|author||Alec Warner <email@example.com>||2018-06-29 00:32:45 -0400|
|committer||Alec Warner <firstname.lastname@example.org>||2018-06-29 00:32:45 -0400|
|parent||Add message about hacked github repo (diff)|
News update on ongoing incident.
Diffstat (limited to '_posts')
1 files changed, 3 insertions, 1 deletions
diff --git a/_posts/2018-06-28-Github-gentoo-org-hacked.md b/_posts/2018-06-28-Github-gentoo-org-hacked.md
index 46e9162..f3f65f4 100644
@@ -2,12 +2,14 @@
title: 'Github Gentoo organization hacked'
+Update: 04:26 UTC. Gentoo has regained control of the the Gentoo Github Organization. We are currently working with Github on a procedure for resolution. Please continue to refrain from using code from the Gentoo Github Organization. Development of Gentoo primarily takes place on Gentoo operated hardware (not on github) and remains unaffected. We continue to work with Github on establishing a timeline of what happened and we commit to sharing this with the community as soon as we can.
Today 28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of
repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its
repositories. All Gentoo code hosted on github should for the moment be considered compromised.
This does NOT affect any code hosted on the Gentoo infrastructure. Since the master Gentoo ebuild repository is hosted on our own infrastructure and
-since Github is only a mirror for it, you are fine as long as you are using rsync or webrsync from gentoo.org.
+since Github is only a mirror for it, you are fine as long as you are using rsync or webrsync from gentoo.org.
Also, the gentoo-mirror repositories including metadata are hosted under a separate Github organization and likely not affected as well.