Hi! Most of you already know that Gerrit has been compromised a while ago [1]. Infra team has dealed with it very efficiently and I can assure you that this issue hasn't touched openstack-ansible project. I have looked through all commits that were merged in period from Oct 1 - Oct 21 (and we've got more than 200 of them during this timeframe, wow!), and all of them look valid and were properly approved. I have also double checked our releases and didn't found any extra or malicious ones. So we are pretty safe and can sleep calm [1] http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html -- Kind Regards, Dmitriy Rabotyagov