It's hard to maintain open source software that needs infrastructure. Everyone is a volunteer and it's not like the Mandriva project has the resources to fully vet people as well as have a high quality RBAC and access control system. This guy sounds like maintained a large project, offered to help, and Mandriva saw the Trojan horse as a way to alleviate a lot of their problems.<p>And it didn't sound like he was able to "nuke everything" - it sounds like he had access to their repository infrastructure (which is reasonable given he was volunteering to host it) and then lashed out.<p>If anything, I think it's a bigger organizational red flag that they agreed to privately host their source code on some random git forge and not a larger, more communal one. I mean, even if they didn't want to use GitHub (did this even cost money for them) then there are other providers to choose from.<p>It just sounds like the Mandriva maintainers are trusting and good folk who may be overworked running an open source project and that led to a bad apple entering the bunch. It's hard for me to be mad in that kind of situation.