1 |
We believe this incident to be resolved and we have written an incident |
2 |
report: |
3 |
|
4 |
https://wiki.gentoo.org/wiki/Github/2018-06-28 |
5 |
|
6 |
Thanks to the community for their support during this incident. |
7 |
|
8 |
-A |
9 |
|
10 |
On Thu, Jun 28, 2018 at 5:13 PM, Alec Warner <antarus@g.o> wrote: |
11 |
|
12 |
> Today 28 June at approximately 20:20 UTC unknown individuals have gained |
13 |
> control of the Github Gentoo organization, and modified the content of |
14 |
> repositories as well as pages there. We are still working to determine the |
15 |
> exact extent and to regain control of the organization and its |
16 |
> repositories. |
17 |
> |
18 |
> All Gentoo code hosted on github should for the moment be considered |
19 |
> compromised. This does NOT affect any code hosted on the Gentoo |
20 |
> infrastructure. Since the master Gentoo ebuild repository is hosted on our |
21 |
> own infrastructure and since Github is only a mirror for it, you are fine |
22 |
> as long as you are using rsync or webrsync from gentoo.org. |
23 |
> |
24 |
> Also, the gentoo-mirror repositories including metadata are hosted under a |
25 |
> separate Github organization and likely not affected as well. |
26 |
> |
27 |
> All Gentoo commits are signed, and you should verify the integrity of the |
28 |
> signatures when using git. |
29 |
> |
30 |
> More updates will follow. |
31 |
> |
32 |
> -A |
33 |
> |