1 |
On Thu, 28 Jun 2018 23:15:36 +0200 |
2 |
"Francisco Blas Izquierdo Riera (klondike)" <klondike@g.o> wrote: |
3 |
|
4 |
> Hi! |
5 |
> |
6 |
> I just want to notify that an attacker has taken control of the Gentoo |
7 |
> organization in Github and has among other things replaced the portage |
8 |
> and musl-dev trees with malicious versions of the ebuilds intended to |
9 |
> try removing all of your files. |
10 |
> |
11 |
> Whilst the malicious code shouldn't work as is and GitHub has now |
12 |
> removed the organization, please don't use any ebuild from the GitHub |
13 |
> mirror ontained before 28/06/2018, 18:00 GMT until new warning. |
14 |
> |
15 |
> Sincerely, |
16 |
> Francisco Blas Izquierdo Riera (klondike) |
17 |
> Gentoo developer. |
18 |
> |
19 |
> |
20 |
|
21 |
Is it at all likely that any signing keys have been compromised? I |
22 |
can't think of how that would happen, but I don't know much about the |
23 |
situation. |