Enrico Zini, Mattia Rizzolo, Plagiarism & Debian

Plagiarism involves two elements:

• Obfuscating the identity of the person or group who really did the lion's share of the work and
• Giving undeserved credit to a different person or group who did little or nothing, people who came along later, etc

Linux distributions are particularly challenging when it comes to attribution of work. The package maintainers do very little work compared to the developers who created the software. Now we have the phenomena of Debian Developer titles for people who never developed anything at all and never will. They are put up on a pedestal to look down their noses at the real developers of upstream projects. Imagine groupies pretending that they are members of the band, despite not being able to play any instruments. The end user sees the identity of the distribution, such as Debian or Fedora, in a more prominent position than the names of real developers.

In recent times we've seen people go even further in their efforts to obfuscate who does the work. People have noticed the list of developers has been hacked to insult people for political reasons:

The Debian QA page, before it was hacked too, gives a better indication of my extensive status and rights as a skilled co-author of Debian. Looking at this, we can see the Not a Debian Developer is more than an insult, it demonstrates a chronic lack of integrity in the Debian "community".

The software for maintaining the web page is developed by Enrico Zini and Mattia Rizzolo. Looking in the Git repository, we can see that Zini and Rizzolo modified the code so that people can override the account status line, insert insults and obfuscate the identities of real developers:

The source code changes create a field in the database. The string itself, Not a Debian Developer, is not included as a value in the source code. This implies that Zini and Rizzolo are using DBA privileges to bypass the workflow and simply modify records in the database at will.

In any serious IT environment, especially in financial services, using DBA privileges in this manner will get you sacked immediately. In Debian politics, anything goes.

Nonetheless, we have proven the first part of plagiarism: obfuscating the identities of real developers. The first time my name appears in Debian appears to be way back in 1998 in a bug report. The callous manner in which they disappear people is abhorrent.

In an earlier blog, I looked at this from the perspective of modern slavery in Debian. They gave us a promise of recognition in exchange for our contributions. Now they are bouncing the cheques.

The second half of the plagiarism case rests on the misattribution of our work to people who contributed less.

The strongest evidence of this misattribution is the Non-Uploading / Non-Developing Developer scheme. Under the scheme, the cabal can give a Debian Developer title to somebody who did not contribute any code at all. The implication is that these people can include the title Debian Developer when applying to speak at a conference or applying for membership of another group. It is a form of privilege escalation and plagiarism all in one.

The people who obtained these titles are asking to be given the same title and the same respect as those of us who really did author and donate code to the project.

Therefore, this is not a one-on-one case of plagiarism, where one person creates a work and a different person puts their name on it. This is a group plagiarism, where some subset of the authors are obfuscated and at the same time, a group of stooges are invited to take credit for the joint work.

One of the most startling examples is a woman who attended multiple events with the former Debian Project Leader (DPL).

Here we see Molly de Blanc as president of the Open Source Initiative shortly after getting a Debian Developer title. Chris Lamb, the DPL, had endorsed her for the role of president. This is what privilege escalation looks like.