Comment Re:beyond md5 (Score 3, Informative) 182
Yes. The article is vague, and the title on /. is worse - implies the source repository. It seems people have been easily mislead as a result. Always read the actual article, not a 2nd or 3rd hand summary.
From there:
"The code modifications did not made it into our source control, just the final package. We are currently investigating older packages to see if they were also compromised. "
From there:
"The code modifications did not made it into our source control, just the final package. We are currently investigating older packages to see if they were also compromised. "