From information published on the web we know:
- servers at kernel.org were under the control of intruders until August 28,
- the attack lasted more than two weeks and involved Phalanx which snaffles SSH keys,
It is possible that this is an echo of the infamous weak ssh-keys in Debian although Netcraft lists the site as running Fedora. All it would take is a system administrator generating keys on a Debian GNU/Linux system years ago and spreading them around… If the Fedora system did not pick them up, the intruders could have walked in easily.