Gentoo Archives: gentoo-user

From:	Duane Robertson <duane@××××××××××××××.com>
To:	gentoo-user@l.g.o
Subject:	[gentoo-user] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
Date:	Fri, 29 Jun 2018 01:55:30
Message-Id:	`20180628205505.61bf734f@duane-laptop`
In Reply to:	[gentoo-user] Hostile takeover of our github mirror. Don't use ebuild from there until new warning! by "Francisco Blas Izquierdo Riera (klondike)"

1	On Thu, 28 Jun 2018 23:15:36 +0200
2	"Francisco Blas Izquierdo Riera (klondike)" <klondike@g.o> wrote:
3
4	> Hi!
5	>
6	> I just want to notify that an attacker has taken control of the Gentoo
7	> organization in Github and has among other things replaced the portage
8	> and musl-dev trees with malicious versions of the ebuilds intended to
9	> try removing all of your files.
10	>
11	> Whilst the malicious code shouldn't work as is and GitHub has now
12	> removed the organization, please don't use any ebuild from the GitHub
13	> mirror ontained before 28/06/2018, 18:00 GMT until new warning.
14	>
15	> Sincerely,
16	> Francisco Blas Izquierdo Riera (klondike)
17	> Gentoo developer.
18	>
19	>
20
21	Is it at all likely that any signing keys have been compromised? I
22	can't think of how that would happen, but I don't know much about the
23	situation.

Subject	Author
Re: [gentoo-user] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!	R0b0t1 <r030t1@×××××.com>
Re: [gentoo-user] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!	"Francisco Blas Izquierdo Riera (klondike)" <klondike@g.o>