copier. He peed in the coffee pot in the break room. As a joke, he put our proprietary code up for sale on Craig's List. The worst of it was when he used 3 months of petty cash and donated it to McCain/Palin 2008.
Parent
Re:Peace (Score:5, Insightful)
They really need to stop advertising themselves as being "enterprise-class" then.
Parent
Re:Peace (Score:5, Insightful)
Perhaps it would be better if people stopped deluding themselves into thinking that "Enterprise Class" means anything beyond buzzwords.
Parent
Re:Peace (Score:5, Insightful)
I'm in a online TF2 clan, and we have the Real Names, addresses, phone numbers, and work phone numbers, of the 10 highest ranking members. The top two members have shared all important info so a absence of one is annoying, but completely survivable. Perhaps its because we have so many active duty military in our group, but I would expect everyone to take such basic precautions.
Please don't tell me my TF2 group is more organized than CentOS, (Please!)
Parent
Re:Peace (Score:5, Funny)
if he's lying in a comma, maybe we can just turn him into an exclamation point instead and everything will be just be great!
Parent
Re:Peace (Score:5, Funny)
Then again he may be on his period, or have problems with his colon.
Parent
Re:Is This Bus Syndrome? (Score:5, Insightful)
If RedHat doesn't want to share their code, then they should build their own OS, instead of just working on the pre-existing huge resource that is Linux/GPLed code. See how that works? They agreed to CentOS-style reuse of their work in exchange for THEIR for-profit reuse of decades worth of OTHER people's work; that's the price of the GPL, and they pay it willingly, because what they get is so valuable.
And speaking of cynicism: anyone stop to think that maybe some overaggressive RedHat executive with a suitcase full of cash is behind Lance's disappearance? Follow the money: CentOS looks unreliable ==> RedHat cashes in....
Parent
Re:Is This Bus Syndrome? (Score:5, Interesting)
I totally agree with the "bus syndrome" thinking. At one company I was at for many years, the boss had that concern. I was the senior SysAdmin, who created and managed the entire IT infrastructure. To alleviate it, everything was documented. A copy of the passwords were kept under lock and key. Server functions were well documented. My assistant(s) (depending on the year I had 1 to 4) could continue smooth operations without me.
Keeping the "bus syndrome" mentality, should I be unavailable for a day or days, there were no problems. I could fly between cities to do work, and not panic that the whole world was going to fall apart while I was on a plane. I still got plenty of phone calls, simply because it was my baby. Junior admins didn't want to make widespread changes without my seal of approval, even if it was a quick phone call where they gave me a brief outline of their changes, and I gave them verbal approval ("Go for it. Let me know how it goes.").
The day came that they decided I wasn't necessary. I was locked out of the machines per my own plan, and then notified that I was no longer part of the company. Whoever did the changing wasn't quite as consistent as I was and missed a few spots. Being a "good guy", I verified that I was locked out of everywhere, and sent a list (it was short) of what I still had access to, so they could get those too. The missed spots were non-essential, so even if I had a desire to do bad things, I couldn't have broken much.
The password plan had better motives than firing the top guy. On password change day, I issued the passwords on slips of paper to the people who needed them (and to the vault). Should someone's passwords become compromised, I could have all the passwords changed in approx 5 minutes. Should something seem funny, we'd change the passwords. Usually we just changed them because the existing passwords had been in use for too long. We did have someone lose their USB key with their SSH keys on it. We went through the well practiced drill. It turned out to be just an exercise. The key had fallen out of his pocket, and was under the seat of his car.
When they terminated me, the company lived on. The transition was smooth without me. I may as well have been hit by a bus. No one asked me "how do I....?", because it was all there for those with access who knew what to look for. Even if we had a walkout of all IT staff, things were documented well enough where an experienced IT person could walk in and keep things running.
We were a high dollar, small staff company. Why should somewhere like CentOS be any different?
Parent
Re:Is This Bus Syndrome? (Score:5, Insightful)
The way I see it, it's their company. They can either keep me around forever, and appreciate the work I do, or let me go. Either way, I did a good job while I was there.
