[TripleO] Douglas Viroel for tripleo-ci core
Hello TripleO ( & happy new year :) \o/ ) I'd like to propose Douglas Viroel [1] for core on the tripleo-ci repos (openstack/tripleo-ci, openstack/tripleo-quickstart-extras, openstack/tripleo-quickstart, openstack/tripleo-repos). Doug joined the team last year and besides his code contributions he has also been consistently providing many very useful and thoughtful code reviews. I think he will be an excellent addition to the ci core team. As is customary, let's leave this thread open for a week and if there are no objections or other concerns then we add Doug to the core group next week. thanks, marios [1] https://review.opendev.org/q/owner:viroel%2540gmail.com
On Tue, Jan 4, 2022 at 6:46 PM Marios Andreou <marios@redhat.com> wrote:
Hello TripleO ( & happy new year :) \o/ )
I'd like to propose Douglas Viroel [1] for core on the tripleo-ci repos (openstack/tripleo-ci, openstack/tripleo-quickstart-extras, openstack/tripleo-quickstart, openstack/tripleo-repos).
Doug joined the team last year and besides his code contributions he has also been consistently providing many very useful and thoughtful code reviews. I think he will be an excellent addition to the ci core team.
As is customary, let's leave this thread open for a week and if there are no objections or other concerns then we add Doug to the core group next week.
+ 2 for Doug :-) Thanks, Chandan Kumar
+1 On Tue, Jan 4, 2022 at 6:46 PM Marios Andreou <marios@redhat.com> wrote:
Hello TripleO ( & happy new year :) \o/ )
I'd like to propose Douglas Viroel [1] for core on the tripleo-ci repos (openstack/tripleo-ci, openstack/tripleo-quickstart-extras, openstack/tripleo-quickstart, openstack/tripleo-repos).
Doug joined the team last year and besides his code contributions he has also been consistently providing many very useful and thoughtful code reviews. I think he will be an excellent addition to the ci core team.
As is customary, let's leave this thread open for a week and if there are no objections or other concerns then we add Doug to the core group next week.
thanks, marios
+1 On Tue, Jan 4, 2022 at 3:17 PM Marios Andreou <marios@redhat.com> wrote:
Hello TripleO ( & happy new year :) \o/ )
I'd like to propose Douglas Viroel [1] for core on the tripleo-ci repos (openstack/tripleo-ci, openstack/tripleo-quickstart-extras, openstack/tripleo-quickstart, openstack/tripleo-repos).
Doug joined the team last year and besides his code contributions he has also been consistently providing many very useful and thoughtful code reviews. I think he will be an excellent addition to the ci core team.
As is customary, let's leave this thread open for a week and if there are no objections or other concerns then we add Doug to the core group next week.
thanks, marios
-- Best regards Sagi Shnaidman
+1 On Tue, Jan 4, 2022 at 6:40 PM Marios Andreou <marios@redhat.com> wrote:
Hello TripleO ( & happy new year :) \o/ )
I'd like to propose Douglas Viroel [1] for core on the tripleo-ci repos (openstack/tripleo-ci, openstack/tripleo-quickstart-extras, openstack/tripleo-quickstart, openstack/tripleo-repos).
Doug joined the team last year and besides his code contributions he has also been consistently providing many very useful and thoughtful code reviews. I think he will be an excellent addition to the ci core team.
As is customary, let's leave this thread open for a week and if there are no objections or other concerns then we add Doug to the core group next week.
thanks, marios
-- *Amol Kahat* Software Engineer *Red Hat India Pvt. Ltd. Pune, India.* akahat@redhat.com B764 E6F8 F4C1 A1AF 816C 6840 FDD3 BA6C 832D 7715
+1 absolutely On Tue, Jan 4, 2022 at 11:25 AM Amol Kahat <akahat@redhat.com> wrote:
+1
On Tue, Jan 4, 2022 at 6:40 PM Marios Andreou <marios@redhat.com> wrote:
Hello TripleO ( & happy new year :) \o/ )
I'd like to propose Douglas Viroel [1] for core on the tripleo-ci repos (openstack/tripleo-ci, openstack/tripleo-quickstart-extras, openstack/tripleo-quickstart, openstack/tripleo-repos).
Doug joined the team last year and besides his code contributions he has also been consistently providing many very useful and thoughtful code reviews. I think he will be an excellent addition to the ci core team.
As is customary, let's leave this thread open for a week and if there are no objections or other concerns then we add Doug to the core group next week.
thanks, marios
-- *Amol Kahat* Software Engineer *Red Hat India Pvt. Ltd. Pune, India.* akahat@redhat.com B764 E6F8 F4C1 A1AF 816C 6840 FDD3 BA6C 832D 7715
Can someone take me off this list. I don’t know why I’m on it. Please.
