Get Gentoo!

Gentoo Infrastructure Status

This data is aggregated from our automated service monitoring system as well as the outage and maintenance notices posted below.

Service Availability Overview

Community Services

The service is up and running. gentoo.org Website The service is up and running.1 Forums The service is up and running.1 Wiki The service is up and running. Planet Gentoo The service is up and running. Package Database The service is up and running. Mailing Lists The service is undergoing scheduled maintenance.1 Mailing List Archives

Development Services

The service is up and running. CVS Server The service is undergoing scheduled maintenance.2 Bugzilla The service is up and running. Master rsync Mirror No data available. Developer Manual The service is up and running. Overlays The service is up and running. Source Code Browser

Developer Resources

The service is up and running. dev.gentoo.org Shell Access There are indications the service is down. dev.gentoo.org Web Hosting The service is up and running.1 In-/Outbound Email (SMTP) The service is up and running.1 Mailbox Access (POP/IMAP)

Maintenance and Outage Notices

General information Action required: Password reset on all Gentoo services

Recent versions of OpenSSL were found to be affected by an information disclosure vulnerability related to TLS heartbeats, nicknamed Heartbleed. It allows attackers to read up to 64kb of random server memory, possibly including passwords, session IDs or even private keys.

Gentoo users should consult the related GLSA for more information on how to address the issue on their machines.

After the public disclosure on April 7, we have confirmed that several services provided by Gentoo Infrastructure were vulnerable as well. We have immediately updated the affected software, recreated private keys, reissued certificates, and invalidated all running user sessions. Despite these measures, we cannot exclude the possibility of attackers exploiting the issue during the time it was not publicly known to gain access to credentials or session IDs of our users. There are currently no indications this has happened.

However, to be safe, we are asking you to reset your passwords used for Gentoo services within the next 7 days.

Users & developers:

You need to take action if you have an account on one or more of these sites:

  • blogs.gentoo.org
  • bugs.gentoo.org
  • forums.gentoo.org
  • wiki.gentoo.org

Log in using your current credentials and use the reset password functionality:

Developers:

You need to change your LDAP password (used for perl_ldap and the SMTP/IMAP/POP services). To do that, log in to dev.gentoo.org via ssh and invoke passwd.

Important:

If you don't update your credentials until April 19, 23:59 UTC, we will be removing your current password to avoid abuse.

For our web services, you will then need to request a reset via email. We can not recover your account in case your email address on file is not current.

For LDAP accounts, developers will need to be in possession of their SSH or GPG keys and contact infra for a normal password reset.

Further help:

Contact infra-heartbleed@gentoo.org for assistance or further information.

Sun, 13 Apr 2014 08:30:00 +0000
No ETA for service recovery available.

Scheduled maintenance Non-ASCII passwords on Bugzilla currently not supported

Users using a Bugzilla password that uses character beyond the ASCII character range are currently unable to log in to the site.

This was caused by a recent Software update. We are coordinating with the upstream Bugzilla developers on how to resolve this issue.

For the time being, please reset your password to a string containing only ASCII characters if you cannot log in.

Fri, 7 Feb 2014 22:00:00 +0000
No ETA for service recovery available.

Scheduled maintenance Mailing List Archives not updating

As of 2012/07/30, the Mailing List archives have been broken. MHonarc has some breakage.

This issue is tracked in bug #424647.

Mon, 30 Jul 2012 00:00:00 +0000
No ETA for service recovery available.