kernel.org infrastructure compromise

While the kernel.org compromise didn’t likely involve source code (and would have had limited impact), from gkh’s mail: “the compromise of kernel.org and related machines has made it clear that some developers, at least, have had their systems penetrated.”

Impact

Clean installs were recommended, checking package signatures, logs, etc., for all kernel developers and then rotating PGP keys.

Type of compromise

Dev Tooling & Publishing Infrastructure.