On Jan 4, 2022, at 11:32 AM, Ronelle Landy <rlandy@redhat.com> wrote:
+1 absolutely
On Tue, Jan 4, 2022 at 11:25 AM Amol Kahat <akahat@redhat.com> wrote: +1
On Tue, Jan 4, 2022 at 6:40 PM Marios Andreou <marios@redhat.com> wrote: Hello TripleO ( & happy new year :) \o/ )
I'd like to propose Douglas Viroel [1] for core on the tripleo-ci repos (openstack/tripleo-ci, openstack/tripleo-quickstart-extras, openstack/tripleo-quickstart, openstack/tripleo-repos).
Doug joined the team last year and besides his code contributions he has also been consistently providing many very useful and thoughtful code reviews. I think he will be an excellent addition to the ci core team.
As is customary, let's leave this thread open for a week and if there are no objections or other concerns then we add Doug to the core group next week.
thanks, marios
-- Amol Kahat Software Engineer Red Hat India Pvt. Ltd. Pune, India. akahat@redhat.com B764 E6F8 F4C1 A1AF 816C 6840 FDD3 BA6C 832D 7715
On 2022-01-04 12:00:53 -0500 (-0500), Jason Poulin wrote:
Can someone take me off this list. I don’t know why I’m on it. Please. [...]
I've unsubscribed this user; it appears an attacker managed to brute-force a mailman confirmation key for a subscription request. This hole should hopefully be plugged once we migrate to Mailman v3, which employs stronger hashes for subscription confirmations. -- Jeremy Stanley
On Tue, Jan 4, 2022 at 7:27 PM Jeremy Stanley <fungi@yuggoth.org> wrote:
On 2022-01-04 12:00:53 -0500 (-0500), Jason Poulin wrote:
Can someone take me off this list. I don’t know why I’m on it. Please. [...]
I've unsubscribed this user; it appears an attacker managed to brute-force a mailman confirmation key for a subscription request. This hole should hopefully be plugged once we migrate to Mailman v3, which employs stronger hashes for subscription confirmations.
thanks fungi for looking into that and removing that person but does it mean we potentially have more folks being spammed by us on a regular basis :/ is there a way to know all the addresses that were subscribed in this way and remove them all? regards, marios
-- Jeremy Stanley
On Wed, Jan 5, 2022 at 2:48 PM Marios Andreou <marios@redhat.com> wrote:
On Tue, Jan 4, 2022 at 7:27 PM Jeremy Stanley <fungi@yuggoth.org> wrote:
On 2022-01-04 12:00:53 -0500 (-0500), Jason Poulin wrote:
Can someone take me off this list. I don’t know why I’m on it. Please. [...]
I've unsubscribed this user; it appears an attacker managed to brute-force a mailman confirmation key for a subscription request. This hole should hopefully be plugged once we migrate to Mailman v3, which employs stronger hashes for subscription confirmations.
thanks fungi for looking into that and removing that person but does it mean we potentially have more folks being spammed by us on a regular basis :/ is there a way to know all the addresses that were subscribed in this way and remove them all?
sorry... am guessing you would have done it already if there were a way... Asking all subscribers to validate their address/subscription would be a big pain... but how else can we address it?
regards, marios
-- Jeremy Stanley
On 2022-01-05 14:48:35 +0200 (+0200), Marios Andreou wrote:
thanks fungi for looking into that and removing that person but does it mean we potentially have more folks being spammed by us on a regular basis :/
Yes, I clean them up when they come to my attention.
is there a way to know all the addresses that were subscribed in this way and remove them all?
Not easily, because it's exploiting the subscription confirmation mechanism in Mailman, so it's indistinguishable from someone who received the confirmation message and followed the URL or replied. Usually the only way I can tell is that an address appears to have attempted to subscribe to a very large number of mailing lists (most/all published lists we host) but only one or two actually get confirmed. I'm trying to put together a heuristic to identify people who seem to have been subscribed under those circumstances via log analysis. The routine used to generate the cryptographic hash which serves as a confirmation token is too weak/short, and a (small) percentage of them are brute-forcible in a matter of hours by a determined attacker. We're working on an upgrade to Mailman 3, which uses much stronger authentication and confirmation tokens. I'm hoping we'll have it ready within a few months, but the migration will be somewhat disruptive as well since it's a rewrite of much of the underlying platform. -- Jeremy Stanley
On Wed, Jan 5, 2022 at 3:55 PM Jeremy Stanley <fungi@yuggoth.org> wrote:
On 2022-01-05 14:48:35 +0200 (+0200), Marios Andreou wrote:
thanks fungi for looking into that and removing that person but does it mean we potentially have more folks being spammed by us on a regular basis :/
Yes, I clean them up when they come to my attention.
is there a way to know all the addresses that were subscribed in this way and remove them all?
