Gentoo Archives: gentoo-announce

From: Alec Warner <antarus@g.o>
To: gentoo-announce@l.g.o, gentoo-user@l.g.o
Subject: [gentoo-announce] Re: Gentoo Github Organization hacked.
Date: Wed, 04 Jul 2018 16:13:41
In Reply to: [gentoo-announce] Gentoo Github Organization hacked. by Alec Warner
We believe this incident to be resolved and we have written an incident

Thanks to the community for their support during this incident.


On Thu, Jun 28, 2018 at 5:13 PM, Alec Warner <antarus@g.o> wrote:

> Today 28 June at approximately 20:20 UTC unknown individuals have gained > control of the Github Gentoo organization, and modified the content of > repositories as well as pages there. We are still working to determine the > exact extent and to regain control of the organization and its > repositories. > > All Gentoo code hosted on github should for the moment be considered > compromised. This does NOT affect any code hosted on the Gentoo > infrastructure. Since the master Gentoo ebuild repository is hosted on our > own infrastructure and since Github is only a mirror for it, you are fine > as long as you are using rsync or webrsync from > > Also, the gentoo-mirror repositories including metadata are hosted under a > separate Github organization and likely not affected as well. > > All Gentoo commits are signed, and you should verify the integrity of the > signatures when using git. > > More updates will follow. > > -A >