OpenMandriva Linux Says Angry Contributor Wiped Years of Work

A developer with admin keys deleted repositories and pushed a package that could have broken user systems, after a dispute over the project's direction.

ThreatVectr Newsdesk· 3 min read
Photoreal news-editorial image, full frame 16:9, of an abandoned open source developer workstation at night: dark room, glowing monitor showing a terminal with
Share

Key points

  • OpenMandriva, a community-run Linux operating system, said a contributor deleted repositories and pushed a harmful package in November 2025.
  • The developer named by the project is Davide Beatrici, best known as the lead developer of the Mumble voice chat app.
  • Beatrici held administrator rights because he had previously helped mirror the project's code to his own private server.
  • He denies the word "sabotage" but confirms he deleted the GNOME and Cosmic desktop repositories and pushed a package that would remove them from users' systems.
  • OpenMandriva says it is restoring the data and will not press criminal charges.

OpenMandriva, a small Linux distribution run by volunteers, says one of its own contributors tried to burn the project down from the inside.

The project is a free operating system, an alternative to Windows or macOS, kept alive by a handful of maintainers since it forked from the older Mandriva Linux in 2012. It is not a household name. But thousands of people run it, and the code that makes it work lives in shared online repositories that any trusted developer can edit.

That trust is the story here.

According to a forum post by long-time maintainer AngryPenguin, first reported by BleepingComputer, the trouble started with an internal dispute. Some contributors clashed. People left. Then a developer named Davide Beatrici, a friend of one of the people at the centre of the row, decided to act.

Beatrici had administrator privileges on the project's code, meaning he could add, change or delete files at will. He had those keys because he had earlier helped the team mirror their code to a server he ran himself. In practice, nobody had taken the keys back when the friendship soured.

What did the contributor actually do?

He deleted the GitHub repositories for two desktop environments, GNOME and Cosmic, which are the graphical interfaces users see when they log in. The code represented nearly a decade of work.

Then he did something worse. He pushed an empty package to Cooker, which is OpenMandriva's development channel, and marked it as replacing GNOME and Cosmic. In plain English: any user who ran a routine update would have had those desktop environments quietly uninstalled from their machine. The failure mode here is that a normal software update, the kind we all click through without thinking, becomes the delivery mechanism for the damage.

Beatrici rejects the word "sabotage". In a statement to The Lunduke Journal he said his goal was never to harm the distribution or its users, and that he acted because other members had deleted a configuration file from his server without asking him first. He also complained that the project was focusing on rival desktops KDE and LXQt instead of the ones he cared about.

Whichever way you frame the motive, the effect was the same. A person with admin rights used them to break things other people depended on.

Should regular users be worried?

Probably not, if you act normally. OpenMandriva says it is restoring the deleted repositories and running a full audit to check for any other unauthorised changes. If you run OpenMandriva, hold off on major updates until the team confirms the Cooker channel is clean, and stick to the stable release in the meantime.

The team also said that although Beatrici's actions amount to a criminal offence in their view, they will not pursue legal action.

One thing the post-mortem will say, loud and clear: this was an access management failure long before it was a sabotage story. Admin rights had been handed out for a specific migration job years ago and never reviewed. When the relationship broke, the keys were still in the drawer.

Operational takeaway: audit who has write access to your repositories this week, not next quarter.

© 2026 Threat Vectr