[Freezer][Keystone][Mistral][Monasca][Murano][Openstack-Chef][Openstack-Helm][Openstacksdk][Trove][Watcher][Zun] Action required: Gerrit code audit
Hello there, As per the `service-announce` on October 20 regarding Gerrit Outage Update email http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html, all project teams are required to audit changes for projects from 2020-10-01 to 2020-10-21. I'm reaching out to those projects in particular who the TC believes have not completed their audit yet. Let us know if you need any type of assistance in completing the audit. In case you didn’t know you needed to do this, feel free to reach out for support. Regards, Mohammed -- Mohammed Naser VEXXHOST, Inc.
On Mon, 2020-11-16 at 10:45 -0500, Mohammed Naser wrote:
Hello there,
As per the `service-announce` on October 20 regarding Gerrit Outage Update email http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html, all project teams are required to audit changes for projects from 2020-10-01 to 2020-10-21. I'm reaching out to those projects in particular who the TC believes have not completed their audit yet.
IIUC Kuryr reported audit results already [1]. [1] http://lists.openstack.org/pipermail/openstack-discuss/2020-October/018178.h...
Let us know if you need any type of assistance in completing the audit.
In case you didn’t know you needed to do this, feel free to reach out for support.
Regards, Mohammed
Hi, No suspicious things were found in Mistral since the beginning of October as it is mentioned in the initial email. Thanks Renat Akhmerov @Nokia On 17 Nov 2020, 00:49 +0700, Michał Dulko <mdulko@redhat.com>, wrote:
On Mon, 2020-11-16 at 10:45 -0500, Mohammed Naser wrote:
Hello there,
As per the `service-announce` on October 20 regarding Gerrit Outage Update email http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html, all project teams are required to audit changes for projects from 2020-10-01 to 2020-10-21. I'm reaching out to those projects in particular who the TC believes have not completed their audit yet.
IIUC Kuryr reported audit results already [1].
[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-October/018178.h...
Let us know if you need any type of assistance in completing the audit.
In case you didn’t know you needed to do this, feel free to reach out for support.
Regards, Mohammed
I just went over the Chef repos and they all look good to me. Thanks for reaching out! On Mon, Nov 16, 2020 at 8:16 AM Mohammed Naser <mnaser@vexxhost.com> wrote:
Hello there,
As per the `service-announce` on October 20 regarding Gerrit Outage Update email http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html , all project teams are required to audit changes for projects from 2020-10-01 to 2020-10-21. I'm reaching out to those projects in particular who the TC believes have not completed their audit yet.
Let us know if you need any type of assistance in completing the audit.
In case you didn’t know you needed to do this, feel free to reach out for support.
Regards, Mohammed
-- Mohammed Naser VEXXHOST, Inc.
-- Lance Albertson Director Oregon State University | Open Source Lab
Hi, Sorry for the delay, I checked murano repos, nothing suspicious was seen. Mohammed Naser <mnaser@vexxhost.com>于2020年11月16日 周一23:45写道:
Hello there,
As per the `service-announce` on October 20 regarding Gerrit Outage Update email http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html , all project teams are required to audit changes for projects from 2020-10-01 to 2020-10-21. I'm reaching out to those projects in particular who the TC believes have not completed their audit yet.
Let us know if you need any type of assistance in completing the audit.
In case you didn’t know you needed to do this, feel free to reach out for support.
Regards, Mohammed
-- Mohammed Naser VEXXHOST, Inc.
-- Thanks, Rong Zhu
Nothing suspicious on keystone repos. Best, Kristi On Mon, Nov 16, 2020 at 10:46 AM Mohammed Naser <mnaser@vexxhost.com> wrote:
Hello there,
As per the `service-announce` on October 20 regarding Gerrit Outage Update email http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html, all project teams are required to audit changes for projects from 2020-10-01 to 2020-10-21. I'm reaching out to those projects in particular who the TC believes have not completed their audit yet.
Let us know if you need any type of assistance in completing the audit.
