1 |
(gentoo-dev-announce was missed in the initial email blast. Incident |
2 |
response is ongoing). |
3 |
|
4 |
On Thu, Jun 28, 2018 at 05:13:18PM -0400, Alec Warner wrote: |
5 |
> Today 28 June at approximately 20:20 UTC unknown individuals have gained |
6 |
> control of the Github Gentoo organization, and modified the content of |
7 |
> repositories as well as pages there. We are still working to determine the |
8 |
> exact extent and to regain control of the organization and its |
9 |
> repositories. |
10 |
> |
11 |
> All Gentoo code hosted on github should for the moment be considered |
12 |
> compromised. This does NOT affect any code hosted on the Gentoo |
13 |
> infrastructure. Since the master Gentoo ebuild repository is hosted on our |
14 |
> own infrastructure and since Github is only a mirror for it, you are fine |
15 |
> as long as you are using rsync or webrsync from gentoo.org. |
16 |
> |
17 |
> Also, the gentoo-mirror repositories including metadata are hosted under a |
18 |
> separate Github organization and likely not affected as well. |
19 |
> |
20 |
> All Gentoo commits are signed, and you should verify the integrity of the |
21 |
> signatures when using git. |
22 |
> |
23 |
> More updates will follow. |
24 |
> |
25 |
> -A |
26 |
|
27 |
-- |
28 |
Robin Hugh Johnson |
29 |
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer |
30 |
E-Mail : robbat2@g.o |
31 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
32 |
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |