Jump to content
funtoo forums
Sign in to follow this  
drobbins

Gentoo and GitHub

Recommended Posts

Today, Gentoo's GitHub account was compromised. From initial observation, this was a pretty blatant attack, akin to vandalism, and not an attempt to stealthfully compromise the integrity of Gentoo systems. However, the Gentoo project is urging caution until GitHub has restored the git repos to proper function and ensured their integrity, and for safety to treat all repositories as "compromised."

As a precaution, we are now pulling updates directly from Gentoo rather than from Gentoo's GitHub account.

Reference: https://www.gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html

Share this post


Link to post
Share on other sites

Gentoo has completed an audit of the compromise, which is visible here:

https://wiki.gentoo.org/wiki/Github/2018-06-28

A few repositories had some attempts at malicious changes, -- inserting "rm -rf /" at the top of quite a few ebuilds, etc.

None of these malicious changes made it into Funtoo.

Share this post


Link to post
Share on other sites
Sign in to follow this  

×