In case you didn’t know you needed to do this, feel free to reach out for support.
Regards, Mohammed
-- Mohammed Naser VEXXHOST, Inc.
Nothing wrong in zun repos. | | Hongbin Lu | | Email:kira034@163.com | Signature is customized by Netease Mail Master On 11/17/2020 00:09, Mohammed Naser wrote: Hello there, As per the `service-announce` on October 20 regarding Gerrit Outage Update email http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html, all project teams are required to audit changes for projects from 2020-10-01 to 2020-10-21. I'm reaching out to those projects in particular who the TC believes have not completed their audit yet. Let us know if you need any type of assistance in completing the audit. In case you didn’t know you needed to do this, feel free to reach out for support. Regards, Mohammed -- Mohammed Naser VEXXHOST, Inc.
Updates: Only 4 projects left for audit. - https://etherpad.opendev.org/p/code-audit-gerrit-breach-tracker Let us know if you need any assistance or update if you already did and not posted on ML yet. -gmann ---- On Mon, 16 Nov 2020 09:45:04 -0600 Mohammed Naser <mnaser@vexxhost.com> wrote ----
Hello there,
As per the `service-announce` on October 20 regarding Gerrit Outage Update email http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html, all project teams are required to audit changes for projects from 2020-10-01 to 2020-10-21. I'm reaching out to those projects in particular who the TC believes have not completed their audit yet.
Let us know if you need any type of assistance in completing the audit.
In case you didn’t know you needed to do this, feel free to reach out for support.
Regards, Mohammed
-- Mohammed Naser VEXXHOST, Inc.
Ghanshyam Mann wrote:
Updates: Only 4 projects left for audit.
- https://etherpad.opendev.org/p/code-audit-gerrit-breach-tracker I looked up all patches for openstackSDK and could not find anything malicious there.
-- Thierry Carrez (ttx)
I also brought it up in our meeting last Thursday and gtema had looked through everything and didn't see anything suspect. The tracking etherpad should be up to date. -Kendall (diablo_rojo) On Fri, Nov 20, 2020, 9:04 AM Thierry Carrez <thierry@openstack.org> wrote:
Ghanshyam Mann wrote:
Updates: Only 4 projects left for audit.
- https://etherpad.opendev.org/p/code-audit-gerrit-breach-tracker I looked up all patches for openstackSDK and could not find anything malicious there.
-- Thierry Carrez (ttx)
Sorry for the delay, following the request, I confirm that the Watcher repos look OK. Thanks! Canwei Li | | licanwei_cn | | 邮箱:licanwei_cn@163.com | 签名由 网易邮箱大师 定制 On 11/23/2020 09:48, Kendall Nelson wrote: I also brought it up in our meeting last Thursday and gtema had looked through everything and didn't see anything suspect. The tracking etherpad should be up to date. -Kendall (diablo_rojo) On Fri, Nov 20, 2020, 9:04 AM Thierry Carrez <thierry@openstack.org> wrote: Ghanshyam Mann wrote:
Updates: Only 4 projects left for audit.
- https://etherpad.opendev.org/p/code-audit-gerrit-breach-tracker I looked up all patches for openstackSDK and could not find anything malicious there.
-- Thierry Carrez (ttx)
Hi, I have reviewed all the patches merged between 2020-10-01 and 2020-10-20, I can confirm that these Monasca repos look OK. https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/python... * I'm not following this repo, It looks ok for me, but maybe somebody could help to audit it: https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/puppet... Thanks, Martin (chaconpiza) El vie, 20 de nov. de 2020 a la(s) 16:57, Ghanshyam Mann ( gmann@ghanshyammann.com) escribió:
Updates: Only 4 projects left for audit.
- https://etherpad.opendev.org/p/code-audit-gerrit-breach-tracker
Let us know if you need any assistance or update if you already did and not posted on ML yet.
