From the 2011 kernel summit, "The attack turns out to have been part of a widespread credential-stealing network that has been operating for some years now; it is clear that the site had been owned by this network for some time before it was discovered. What also seems to be clear is that this was not a targeted attack; kernel.org was just another on a long list of broken machines."

- Jon Corbet reporting on a talk by H. Peter Anvin, https://lwn.net/Articles/464233/