Hats off to the peo­ple han­dling the recent secu­ri­ty inci­dent

I pull my hat to the peo­ple han­dling the recent secu­ri­ty inci­dent on the FreeB­SD infra­struc­ture.

Guys:

  • Thanks a lot for the count­less hours you invest­ed to find and close the ini­tial attack vec­tor.
  • Thanks a lot for the count­less hours you invest­ed to get the machines back to a well known state.
  • Thanks a lot for the count­less hours you invest­ed to ver­i­fy the source repos­i­to­ry.
  • Thanks a lot for the count­less hours you invest­ed to get back to a trust­ed pack­age build­ing envi­ron­ment.
  • Thanks a lot for the count­less hours you invest­ed to get the “remain­ing” infra­struc­ture (and every­thing else I for­got to men­tion) back into a good state.

Or in short: Thanks a lot for the count­less hours you invest­ed to get us from “we’re bust­ed” to “we’re back”.

And last but not least, thanks for the deci­sion to be bet­ter safe than sor­ry regard­ing our user­base (while it is the only way to han­dle some­thing like this in a OSS project, I unfor­tu­nate­ly think it has to be men­tioned instead of tak­ing it as an obvi­ous deci­sion).

Send to Kin­dle

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.