-gmann
---- On Mon, 16 Nov 2020 09:45:04 -0600 Mohammed Naser < mnaser@vexxhost.com> wrote ----
Hello there,
As per the `service-announce` on October 20 regarding Gerrit Outage Update email http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html , all project teams are required to audit changes for projects from 2020-10-01 to 2020-10-21. I'm reaching out to those projects in particular who the TC believes have not completed their audit yet.
Let us know if you need any type of assistance in completing the audit.
In case you didn’t know you needed to do this, feel free to reach out for support.
Regards, Mohammed
-- Mohammed Naser VEXXHOST, Inc.
---- On Sun, 22 Nov 2020 13:03:20 -0600 Martin Chacon Piza <martin@chaconpiza.com> wrote ----
Hi, I have reviewed all the patches merged between 2020-10-01 and 2020-10-20, I can confirm that these Monasca repos look OK.
https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/monasc... https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/python...
* I'm not following this repo, It looks ok for me, but maybe somebody could help to audit it:
https://static.opendev.org/project/opendev.org/gerrit-diffs/openstack/puppet...
Thanks Martin for the audit and confirmation. puppet-monasca repo is under puppet-openstack project and audited by Takashi Kajinami on Oct 22 as part of puppet-openstack audit. -gmann
Thanks, Martin (chaconpiza)
El vie, 20 de nov. de 2020 a la(s) 16:57, Ghanshyam Mann (gmann@ghanshyammann.com) escribió: Updates: Only 4 projects left for audit.
- https://etherpad.opendev.org/p/code-audit-gerrit-breach-tracker
Let us know if you need any assistance or update if you already did and not posted on ML yet.
-gmann
---- On Mon, 16 Nov 2020 09:45:04 -0600 Mohammed Naser <mnaser@vexxhost.com> wrote ----
Hello there,
As per the `service-announce` on October 20 regarding Gerrit Outage Update email http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html, all project teams are required to audit changes for projects from 2020-10-01 to 2020-10-21. I'm reaching out to those projects in particular who the TC believes have not completed their audit yet.
Let us know if you need any type of assistance in completing the audit.
In case you didn’t know you needed to do this, feel free to reach out for support.
Regards, Mohammed
-- Mohammed Naser VEXXHOST, Inc.
No suspicious changes noted for openstack-helm repos. On Mon, Nov 16, 2020 at 9:45 AM Mohammed Naser <mnaser@vexxhost.com> wrote:
Hello there,
As per the `service-announce` on October 20 regarding Gerrit Outage Update email http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html , all project teams are required to audit changes for projects from 2020-10-01 to 2020-10-21. I'm reaching out to those projects in particular who the TC believes have not completed their audit yet.
Let us know if you need any type of assistance in completing the audit.
In case you didn’t know you needed to do this, feel free to reach out for support.
Regards, Mohammed
-- Mohammed Naser VEXXHOST, Inc.
Hello there, This email is to confirm that all project teams have effectively completed the audit as per the October 20 Gerrit Outage Update email: http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html, Thank you all for your support, Regards, On Mon, Nov 16, 2020 at 10:45 AM Mohammed Naser <mnaser@vexxhost.com> wrote:
Hello there,
As per the `service-announce` on October 20 regarding Gerrit Outage Update email http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html, all project teams are required to audit changes for projects from 2020-10-01 to 2020-10-21. I'm reaching out to those projects in particular who the TC believes have not completed their audit yet.
Let us know if you need any type of assistance in completing the audit.
In case you didn’t know you needed to do this, feel free to reach out for support.
Regards, Mohammed
-- Mohammed Naser VEXXHOST, Inc.
-- Mohammed Naser VEXXHOST, Inc.
participants (13)
-
Gage Hugo
-
Ghanshyam Mann
-
Hongbin Lu
-
Kendall Nelson
-
Kristi Nikolla
-
Lance Albertson
-
licanwei
-
Martin Chacon Piza
-
Michał Dulko
-
Mohammed Naser
-
Renat Akhmerov
-
Rong Zhu
-
Thierry Carrez