the CI server that was compromised was used (mainly) for running tests rather than builds. we don't believe that any builds were compromised. https://matrix.org/blog/2019/05/08/post-mortem-and-remediati... has the full details, but yes: just because the project's infrastructure got breached doesn't mean that the protocol or wider network was affected: it wasn't.