diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2018-06-29 22:58:09 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2018-06-29 22:58:09 -0700 |
| commit | 813d6192795e66dc857d42d4c95843c092ecf3c6 (patch) | |
| tree | 8ca4df4bbccbc62884b2e454c9edaa60a78ebdbb /_posts | |
| parent | GitHub: update (diff) | |
| download | www-813d6192795e66dc857d42d4c95843c092ecf3c6.tar.gz www-813d6192795e66dc857d42d4c95843c092ecf3c6.tar.bz2 www-813d6192795e66dc857d42d4c95843c092ecf3c6.zip | |
GitHub: update incident
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Diffstat (limited to '_posts')
| -rw-r--r-- | _posts/2018-06-28-Github-gentoo-org-hacked.md | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/_posts/2018-06-28-Github-gentoo-org-hacked.md b/_posts/2018-06-28-Github-gentoo-org-hacked.md index e2be04c..f89dd75 100644 --- a/_posts/2018-06-28-Github-gentoo-org-hacked.md +++ b/_posts/2018-06-28-Github-gentoo-org-hacked.md @@ -2,6 +2,30 @@ title: 'Github Gentoo organization hacked' --- +# Summary status +## Pending actions +1. Gentoo is waiting for GitHub to: + 1. Complete audit log aggregate on their systems. + 2. Provide detailed audit logs for manually resetting PR state. + 3. Unlock the organization after PRs are reset. +2. Gentoo Infrastructure team will re-add members to the GitHub organization at this point. + +## Completed actions +- Malicious content was replaced by 2018/06/29 06:59 UTC. +- Reviewed & reverted GitHub settings as needed. +- Trace & lock-out compromised account. +- Reviewed all public & private commits for the compromised account for the + last 90+ days. + +For further followup, please see the [Gentoo Wiki incident page] (https://wiki.gentoo.org/wiki/Github/2018-06-28). + +# Update status +## 2018-06-29 23:06 UTC +GitHub says detailed audit logs of PR actions will take 3-4 days to prepare, +and that a direct rewind of PR state will NOT be possible. + +The GitHub organization will remain offline until that time. Non-GitHub services remain unaffected. + ## 2018-06-29 20:30 UTC GitHub says they are still working on it. @@ -22,16 +46,6 @@ reset back to a known good state: - https://github.com/gentoo/musl - mirror of https://gitweb.gentoo.org/proj/musl.git/ - https://github.com/gentoo/systemd - mirror w/ branches from upstream systemd https://github.com/systemd/systemd -### Ongoing & Remaining actions: -1. (GitHub) Gentoo is presently waiting for GitHub support to review & revert unauthorized changes to PRs in the above repositories. -2. (GitHub) The organization will be unlocked. -3. (Gentoo Infra) Re-add all members to `gentoo` GitHub organization. Some members may have to add 2FA to their GitHub accounts first. - -### Completed actions: -- Reverted repositories to known good state. -- Reviewed & reverted GitHub settings as needed. -- Trace & lock-out compromised account. - ### Further mitigating factors 1. No ebuilds are known to have used the systemd repo fork. 2. The official Gentoo repository list used by eselect-repository and layman listed only git.gentoo.org URLs for Gentoo and musl repositories. |