Yesterday the Register reported that Linus Torvalds, creator of Linux, stopped using kernel.org.
http://www.theregister.co.uk/2011/09...el_for_github/
Apparently the breach of kernel.org is related to a
bug in the Debian Linux random number generator which greatly reduced the number of SSH keys that a cracker needs to try:
http://www.theregister.co.uk/2011/08...curity_breach/
http://www.theregister.co.uk/2008/08...tacks_warning/
Sadly, Debian is also the base for Ubuntu and many other Linux distributions so they all had this bad random number generator.
It is not enough to fix the Linux systems. The old SSH keys (public,private, etc.) need to be regenerated and redistributed after the fix as well...