[0x0]

Interesting choice that some machines will not be reinstalled, only "thoroughly audited".

[cperciva]

There are some systems (generally speaking, ones which were installed in the past few weeks) for which we know exactly what files should be installed and what their SHA256 hashes are. Thoroughly audited means "every single bit is correct".

[0x0]

Thanks for clarifying.

I assume if they had root though, they could theoretically install a rootkit in the MBR. Did you SHA256 verify the MBR too? :)

[cperciva]

I didn't (I'm not involved in cluster management) but I suspect that it was done by someone.

[3amOpsGuy]

They're probably one of the few projects with such a track record that we can take them at their word. Thoroughly audited will mean exactly that.

They're most definitely not amateurs, see the back catalogue for examples of 'how to do it right'

[batgaijin]

I'm surprised they weren't more transparent about that reasoning... maybe those machines were running everything within jails?