[Rdo-list] Mailing list incident, post mortem
rbowen at rcbowen.com
Thu Jan 22 18:22:03 UTC 2015
Thank you all for your patience over the last few days with the
unsubscribe messages. I've been working with Red Hat infosec to figure
out what happened, and I want to let you know what we found out, and
allay your concerns.
First of all, it appears that this incident was 100% my fault. It
appears, from server logs, very clear that I pasted a list of email
addresses into a subscribe form and pressed submit, or enter, or
otherwise submitted the form.
That I didn't do this intentionally, I hope you can believe, but,
rather, that it happened in a moment of stupidity or absentmindedness of
So, the good news is, it doesn't appear that the list was compromised in
What is not clear at this moment is where these email addresses came
from, and how they got into my paste buffer, since some of them were
familiar to me, and others were not. I'm still trying to find the common
With the help of Red Hat IT, we've identified the entire list of
addresses, and unsubscribed them. There were, apparently some false
positives in there, and some of those people have resubscribed. To them,
again, I'm very sorry.
Rich Bowen - rbowen at rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon
More information about the dev