[Rdo-list] Mailing list incident, post mortem

Thank you all for your patience over the last few days with the unsubscribe messages. I've been working with Red Hat infosec to figure out what happened, and I want to let you know what we found out, and allay your concerns. First of all, it appears that this incident was 100% my fault. It appears, from server logs, very clear that I pasted a list of email addresses into a subscribe form and pressed submit, or enter, or otherwise submitted the form. That I didn't do this intentionally, I hope you can believe, but, rather, that it happened in a moment of stupidity or absentmindedness of something. So, the good news is, it doesn't appear that the list was compromised in any way. What is not clear at this moment is where these email addresses came from, and how they got into my paste buffer, since some of them were familiar to me, and others were not. I'm still trying to find the common thread. With the help of Red Hat IT, we've identified the entire list of addresses, and unsubscribed them. There were, apparently some false positives in there, and some of those people have resubscribed. To them, again, I'm very sorry. -- Rich Bowen - rbowen(a)rcbowen.com - @rbowen http://apachecon.com/ - @apachecon