|author||Robin H. Johnson <firstname.lastname@example.org>||2018-06-29 22:58:09 -0700|
|committer||Robin H. Johnson <email@example.com>||2018-06-29 22:58:09 -0700|
|parent||GitHub: update (diff)|
GitHub: update incident
Signed-off-by: Robin H. Johnson <firstname.lastname@example.org>
Diffstat (limited to '_posts')
1 files changed, 24 insertions, 10 deletions
diff --git a/_posts/2018-06-28-Github-gentoo-org-hacked.md b/_posts/2018-06-28-Github-gentoo-org-hacked.md
index e2be04c..f89dd75 100644
@@ -2,6 +2,30 @@
title: 'Github Gentoo organization hacked'
+# Summary status
+## Pending actions
+1. Gentoo is waiting for GitHub to:
+ 1. Complete audit log aggregate on their systems.
+ 2. Provide detailed audit logs for manually resetting PR state.
+ 3. Unlock the organization after PRs are reset.
+2. Gentoo Infrastructure team will re-add members to the GitHub organization at this point.
+## Completed actions
+- Malicious content was replaced by 2018/06/29 06:59 UTC.
+- Reviewed & reverted GitHub settings as needed.
+- Trace & lock-out compromised account.
+- Reviewed all public & private commits for the compromised account for the
+ last 90+ days.
+For further followup, please see the [Gentoo Wiki incident page] (https://wiki.gentoo.org/wiki/Github/2018-06-28).
+# Update status
+## 2018-06-29 23:06 UTC
+GitHub says detailed audit logs of PR actions will take 3-4 days to prepare,
+and that a direct rewind of PR state will NOT be possible.
+The GitHub organization will remain offline until that time. Non-GitHub services remain unaffected.
## 2018-06-29 20:30 UTC
GitHub says they are still working on it.
@@ -22,16 +46,6 @@ reset back to a known good state:
- https://github.com/gentoo/musl - mirror of https://gitweb.gentoo.org/proj/musl.git/
- https://github.com/gentoo/systemd - mirror w/ branches from upstream systemd https://github.com/systemd/systemd
-### Ongoing & Remaining actions:
-1. (GitHub) Gentoo is presently waiting for GitHub support to review & revert unauthorized changes to PRs in the above repositories.
-2. (GitHub) The organization will be unlocked.
-3. (Gentoo Infra) Re-add all members to `gentoo` GitHub organization. Some members may have to add 2FA to their GitHub accounts first.
-### Completed actions:
-- Reverted repositories to known good state.
-- Reviewed & reverted GitHub settings as needed.
-- Trace & lock-out compromised account.
### Further mitigating factors
1. No ebuilds are known to have used the systemd repo fork.
2. The official Gentoo repository list used by eselect-repository and layman listed only git.gentoo.org URLs for Gentoo and musl repositories.