1 |
Today 28 June at approximately 20:20 UTC unknown individuals have gained |
2 |
control of the Github Gentoo organization, and modified the content of |
3 |
repositories as well as pages there. We are still working to determine the |
4 |
exact extent and to regain control of the organization and its |
5 |
repositories. |
6 |
|
7 |
All Gentoo code hosted on github should for the moment be considered |
8 |
compromised. This does NOT affect any code hosted on the Gentoo |
9 |
infrastructure. Since the master Gentoo ebuild repository is hosted on our |
10 |
own infrastructure and since Github is only a mirror for it, you are fine |
11 |
as long as you are using rsync or webrsync from gentoo.org. |
12 |
|
13 |
Also, the gentoo-mirror repositories including metadata are hosted under a |
14 |
separate Github organization and likely not affected as well. |
15 |
|
16 |
All Gentoo commits are signed, and you should verify the integrity of the |
17 |
signatures when using git. |
18 |
|
19 |
More updates will follow. |
20 |
|
21 |
-A |