On Wed, Oct 21, 2020 at 1:48 PM Giulio Fidente <gfidente at redhat.com> wrote: > On 10/21/20 9:15 AM, Marios Andreou wrote: > > Hi folks, > > > > as you are undoubtedly aware, gerrit was down yesterday. There was this > > email to service-announce [1] with more information about what happened > > (kudos Julia Kreger who sent [2] where I saw that). There is a list of > > changes [3] since October 1st that we should audit out of precaution and > > to be responsible and accountable to our community and users. > > > > As you can expect there are a great number of changes. I put a full > > commit list at [5]. I mined those from [3] - see [4] for info about the > > 'mining' and even better if someone has time to verify that I didn't > > miss any repos or commits. > > > > Please I need help from all core reviewers. We need to check that the > > commits in [5] appear valid and correct - remember the concern is for > > any changes that may have been merged by a compromised account. I > > propose that we do this via Gerrit and that we leave a comment - > > 'CHECKED' - on each review that we check? Hopefully we can cover all of > > these before the end of the week by distributing our efforts. I am open > > to other suggestions though if folks feel this is better done via some > > document/spreadsheet etc. > > > > Of course as stated in [1] it is a good idea for everyone to double > > check their account activity and make sure nothing is off, > > > > Thank you in advance for your help, > > > > marios > > > > [1] > http://lists.opendev.org/pipermail/service-announce/2020-October/000011.html > > [2] > http://lists.openstack.org/pipermail/openstack-discuss/2020-October/018148.html > > [3] https://static.opendev.org/project/opendev.org/gerrit-diffs/ > > [4] https://gist.github.com/marios/a44a55998531354dc3d634dddeadf1c0 > > [5] https://gist.github.com/marios/d1b774c827769373b67d3988105140dd > > thanks a lot Marios for looking into this and organizing activities > Yes, thanks a lot Marios++ ! > > do I understand correctly that our most immediate responsibility is to > go through the list of commits in [5] and compare what is actually in > the git repos with what was proposed in gerrit? > -- > Giulio Fidente > GPG KEY: 08D733BA > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20201021/bd2ac43b/attachment.html>