Postmortem of the Xubuntu.org download site compromise

In mid-October, the Xubuntudownload site was compromised and had directed users to a maliciouszip file instead of the Torrent file that users expected. ElizabethK. Joseph has publisheda postmortem of the incident, along with plans to avoid such a breachin the future:

To be perfectly clear: this only impacted our website, and the torrentlinks provided there.

If you downloaded or opened a file named "Xubuntu-Safe-Download.zip"from the Xubuntu downloads page during this period, you should assumeit was malicious. We strongly recommend scanning your computer with atrusted antivirus or anti-malware solution and deleting the fileimmediately.

Nothing on cdimages.ubuntu.com or any of the other official Ubunturepositories was impacted, and our mirrors remained safe as long asthey were also mirroring from official resources.

None of the build systems, packages, or other components of Xubuntuitself were impacted.