aboutsummaryrefslogtreecommitdiff
path: root/_posts
diff options
context:
space:
mode:
Diffstat (limited to '_posts')
-rw-r--r--_posts/2018-06-28-Github-gentoo-org-hacked.md20
1 files changed, 14 insertions, 6 deletions
diff --git a/_posts/2018-06-28-Github-gentoo-org-hacked.md b/_posts/2018-06-28-Github-gentoo-org-hacked.md
index afbc02c..bd4f4ab 100644
--- a/_posts/2018-06-28-Github-gentoo-org-hacked.md
+++ b/_posts/2018-06-28-Github-gentoo-org-hacked.md
@@ -1,12 +1,20 @@
---
-title: 'Github Gentoo organization hacked - partially resolved'
+title: 'Github Gentoo organization hacked - resolved'
---
-# Summary as of 2018-06-30 06:15 UTC
-- Non-GitHub services remain unaffected.
-- The GitHub `gentoo` organization repositories have been restored to known good states.
-- The GitHub `gentoo-mirror` organization is unaffected.
-- The GitHub `gentoo` organization remains offline for cleanup of malicious PR changes.
+## 2018-07-04 14:00 UTC
+We believe this incident is now resolved. Please see the [incident report](https://wiki.gentoo.org/wiki/Github/2018-06-28 "Incident Report") for details about the incident, its impact, and resolution.
+
+## 2018-06-29 15:15 UTC
+The community raised questions about the provenance of Gentoo packages. Gentoo development is performed on
+hardware run by the Gentoo Infrastructure team (not `github`). The Gentoo hardware was unaffected by this incident.
+Users using the default Gentoo mirroring infrastructure should not be affected.
+
+If you are still concerned about provenance or are unsure what solution you are using, please consult https://wiki.gentoo.org/wiki/Project:Portage/Repository_Verification. This will instruct you on how to verify your repository.
+
+## 2018-06-29 06:45 UTC
+The `gentoo` GitHub organization remains temporarily locked down by GitHub
+support, pending fixes to pull-request content.
For ongoing status, please see the [Gentoo infra-status incident page](https://infra-status.gentoo.org/notice/20180629-github).