Hi folks, as you may have read at [1], several community servers have been compromised and where thus taken offline. Tiber, the server running REVU was among these. However I don't know, if tiber was compromised as well, but I wouldn't say that it was too unlikely, since it also was still running breezy.
During this weekend, I've set up a revu-instance on sparky (from the ubuntu-wire network). The setup is not yet complete, the following things are known to not yet work: - revu-tools: running revu-report is currently not yet supported, and probably won't be on sparky. - nuking uploads: need to look over the scripts involved with nuking first - auto-updating gpg keys from LP: currently, only manual updating of the keyring is supported (and it's a little bit fragile, I must have missed s.th. to adjust there somewhere) Since we cannot assume, that tiber was in fact not compromised, all the previously uploaded packages were not imported into the new instance. Also the database started completely empty. I've just finished to refill the database using some heuristics to create the necessary reviewer accounts. For this, I've taken the very last Changed-By: Email from gutsy changes for everyone in the ubuntu-dev group. I've set all passwords using pwgen, so you'll want to recover your passwords. If anything else is broken on the new revu instance as well, or you've got any questions, please contact me directly (via mail or irc in case I'm online). Since sparky is not the worlds most powerful box, please don't expect super performance of revu. Also, being part of ubuntu-wire means that there are quite a number of accounts on the box, which is suboptimal. Hence, it's planned to migrate revu to a different (faster) box which is also located at the university of erlangen in about two-three weeks. Of course tiber was not only used to host revu. If you had some data in your home-directories, which you definitely need to recover, I'll suggest to ask in #canonical-sysadmin for retrieval. To keep revu more secure, we'll also need to tighten the security policy for the new box. I'm thus sorry to say that we'll not be handing accounts in the same open manner we did for tiber, and may not be able to host any additional services apart from revu on it. I'm sorry for the inconvenience. Cheers, Stefan. -- [1]: https://lists.ubuntu.com/archives/loco-contacts/2007-August/001510.html
signature.asc
Description: This is a digitally signed message part.
-- Ubuntu-motu mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
