Debian Project machine gluck.debian.org has been compromised yesterday and the machine has been taken offline, meaning that the following services will be unavailable temporarily :
cvs, ddtp, lintian, people, popcon, planet, ports, release
source : Debian mailing list
My thoughts
Debian should audit their software more often. Although it’s clearly hard to maintain a distro that supports many platforms/processor as Debian, but at least they should do regular check on the security of their own machine to prevent this thing from happening again.
Btw, when the last time you heard Debian made a major release?