diff options
Diffstat (limited to '_posts/2018-06-28-Github-gentoo-org-hacked.md')
| -rw-r--r-- | _posts/2018-06-28-Github-gentoo-org-hacked.md | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/_posts/2018-06-28-Github-gentoo-org-hacked.md b/_posts/2018-06-28-Github-gentoo-org-hacked.md index afbc02c..bd4f4ab 100644 --- a/_posts/2018-06-28-Github-gentoo-org-hacked.md +++ b/_posts/2018-06-28-Github-gentoo-org-hacked.md @@ -1,12 +1,20 @@ --- -title: 'Github Gentoo organization hacked - partially resolved' +title: 'Github Gentoo organization hacked - resolved' --- -# Summary as of 2018-06-30 06:15 UTC -- Non-GitHub services remain unaffected. -- The GitHub `gentoo` organization repositories have been restored to known good states. -- The GitHub `gentoo-mirror` organization is unaffected. -- The GitHub `gentoo` organization remains offline for cleanup of malicious PR changes. +## 2018-07-04 14:00 UTC +We believe this incident is now resolved. Please see the [incident report](https://wiki.gentoo.org/wiki/Github/2018-06-28 "Incident Report") for details about the incident, its impact, and resolution. + +## 2018-06-29 15:15 UTC +The community raised questions about the provenance of Gentoo packages. Gentoo development is performed on +hardware run by the Gentoo Infrastructure team (not `github`). The Gentoo hardware was unaffected by this incident. +Users using the default Gentoo mirroring infrastructure should not be affected. + +If you are still concerned about provenance or are unsure what solution you are using, please consult https://wiki.gentoo.org/wiki/Project:Portage/Repository_Verification. This will instruct you on how to verify your repository. + +## 2018-06-29 06:45 UTC +The `gentoo` GitHub organization remains temporarily locked down by GitHub +support, pending fixes to pull-request content. For ongoing status, please see the [Gentoo infra-status incident page](https://infra-status.gentoo.org/notice/20180629-github). |