As I heard it through the grapevine, they spent an absolute fortune redoing everything I did. They switched the servers away from Linux to FreeBSD. They didn't optimize things as well as I had, so that left them in a situation where things simply didn't work as well. They rewrote a lot of my software. Some was trivial, and some was very intricate. I strongly suspect they were trying to defeat my back doors that they were never able to find. The funny part was, I didn't leave any back doors. If I leave a back door for myself, that means there's a back door for someone else to exploit. I spent enough time watching the front door for trouble, why should I have to double my work? :)
The only contact I've maintained is watching their Alexa score drop. It's nothing related to anything I did, but I strongly suspect there have been some nasty technical issues, since some people have called and emailed me saying that the site was suddenly unavailable, or throwing weird errors. I know what the weird errors were. Misconfigured servers, because they were deviating from my well constructed and tested plans. Some of them were obvious. They put into production what I had already tested and decided were not satisfactory for that environment. C'est la vie. I moved on to better things, and they were stumbling over old hurdles. It seems that happens a lot. Places like to second guess the work of old staff just for the sake of trying to make him/her look bad. Sometimes it's just to justify why they got rid of him/her, even years after he could care less. :)
Parent
Re:Is This Bus Syndrome? (Score:5, Insightful)
I personally won't use software produced by projects like CentOS. My belief is that projects like CentOS are there because people want to skate on the backs of people and companies who have spent time and money making a good product, just because they don't want to pay for that hard work. I believe this is the flaw in the GNU license, and not open source in general. It is like stealing money from those who created the original work. Redhat spends a lot of money to develop their product, and others just copy it and give it away for free.
You do realize that technically Redhat is just skating by on the free give-aways of others, too, don't you?
I mean, as I understand the whole Linux thing. Feel free to correct me.
Parent
Re:Is This Bus Syndrome? (Score:5, Insightful)
It is like stealing money from those who created the original work. Redhat spends a lot of money to develop their product, and others just copy it and give it away for free.
Not to diminish the contribution by Red Hat, which is pretty extensive, the above argument is invalid. Red Hat did not create the products included in their distributions. They take existing free software, package it, and sells it as part of a complete package, including support. The software is still free.
Some projects whose products are included in Red Hat distributions were created by Red Hat and staffed by Red Hat personnel. They chose the GPL anyway. They have even purchased several companies and relicensed the products of those companies under the GPL. Do you really think that Red Hat would have done this if they thought that this would severely impact their business?
We periodically see companies trying to make open source products switch to closed source for this very reason.
Those companies are in a very different situation. They own the copyrights to their entire code base, and are thus able to change the license to a proprietary one if they think that it will create an advantage. Companies like Red Hat cannot do this, since many of the components of their products are free software. They could have done it with those components that they have written themselves, or acquired the producers of, but they mostly haven't.
While legal, I think it is morally wrong.
Why? Not even Red Hat think so. They argue that people or organizations that have little or no money are not their target market, and thus, it doesn't impact them that those instead use free rebuilds of their product. In fact, it is a better option for them than to use a completely different distribution, such as a Debian one, since using CentOS means that you are already used to their distribution, and may become a customer in the future when you have acquired the financial capabilities, as well as the demand for commercial support contracts.
Parent
Re:Peace (Score:5, Funny)
Right. Just ask Gov Mark Sanford.
He was just out hiking the Appalachian Trail and his staff and the media and his constituents got all verklempt.
Parent
Re:Peace (Score:5, Funny)
Maybe he killed his wife and needs some time to remove the passenger front seat. Takes some time to clean up you know? Geez, cut him some slack!
Parent
Re:Peace (Score:5, Funny)
But still, would it really be that hard to post something like "Wife dead, BRB" on the mailing list?
Parent
Wedding bells? (Score:5, Funny)
Maybe he and Alan Cox have eloped?
