The Red Hat sponsored Fedora community Linux project has suffered a security incident in which its infrastructure was compromised.
No need to worry, too much – according to Fedora the risk is minimal.
“At this time, the Infrastructure Team has evidence that indicates the account
credentials were compromised externally, and that the Fedora Infrastructure was
not subject to any code vulnerability or exploit,” Fedora Project Leader Jared Smith stated.
Long story short is that a Fedora contributor had his/her credentials stolen and then an attacker began to use those credentials to attempt to tamper with the Fedora infrastructure. Due to the limited privileges of the exploited account (and some good luck) it appears as though there has been no risk to Fedora’s build or infrastructure.
This story could have ended up far differently.