| 1 |
(gentoo-dev-announce was missed in the initial email blast. Incident |
| 2 |
response is ongoing). |
| 3 |
|
| 4 |
On Thu, Jun 28, 2018 at 05:13:18PM -0400, Alec Warner wrote: |
| 5 |
> Today 28 June at approximately 20:20 UTC unknown individuals have gained |
| 6 |
> control of the Github Gentoo organization, and modified the content of |
| 7 |
> repositories as well as pages there. We are still working to determine the |
| 8 |
> exact extent and to regain control of the organization and its |
| 9 |
> repositories. |
| 10 |
> |
| 11 |
> All Gentoo code hosted on github should for the moment be considered |
| 12 |
> compromised. This does NOT affect any code hosted on the Gentoo |
| 13 |
> infrastructure. Since the master Gentoo ebuild repository is hosted on our |
| 14 |
> own infrastructure and since Github is only a mirror for it, you are fine |
| 15 |
> as long as you are using rsync or webrsync from gentoo.org. |
| 16 |
> |
| 17 |
> Also, the gentoo-mirror repositories including metadata are hosted under a |
| 18 |
> separate Github organization and likely not affected as well. |
| 19 |
> |
| 20 |
> All Gentoo commits are signed, and you should verify the integrity of the |
| 21 |
> signatures when using git. |
| 22 |
> |
| 23 |
> More updates will follow. |
| 24 |
> |
| 25 |
> -A |
| 26 |
|
| 27 |
-- |
| 28 |
Robin Hugh Johnson |
| 29 |
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer |
| 30 |
E-Mail : robbat2@g.o |
| 31 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
| 32 |
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |
Archives