Not easily, because it's exploiting the subscription confirmation mechanism in Mailman, so it's indistinguishable from someone who received the confirmation message and followed the URL or replied. Usually the only way I can tell is that an address appears to have attempted to subscribe to a very large number of mailing lists (most/all published lists we host) but only one or two actually get confirmed. I'm trying to put together a heuristic to identify people who seem to have been subscribed under those circumstances via log analysis.
sounds neat (identifying those subscriptions in this way) ;)
The routine used to generate the cryptographic hash which serves as a confirmation token is too weak/short, and a (small) percentage of them are brute-forcible in a matter of hours by a determined attacker. We're working on an upgrade to Mailman 3, which uses much stronger authentication and confirmation tokens. I'm hoping we'll have it ready within a few months, but the migration will be somewhat disruptive as well since it's a rewrite of much of the underlying platform.
thanks for taking the time to explain regards
-- Jeremy Stanley
+1 On Tue, Jan 4, 2022 at 11:37 AM Ronelle Landy <rlandy@redhat.com> wrote:
+1 absolutely
On Tue, Jan 4, 2022 at 11:25 AM Amol Kahat <akahat@redhat.com> wrote:
+1
On Tue, Jan 4, 2022 at 6:40 PM Marios Andreou <marios@redhat.com> wrote:
Hello TripleO ( & happy new year :) \o/ )
I'd like to propose Douglas Viroel [1] for core on the tripleo-ci repos (openstack/tripleo-ci, openstack/tripleo-quickstart-extras, openstack/tripleo-quickstart, openstack/tripleo-repos).
Doug joined the team last year and besides his code contributions he has also been consistently providing many very useful and thoughtful code reviews. I think he will be an excellent addition to the ci core team.
As is customary, let's leave this thread open for a week and if there are no objections or other concerns then we add Doug to the core group next week.
thanks, marios
-- *Amol Kahat* Software Engineer *Red Hat India Pvt. Ltd. Pune, India.* akahat@redhat.com B764 E6F8 F4C1 A1AF 816C 6840 FDD3 BA6C 832D 7715
On Tue, Jan 4, 2022 at 3:08 PM Marios Andreou <marios@redhat.com> wrote:
Hello TripleO ( & happy new year :) \o/ )
I'd like to propose Douglas Viroel [1] for core on the tripleo-ci repos (openstack/tripleo-ci, openstack/tripleo-quickstart-extras, openstack/tripleo-quickstart, openstack/tripleo-repos).
Doug joined the team last year and besides his code contributions he has also been consistently providing many very useful and thoughtful code reviews. I think he will be an excellent addition to the ci core team.
As is customary, let's leave this thread open for a week and if there are no objections or other concerns then we add Doug to the core group next week.
having seen no objections ;) Doug is now in the tripleo-core gerrit group [1] @Doug thank you for your contributions o/ keep 'em coming ;) regards, marios [1] https://review.opendev.org/admin/groups/0319cee8020840a3016f46359b076fa6b6ea...
thanks, marios
Thank you all Looking forward to continue contributing to these projects \o/ On Tue, Jan 11, 2022 at 4:14 AM Marios Andreou <marios@redhat.com> wrote:
On Tue, Jan 4, 2022 at 3:08 PM Marios Andreou <marios@redhat.com> wrote:
Hello TripleO ( & happy new year :) \o/ )
I'd like to propose Douglas Viroel [1] for core on the tripleo-ci repos (openstack/tripleo-ci, openstack/tripleo-quickstart-extras, openstack/tripleo-quickstart, openstack/tripleo-repos).
Doug joined the team last year and besides his code contributions he has also been consistently providing many very useful and thoughtful code reviews. I think he will be an excellent addition to the ci core team.
As is customary, let's leave this thread open for a week and if there are no objections or other concerns then we add Doug to the core group next week.
having seen no objections ;) Doug is now in the tripleo-core gerrit group [1]
@Doug thank you for your contributions o/ keep 'em coming ;)
regards, marios
[1] https://review.opendev.org/admin/groups/0319cee8020840a3016f46359b076fa6b6ea...
thanks, marios
-- Douglas Viroel - dviroel
+1 On Tue, Jan 4, 2022 at 2:11 PM Marios Andreou <marios@redhat.com> wrote:
Hello TripleO ( & happy new year :) \o/ )
I'd like to propose Douglas Viroel [1] for core on the tripleo-ci repos (openstack/tripleo-ci, openstack/tripleo-quickstart-extras, openstack/tripleo-quickstart, openstack/tripleo-repos).
Doug joined the team last year and besides his code contributions he has also been consistently providing many very useful and thoughtful code reviews. I think he will be an excellent addition to the ci core team.
As is customary, let's leave this thread open for a week and if there are no objections or other concerns then we add Doug to the core group next week.
thanks, marios
participants (11)
-
Ade Lee
-
Amol Kahat
-
Chandan Kumar
-
Douglas
-
Jason Poulin
-
Jeremy Stanley
-
Jose Luis Franco Arza
-
Marios Andreou
-
Ronelle Landy
-
Sagi Shnaidman
-
Sandeep Yadav