aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas K. Hüttel <dilfridge@gentoo.org>2018-06-28 23:09:47 +0200
committerAndreas K. Hüttel <dilfridge@gentoo.org>2018-06-28 23:09:47 +0200
commit571c4224d260f02d62f8549e578285f31ba10bff (patch)
tree2dbe4919b01792293dc2de2c866c90908fb225ce
parentdownloads/signatures/index.html: Update releng DSA key expiration (diff)
downloadwww-571c4224d260f02d62f8549e578285f31ba10bff.tar.gz
www-571c4224d260f02d62f8549e578285f31ba10bff.tar.bz2
www-571c4224d260f02d62f8549e578285f31ba10bff.zip
Add message about hacked github repo
-rw-r--r--_posts/2018-06-28-Github-gentoo-org-hacked.md16
1 files changed, 16 insertions, 0 deletions
diff --git a/_posts/2018-06-28-Github-gentoo-org-hacked.md b/_posts/2018-06-28-Github-gentoo-org-hacked.md
new file mode 100644
index 0000000..46e9162
--- /dev/null
+++ b/_posts/2018-06-28-Github-gentoo-org-hacked.md
@@ -0,0 +1,16 @@
+---
+title: 'Github Gentoo organization hacked'
+---
+
+Today 28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of
+repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its
+repositories. All Gentoo code hosted on github should for the moment be considered compromised.
+
+This does NOT affect any code hosted on the Gentoo infrastructure. Since the master Gentoo ebuild repository is hosted on our own infrastructure and
+since Github is only a mirror for it, you are fine as long as you are using rsync or webrsync from gentoo.org.
+
+Also, the gentoo-mirror repositories including metadata are hosted under a separate Github organization and likely not affected as well.
+
+All Gentoo commits are signed, and you should verify the integrity of the signatures when using git.
+
+More updates will follow.