Open Stack

On Wed, Oct 21, 2020 at 10:15 AM Marios Andreou <marios at redhat.com> wrote:

> Hi folks,
>
> as you are undoubtedly aware, gerrit was down yesterday. There was this
> email to service-announce [1] with more information about what happened
> (kudos Julia Kreger who sent [2] where I saw that). There is a list of
> changes [3] since October 1st that we should audit out of precaution and to
> be responsible and accountable to our community and users.
>
> As you can expect there are a great number of changes. I put a full commit
> list at [5]. I mined those from [3] - see [4] for info about the 'mining'
> and even better if someone has time to verify that I didn't miss any repos
> or commits.
>
> Please I need help from all core reviewers. We need to check that the
> commits in [5] appear valid and correct - remember the concern is for any
> changes that may have been merged by a compromised account. I propose that
> we do this via Gerrit and that we leave a comment - 'CHECKED' - on each
> review that we check? Hopefully we can cover all of these before the end of
> the week by distributing our efforts. I am open to other suggestions though
> if folks feel this is better done via some document/spreadsheet etc.
>
> Of course as stated in [1] it is a good idea for everyone to double check
> their account activity and make sure nothing is off,
>
> Thank you in advance for your help,
>
>
Hello tripleO

update on this effort: we have now "CHECKED" all the reviews in the list at
[5] and we haven't flagged anything as suspicious.

Thanks to everyone who jumped in and helped review those commits especially
Cédric Jeanneret, Mathieu Bultel
Emilien Macchi, Sandeep Yadav, Carlos Camacho, Harald Jensas, Francesco
Pantano, Giulio Fidente (sincere apologies if I missed someone - at least
these are the names I came across going through the list).

If folks have time and would still like to help please feel free to (e.g.
randomly) check some of the commits in the list to double check that we
didn't miss any.

thanks again for everyone's help

marios

marios
>
> [1]
> http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html
> [2]
> http://lists.openstack.org/pipermail/openstack-discuss/2020-October/018148.html
> [3] https://static.opendev.org/project/opendev.org/gerrit-diffs/
> [4] https://gist.github.com/marios/a44a55998531354dc3d634dddeadf1c0
> [5] https://gist.github.com/marios/d1b774c827769373b67d3988105140dd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20201022/d4c72dc7/attachment-0001.html>