Insert your own reiserfs joke here... (Score:5, Funny)
Brazil (Score:5, Funny)
Maybe he's hiking in Brazil. Did anyone ever think of that?
Let's just hope for the best (Score:5, Interesting)
This kind of thing really scares me, because this is exactly what it happens when someone dies, for example: the data/information stream coming from them on the web simply ceases to exist. Also, this is one of the main reasons why important projects should have their main assets handled by a group of people, and not have things centralized. If the worst has happened, CentOS will be forced to fork their project and start over.
But let's just hope I'm spewing bullshit and he's just pissed off.
Mr. and Mrs. Smith (Score:5, Funny)
It'd be be like Mr. and Mrs. Smith, but really nerdy.
Parent
Wait a little more (Score:4, Informative)
This sort of open letter should really be a last-resort kind of thing, but their letter says
When I (Russ) try to call the phone numbers for UK Linux, and for you individually, I get a telco intercept 'Lines are temporarily busy' for the last two weeks. Finally yesterday, a voicemail in your voice picked up, and I left a message urgently requesting a reply.
If they left a vm yesterday, they should give it at least until Monday before publicly humiliating the guy. Being a few days late in answering voiemail isn't odd at all. Also, is it out of the question to try and get someone to check his house personally? A team of 10 people have got to know someone in the UK.
Re:Wait a little more (Score:5, Informative)
If they left a vm yesterday, they should give it at least until Monday before publicly humiliating the guy. Being a few days late in answering voiemail isn't odd at all.
If you read the information at http://planet.centos.org/ [centos.org], it appears to be a little worse than that.
They say that Davis vanished from the project "some time in 2008". Given that we're more than halfway through 2009, that means he's been gone for the better part of a year, maybe more. Also, they've been asking for quite some time for him to provide a public accounting of the funds collected from contributions to CentOS, and Lance stopped answering their questions months ago. It sounds like they've recently gotten serious about trying to get some answers and discovered that he's completely inaccessible.
It may just be that he's gone on vacation, but given that he's been refusing to answer questions for months about what has happened to what is probably a fairly large amount of money, I think their concern isn't at all unreasonable.
Parent
Re:Wait a little more (Score:5, Informative)
Parent
Re:Wait a little more (Score:5, Insightful)
Oh, and nobody goes on holiday without contact for over 24 hours, do they? I bring a laptop and a smartphone with me wherever I go. Even when I visited Northern Africa, I made sure to get online at least once a day to check, act on, and reply to my email.
Its not a vacation if you can find me.
I leave my cell, laptop, etc home. For my last trip, I told my co-workers what park I would be in and that if something went south that they can call the park ranger and then hope that they can find me.
I want to get away from the the regular grind, not bring them with me :-)
Parent
Re:Wait a little more (Score:5, Funny)
Rambo V: Systems Administrator.
This time... it's technical.
Parent
medical problems (Score:5, Insightful)
As someone who recently had medical problems that sprung up over night, I can honestly say that there could be other reasons he's not responding. I guess an open letter is as good a way as any to try to get in touch with him, but the tone of the letter is beyond ignorant. It's more accusatory than anything (which may be justified), but it's certainly not a sign of professionalism. If anything, it shows that he may have been correct in managing the project without the petulant "help" of the other developers.
Re:medical problems (Score:5, Informative)
Parent
An Alternative (Score:5, Informative)
There's a danger when one guy has complete control of the project. Not even Linus has that. If the guy bolts or drops dead, you're left in limbo.
If you need a similar compatible version of RH Enterprise Linux, I'd suggest Scientific Linux [wikipedia.org]. It's made by the staff at Fermi Labs (and CERN as well) as a uniform OS platform for all their experiments, and is basically RHEL compiled from source. Like RHEL, it can also be used as a general purpose OS (it just includes a lot of science packages, especially stuff for physics). It's supposed to be 100% compatible, or very very close, and the Fermi guys distribute the ISO's online.
