Rocky project contingency war room - infrastructure security planning

February 26, 2026 at 2:29 AMstrategycritical

Situation

Committed to scheduling a war room meeting to create a detailed, step-by-step contingency plan for securing Rocky infrastructure (AWS, FreeIPA) against potential hostile action by former members. Plan assumes an outage will be necessary to revoke access. Technical cutover to be planned before legal letters are sent.

Reasoning

The threat is credible — former members have existing access to critical infrastructure including FreeIPA (primary auth) and the Secure Boot key approval committee. Planning the technical cutover BEFORE legal letters are sent gives the ability to execute infrastructure lockdown simultaneously with legal action — removing leverage before the adversary can act. A planned outage is far better than an adversarial one.

Additional Context

Part of Linux Leadership Sync all-day session. Legal letters are being prepared separately (company-level decision involving Greg and legal). Peter owns the technical contingency planning.

Observed Evidence

Fathom Pt 4: 'A war room meeting will be scheduled to create a detailed, step-by-step plan for securing Rocky infrastructure in case of a hostile takeover.' Risk: 'Lewis has access to the Secure Boot key and is on the approval committee, which could cause delays in signing new kernels.' Assumption: 'An outage will be required to revoke access, as FreeIPA is the primary authentication system.'

Matching Patterns

50%

Small Circle for Sensitive Operations(keyword match (contingency, hostile), same category (strategy))

Confidence Breakdown

30/35

Evidence

20/30

Pattern

17/20

Source

7/15

Corroboration

Reasoning Depth Analysis

Org Signal:CIQ treats Rocky infrastructure security as a strategic asset worth protecting with legal and technical measures simultaneously

Who Affected:The entire Rocky community depends on this infrastructure; unplanned sabotage outage would be far worse than planned maintenance

Precedent:Establishes that CIQ will plan and execute infrastructure security proactively, not reactively

Consequences:An outage IS expected during cutover — but planned is far better than adversarial

Timing:Legal letters are being prepared; technical plan must be ready BEFORE they are sent

People Involved

Nathan Blackham, Justin Haynes, Max Spevack

Source

reflection

AI Confidence

74%

Related Context

🎥

Linux Leadership Sync Pt 4

fathom

Peter: Schedule a 'war room' meeting to create a detailed, step-by-step contingency plan for the Rocky project. Assumes outage necessary to revoke access via FreeIPA.

Outcome

No outcome recorded yet.

Decision ID: 3f004d5a-710f-465b-86ba-982eb5845ba9