I don't normally post on hackernews (so I've made a throwaway). I'm Antarus from the report.
We don't have a plan for Gentoo. I work for Google and I mostly used a vaguely similar plan to the Google incident plan.
1) Communicate early. For publically visible stuff (defacement was very obvious) you want to get a message out quickly before a natural narrative forms.
2) Communicate often.
3) Mitigate the problem first (e.g. prevent the malicious stuff from being downloaded) then investigate second.
4) Assign roles to people and be clear who is responsible for what.
5) Collect lots of data.
We don't have a plan for Gentoo. I work for Google and I mostly used a vaguely similar plan to the Google incident plan.
1) Communicate early. For publically visible stuff (defacement was very obvious) you want to get a message out quickly before a natural narrative forms.
2) Communicate often. 3) Mitigate the problem first (e.g. prevent the malicious stuff from being downloaded) then investigate second.
4) Assign roles to people and be clear who is responsible for what. 5) Collect lots of data.