| 1 |
We believe this incident to be resolved and we have written an incident |
| 2 |
report: |
| 3 |
|
| 4 |
https://wiki.gentoo.org/wiki/Github/2018-06-28 |
| 5 |
|
| 6 |
Thanks to the community for their support during this incident. |
| 7 |
|
| 8 |
-A |
| 9 |
|
| 10 |
On Thu, Jun 28, 2018 at 5:13 PM, Alec Warner <antarus@g.o> wrote: |
| 11 |
|
| 12 |
> Today 28 June at approximately 20:20 UTC unknown individuals have gained |
| 13 |
> control of the Github Gentoo organization, and modified the content of |
| 14 |
> repositories as well as pages there. We are still working to determine the |
| 15 |
> exact extent and to regain control of the organization and its |
| 16 |
> repositories. |
| 17 |
> |
| 18 |
> All Gentoo code hosted on github should for the moment be considered |
| 19 |
> compromised. This does NOT affect any code hosted on the Gentoo |
| 20 |
> infrastructure. Since the master Gentoo ebuild repository is hosted on our |
| 21 |
> own infrastructure and since Github is only a mirror for it, you are fine |
| 22 |
> as long as you are using rsync or webrsync from gentoo.org. |
| 23 |
> |
| 24 |
> Also, the gentoo-mirror repositories including metadata are hosted under a |
| 25 |
> separate Github organization and likely not affected as well. |
| 26 |
> |
| 27 |
> All Gentoo commits are signed, and you should verify the integrity of the |
| 28 |
> signatures when using git. |
| 29 |
> |
| 30 |
> More updates will follow. |
| 31 |
> |
| 32 |
> -A |
| 33 |
> |
Archives