On Tue, Sep 12, 2017 at 12:19 PM, Michael Han <[EMAIL PROTECTED]> wrote:
Based on what I've seen so far I don't know what happened. However your
comment on the jira here
https://issues.apache.org/jira/browse/INFRA-13916
"Here the top of commit has commit has
c14cdd3673ebdd8014118ec961068ee51f2327b1, instead of
a1b9460dbfaf9e96aa958d805cf6cf11c8d01d0f, which is expected. "
is one of the things which lead me to my conclusions.

I'm not sure we'll ever know at this point. It's one of the reasons why I
thought/think force pushes should be disallowed, in particular because it's
so hard to know what happened when and track the impact.

From what I can see at this point in time, while the hashes differ it looks
like it's not malicious, which is my primary concern. I diffed some of the
branches and while the hash differs I have not see diffs in the code
itself. My testing has not be exhaustive however.

Patrick
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB