I was told this several hours ago on IRC - this is not an official statement:
someuser@somewhere.canonical.com:
I can confirm that we're aware of the issue, have done some initial remediation (e.g. shutting down CI systems that might pull potentially compromised code) while we do a more in depth investigation.
someotheruser@ubuntu/member/username:
And we've of course revoked the access that was abused.
someuser@somewhere.canonical.com: I can confirm that we're aware of the issue, have done some initial remediation (e.g. shutting down CI systems that might pull potentially compromised code) while we do a more in depth investigation.
someotheruser@ubuntu/member/username: And we've of course revoked the access that was abused.