On 2020-10-21 10:06:07 -0500 (-0500), Ghanshyam Mann wrote: [...]
Enabling the email notification to all the existing members of any core groups if there is any change in that group can help this. [...]
Yes, like I said, that doesn't seem to be a feature of Gerrit 2.13. It may have been added in a later version, but someone will need to check. We could also add our own auditing tools which anyone can run, for example group membership information can be queried from the REST API even by non-administrators. Something like this: <URL: https://opendev.org/opendev/system-config/src/commit/b5ee5e6eb8c30ff6e8a9ef9... > I wrote that some years back as an example for the folks who were regularly organizing "core reviewer parties" at summits, but it could be turned to more useful endeavors. Note that it probably needs some updating, I haven't tried running it in ages. Let's call that an exercise for the reader. ;) Just remember, as I've said already, while notification of suspicious group membership changes would be handy, this particular incident started with a compromised admin identity and the group escalation was really an unnecessary/secondary event weeks later. While it might help us catch future breaches, it wouldn't on its own have caught the initial intrusion for this one. -- Jeremy Stanley