Any system is penetrable with enough motivation or resources. It's just a cost of doing business. Be happy you're under the radar, Sony wasn't so lucky.

The bigger you are, the more servers you have to manage, the more services might provide a way in, the more users have access and might have their credentials stolen... it's actually much easier to be secure when you're small.

The real money-quote from the original article was:

We are currently working with the 448 users of kernel.org to change their credentials and change their SSH keys.

With 448 users, something like this was inevitable...

I wouldn't call a root exploit inevitable just from user count.

Well, the effort that goes into breaking into a system is hopefully proportional to the payoff. This more than anything else is why there is quasi-infinitely more Windows malware than for any other system, or why the idea of a national key registry (back in the Clinton days) was such a horrible idea, the payoff in compromising it would be too high. So hopefully you can scale the resources you apply to security with your profile and such.

FTA: "We believe they may have gained this access via a compromised user credential".

I hope this is true, and the access was not gained via some unknown vulnerability.

It sounds like they got in via a regular account and somehow escalated themselves to root: "how they managed to exploit that to root access is currently unknown and is being investigated."

Simple social engineering of mundane user accounts is not worrisome. Escalating any old user into root is.

After reading the LWN security page for years, I don't consider root escalation as a difficult problem. There seems to be a never ending stream of vulnerabilities. That layer of security is a useful goal but I assume user level access also provides root level access.