http://lists.opendev.org/pipermail/service-announce/2020-October/000010.html
https://www.theregister.com/2020/10/21/opendev_gerrit_attack/
I’m guessing the Devs already know about this but i thought it might have been of interest…
1 Like
Hey @lucap,
Yes, we were made aware of the compromise and have been monitoring the situation. Additionally, we performed an independent audit of opendev packages that were incorporated into groovy in October looking for any sort of suspicious code changes, and discovered nothing of concern. We are also monitoring the progress of upstreams’ audits as well, which so far has not turned up anything.
Thanks for the heads up!
4 Likes
