[TripleO] Douglas Viroel for tripleo-ci core
Marios Andreou
marios at redhat.com
Wed Jan 5 12:50:24 UTC 2022
On Wed, Jan 5, 2022 at 2:48 PM Marios Andreou <marios at redhat.com> wrote:
>
> On Tue, Jan 4, 2022 at 7:27 PM Jeremy Stanley <fungi at yuggoth.org> wrote:
> >
> > On 2022-01-04 12:00:53 -0500 (-0500), Jason Poulin wrote:
> > > Can someone take me off this list. I don’t know why I’m on it. Please.
> > [...]
> >
> > I've unsubscribed this user; it appears an attacker managed to
> > brute-force a mailman confirmation key for a subscription request.
> > This hole should hopefully be plugged once we migrate to Mailman v3,
> > which employs stronger hashes for subscription confirmations.
>
> thanks fungi for looking into that and removing that person
> but does it mean we potentially have more folks being spammed by us on
> a regular basis :/
> is there a way to know all the addresses that were subscribed in this
> way and remove them all?
>
sorry... am guessing you would have done it already if there were a way...
Asking all subscribers to validate their address/subscription would be
a big pain... but how else can we address it?
> regards, marios
>
> > --
> > Jeremy Stanley
More information about the openstack-discuss
mailing list