Jump to content

Gentoo and GitHub


drobbins
 Share

Recommended Posts

  • Funtoo Linux BDFL

Today, Gentoo's GitHub account was compromised. From initial observation, this was a pretty blatant attack, akin to vandalism, and not an attempt to stealthfully compromise the integrity of Gentoo systems. However, the Gentoo project is urging caution until GitHub has restored the git repos to proper function and ensured their integrity, and for safety to treat all repositories as "compromised."

As a precaution, we are now pulling updates directly from Gentoo rather than from Gentoo's GitHub account.

Reference: https://www.gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html

Link to comment
Share on other sites

  • Funtoo Linux BDFL

Gentoo has completed an audit of the compromise, which is visible here:

https://wiki.gentoo.org/wiki/Github/2018-06-28

A few repositories had some attempts at malicious changes, -- inserting "rm -rf /" at the top of quite a few ebuilds, etc.

None of these malicious changes made it into Funtoo.

Link to comment
Share on other sites

 Share

×
×
  • Create New...