[openstack-ansible] Gerrit breach and auditing all commits since Oct 01

Dmitriy Rabotyagov noonedeadpunk at ya.ru
Wed Oct 28 16:40:48 UTC 2020


Hi!

Most of you already know that Gerrit has been compromised a while ago [1]. Infra team has dealed with it very efficiently and I can assure you that this
issue hasn't touched openstack-ansible project.

I have looked through all commits that were merged in period from Oct 1 - Oct 21 (and we've got more than 200 of them during this timeframe, wow!),
and all of them look valid and were properly approved. I have also double checked our releases and didn't found any extra or malicious ones.

So we are pretty safe and can sleep calm

[1] http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html


-- 
Kind Regards,
Dmitriy Rabotyagov




More information about the openstack-discuss mailing list