Exhibit A: All of the links are legit.
Exhibit B: https://twitter.com/#!/izs/status/177564294899183616
It sure would be nice, though, if Isaac confirmed.
--Josh
On Wed, Mar 7, 2012 at 8:26 PM, mgutz <mario.l....@gmail.com> wrote:
> I received an email asking me to reset my account. Is this legit? No mention
> here.
>
> --
> Job Board: http://jobs.nodejs.org/
> Posting guidelines:
> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
> You received this message because you are subscribed to the Google
> Groups "nodejs" group.
> To post to this group, send email to nod...@googlegroups.com
> To unsubscribe from this group, send email to
> nodejs+un...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/nodejs?hl=en?hl=en
--
Joshua Holbrook
Engineer
Nodejitsu Inc.
jo...@nodejitsu.com
WTF? "Have been compromised"? It always was that way, and as long as you
use strong passwords, it's no problem. You're suggesting it was some
kind of attack/mistake/..., but that's not the case. It was "Couch can't
do that? Well, then we can't."
I really don't understand the buzz.
There will always be some hubbub and buzz around things like this. I
emailed people directly in an attempt to minimize the publicity for
long enough for the affected users to get a chance to reset their
passwords. Also, I figured that the people actually involved would be
a bit more likely to actually read the details, rather than try to fan
this into a bigger story than it really is.
Not to be dismissive, of course. It's a real cause for concern. But
this is the sort of thing that often ends up with people shouting that
"node is insecure, npm packages are all compromised", etc, etc. It's
not about protecting reputations -- FUD can actually make a real
problem harder to solve properly. Truth and facts are much better.
There will be a blog post early next week, for anyone who didn't get the email.