kernel.org compromised

Breakage into mirrors.kernel.org of anything not protected by a sha1 hash worries me. Even if it was temporary - a day or two - then changed back, people that rely on those mirrors of various distros, pieces of those distros could have been compromised unknowingly.

d@bob-desktop:~/git$ host mirrors.us.kernel.org
mirrors.us.kernel.org has address 149.20.4.71
mirrors.us.kernel.org has IPv6 address 2001:4f8:1:10:1997:313:1:0
mirrors.us.kernel.org mail is handled by 10 hera.kernel.org.
mirrors.us.kernel.org mail is handled by 20 zeus1.kernel.org.
mirrors.us.kernel.org mail is handled by 30 zeus2.kernel.org.
mirrors.us.kernel.org mail is handled by 999 bl-ckh-le.kernel.org.

What bothers me right now is that I remember seeing several updates go by in the past month that weren't verifiable via gpg key on several systems I maintain... and I just did installs of them...