forensic analysis of the Debian machines revealed no software packages or source code offered for download were affected--a claim now being made by
The maintainers of the Gentoo Linux distribution have released a statement which describes the incident: "One of the servers that makes up the
rsync.gentoo.org rotation was compromised via a remote exploit," it reads. "The compromised system had both an IDS and a file integrity checker
installed and...we are reasonably confident that the portage tree stored on that box was unaffected."