|author||Andreas K. Hüttel <firstname.lastname@example.org>||2018-06-28 23:09:47 +0200|
|committer||Andreas K. Hüttel <email@example.com>||2018-06-28 23:09:47 +0200|
|parent||downloads/signatures/index.html: Update releng DSA key expiration (diff)|
Add message about hacked github repo
Diffstat (limited to '_posts')
1 files changed, 16 insertions, 0 deletions
diff --git a/_posts/2018-06-28-Github-gentoo-org-hacked.md b/_posts/2018-06-28-Github-gentoo-org-hacked.md
new file mode 100644
@@ -0,0 +1,16 @@
+title: 'Github Gentoo organization hacked'
+Today 28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of
+repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its
+repositories. All Gentoo code hosted on github should for the moment be considered compromised.
+This does NOT affect any code hosted on the Gentoo infrastructure. Since the master Gentoo ebuild repository is hosted on our own infrastructure and
+since Github is only a mirror for it, you are fine as long as you are using rsync or webrsync from gentoo.org.
+Also, the gentoo-mirror repositories including metadata are hosted under a separate Github organization and likely not affected as well.
+All Gentoo commits are signed, and you should verify the integrity of the signatures when using git.
+More updates will follow.