Come on (Score:4, Insightful)
I like CentOS a lot, but still
It's open source, if anything goes _really_ wrong, fork. The source is there, all references to the "Proeminent Linux vendor" properly stripped, etc
It's less work than start from scratch again from the "proeminent linux vendor"
More background info at ... (Score:5, Informative)
http://planet.centos.org/
You can read a bit more there what has happened.
Three words... (Score:5, Insightful)
Follow The Money.
At first when I was reading the story, I was all like, "oh, guy with only keys to kingom hit by a bus?", then I saw how he controlled the funds and I was all like "he's so on a beach in the tropics threatening to burn the hotel down if he doesn't get his paper umbrella".
Seriously though, I hope it's simply a case of needing a break, not something more ominous. I like CentOS, and I'd hate to see the project fall apart due to losing one key person.
Interesting blog post... (Score:5, Informative)
Read the post here. [blogspot.com]
Not an atypical problem (Score:5, Insightful)
i don't think that this an atypical problem, neither inside or outside the
open source community. We have people giving ressources of to projects
(e.g. time, money). Usually they expect something in return (e.g. recognition,
influence). Normally those expectations are never stated explecitely. So what
happens: Someone sees his expectations not met, so he cuts the ressources he
gives. Usually this goes together with hurt feelings as well, so he tries to
get a refund by keeping assets (domains, money, passwords, etc.).
Same thing happened with other OSS projects (e.g. Blastwave) and non
profit organisations (e.g. Hannelore Kohl Stiftung here in germany).
You cannot fix this. When you try to fix it, you need a board and a charta
right at the beginning. Too many projects would already die here and would
never get to the stage where a quitting founder brings a crisis. In the worst
case now: they have to start at the current status again under a new name.
CU, Martin
P.S. This shell not be a factual description, what happened in this project.
This is only a description of things i observed elsewhere and would expect
to find here too.
Out to Lunch (Score:5, Funny)
Lance Davis, the first editor of Centos, who never actually resigned from his job. He simply left one morning for lunch and never returned to his office, making all later holders of the position "Acting Editors." His old office is still preserved by the Centos volunteers in the hope that he will return. His desk sports a sign that reads "Missing, presumed fed."
Re:Eggs. Basket. (Score:5, Insightful)
Does anyone know about his personal financial situation? It is not unknown for people to borrow against their business or organization to fix personal financial problems with a "promise" to pay it back "when things get better". Since he has not provided any financial statements from the organization, I'm leaning towards this.
Parent
Re:Eggs. Basket. (Score:5, Insightful)
Maybe he *was* hit by a bus.
Parent
Re:Excellent example.... (Score:5, Insightful)
As opposed to with closed source projects, where when someone walks away with all the passwords everything's just fucking fine and peachy, right?
Parent
Re:Not the first time... (Score:5, Interesting)
Ubuntu Server?
No offense to the Ubuntu team intended (or to you) but that's not exactly a hardened OS with the kind of long term support one needs in a data center.
If low budget to you is a simple LAMP stack- then maybe. But no one has been beating up on Ubuntu server- and it really needs professional QA before anyone tries to use it for more than a novelty.
The logical alternative for new deployments would be Debian, if you wanted to dump RPM based systems.
Parent
Re:Not the first time... (Score:5, Interesting)
Ubuntu has slowly made it's way to the data center over the last couple years and it's doing quite well. Typically admins will use the LTS versions which are supported for 5 years. You can also upgrade directly from one LTS version to the next LTS when it comes out, no need to hit any of the minor version in between.
Ubuntu is seeing HEAVY use in virtualized environments, like Amazon EC2, and since it's built off of Debian it inherits much of that distribution's stability and polish.
I've been a professional Linux admin for 15 years, have run everything from Red Hat, Cent OS, Gentoo to Debian in the data center and definitely think Ubuntu Server has its spot in the data center as well.
Parent
Re:tradgedy (Score:5, Funny)
Exactly 66% of the four CentOS users are affected.
Parent
Re:He took the money (Score:5, Funny)
I'm not sure how far he's gonna get with $27.50, a bag of skittles, and an old copy of 2600.
Parent