-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FYI - ---------- Forwarded Message ----------
Subject: Last week's incident: follow-up and full disclosure Date: Tuesday, May 29, 2012, 8:03:00 PM From: Daniel Shahaf <d...@daniel.shahaf.name> To: committ...@apache.org CC: r...@apache.org All, Last week we asked you to change your passwords. In follow-up of the same incident, we have now: 1) Changed the password of those of you (more than a thousand) who have not done so themselves since May 23. If you are one of those people, your password will appear to "just stop working"; the solution is to reset it on <https://id.apache.org/reset/enter>. 2) Released a "full disclosure" blog post: https://blogs.apache.org/infra/entry/apache_org_incident_report_for (shortlink: <http://s.apache.org/zZ>) We would also like to thank everyone for the prompt response to our previous email, and for not publicizing the matter in the past few days whilst it was being resolved. Questions about your account should be sent to r...@apache.org only. Cheers, Daniel for the Infrastructure Team P.S. If you are all going to click that URL at once, please get the Roller PMC a beer if blogs stays up --- and the ATS PMC a beer if it doesn't. :-) - ----------------------------------------- - -- - ------------------------------- Josh Thompson VCL Developer North Carolina State University my GPG/PGP key can be found at pgp.mit.edu All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEARECAAYFAk/FFoIACgkQV/LQcNdtPQN2qACeN2GBOUUc8Seid6bUWT4obzMZ sFMAn3Tjl17sRXnTI6Iqu3Nd/z49fZ+2 =zJRV -----END PGP SIGNATURE-----
