[Rdo-list] Mailing list incident, post mortem

Rich Bowen rbowen at rcbowen.com
Thu Jan 22 18:22:03 UTC 2015


Thank you all for your patience over the last few days with the 
unsubscribe messages. I've been working with Red Hat infosec to figure 
out what happened, and I want to let you know what we found out, and 
allay your concerns.

First of all, it appears that this incident was 100% my fault. It 
appears, from server logs, very clear that I pasted a list of email 
addresses into a subscribe form and pressed submit, or enter, or 
otherwise submitted the form.

That I didn't do this intentionally, I hope you can believe, but, 
rather, that it happened in a moment of stupidity or absentmindedness of 
something.

So, the good news is, it doesn't appear that the list was compromised in 
any way.

What is not clear at this moment is where these email addresses came 
from, and how they got into my paste buffer, since some of them were 
familiar to me, and others were not. I'm still trying to find the common 
thread.

With the help of Red Hat IT, we've identified the entire list of 
addresses, and unsubscribed them. There were, apparently some false 
positives in there, and some of those people have resubscribed. To them, 
again, I'm very sorry.

-- 
Rich Bowen - rbowen at rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon




More information about the dev mailing list