"Based on the results of our investigation so far, we do not believe that any Fedora packages or other Fedora contributor accounts were affected by thiscompromise," said Fedora project leader, Jared Smith in an email to the Fedora announce mailing list.
In his email, Smith noted that earlier this week a Fedora contributor account had been compromised; however, Fedora's Infrastructure Team can show that the compromise was external and was not due to any code vulnerability or exploit.
Smith also tells Fedora users the compromised account was not a member of any sysadmin or Release Engineering groups and the privileges on the account were limited to SSH to fedorapeople.org (user permissions are very limited on this machine), push access to packages in the Fedora SCM and the ability to perform builds and make updates to Fedora packages.
Smith reminds Fedora contributors to choose a strong FAS password and not to use their FAS password on any other websites or user accounts. He also tells contributors, "If you receive an email from FAS notifying you of changes to your account that you did not make, please contact the Fedora Infrastructure team immediately via admin at fedoraproject.org."
The North American Fedora User and Developer Conference (FUDCon) was held on Arizona State University campus in Tempe Arizona from January 29 -31, 2011 and proved to be the largest FUDCon to date with over 200 people pre-registered to attend and final attendance numbers estimated around 175 people.