On Sun, 31 Mar 2019, Guido Maria Serra wrote:

>    Really???

>

>    Shall we consider all packages downloaded so far as compromised???

if we follow real security protocols, I'm afraid yes.

we have no proof of compromission (since we have no access),
so the only assumption holding is that our infra is compromised.

however, we manage to have access to both pkgmaster and amprolla, with
no sign of break in, so the packages downloads and the mirrors seem
not to be compromised so far.



>

>    On March 31, 2019 8:03:21 PM GMT+02:00, Jaromil <jaromil@???> wrote:

>
> dear devs
>
> as some of you may have noticed
> we have been pwned
> i am on the mobile and tried only a few accounts
> if anyone has access please let us now
>
> I am out of office in Barcelona right now
> and will reach my laptop in 20m to investigate
>
> please help
> also if anyone knows these "green hats"
> lets start considering the best way to open a
> dialogue with them, if they have control of all
> infra its really important we can come to reason
>
> thanks

> _______________________________________________
> devuan-dev internal mailing list
> devuan-dev@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/devuan-dev

-- 
  Denis "Jaromil" Roio      https://Dyne.org think &do tank
  Ph.D, CTO & co-founder    software to empower communities
  ✉ Haparandadam 7-A1, 1013AK Amsterdam, The Netherlands
  ✩ Profile and publications: https://jaromil.dyne.org
  𝄞 crypto κρυπτο крипто गुप्त् 加密 האנוסים المشفره
  ⚷ 6113D89C A825C5CE DD02C872 73B35DA5 4ACB7D10