Gentoo Archives: gentoo-dev

From:	"M. J. Everitt" <m.j.everitt@×××.org>
To:	gentoo-dev@l.g.o, "Francisco Blas Izquierdo Riera (klondike)" <klondike@g.o>
Cc:	Gentoo mailing list <gentoo-user@l.g.o>
Subject:	[gentoo-dev] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
Date:	Thu, 28 Jun 2018 21:58:07
Message-Id:	`f9211921-c1fe-7da7-bd60-5cc0bc64edd4@iee.org`
In Reply to:	[gentoo-dev] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning! by "Francisco Blas Izquierdo Riera (klondike)"

1	On 28/06/18 22:54, Francisco Blas Izquierdo Riera (klondike) wrote:
2	> El 28/06/18 a las 23:15, Francisco Blas Izquierdo Riera (klondike) escribió:
3	>> Hi!
4	>>
5	>> I just want to notify that an attacker has taken control of the Gentoo
6	>> organization in Github and has among other things replaced the portage
7	>> and musl-dev trees with malicious versions of the ebuilds intended to
8	>> try removing all of your files.
9	>>
10	>> Whilst the malicious code shouldn't work as is and GitHub has now
11	>> removed the organization, please don't use any ebuild from the GitHub
12	>> mirror ontained before 28/06/2018, 18:00 GMT until new warning.
13	>>
14	>> Sincerely,
15	>> Francisco Blas Izquierdo Riera (klondike)
16	>> Gentoo developer.
17	>>
18	>>
19	> Just to keep up with it. There is a more complete article published at
20	> https://www.gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html
21	>
22	>
23	>
24	Antarus has also posted on g-announce ML fyi ;)

File name	MIME type
signature.asc	application/pgp-signature