Security breach on

Earlier this month, a number of servers in the infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the infrastructure.

What happened?

What Has Been Done so far:

The Linux community and take the security of the domain extremely seriously, and are pursuing all avenues to investigate this attack and prevent future ones.

However, it's also useful to note that the potential damage of cracking is far less than typical software repositories. That's because kernel development takes place using the git distributed revision control system, designed by Linus Torvalds. For each of the nearly 40,000 files in the Linux kernel, a cryptographically secure SHA-1 hash is calculated to uniquely define the exact contents of that file. Git is designed so that the name of each version of the kernel depends upon the complete development history leading up to that version. Once it is published, it is not possible to change the old versions without it being noticed.

Those files and the corresponding hashes exist not just on the machine and its mirrors, but on the hard drives of each several thousand kernel developers, distribution maintainers, and other users of Any tampering with any file in the repository would immediately be noticed by each developer as they updated their personal repository, which most do daily.

We are currently working with the 448 users of to change their credentials and change their SSH keys.

We are also currently auditing all security policies to make more secure, but are confident that our systems, specifically git, have excellent design to prevent real damage from these types of attacks.

Copyright 2011