Gentoo Archives: gentoo-dev

From:	Richard Yao <ryao@g.o>
To:	gentoo-dev@l.g.o
Cc:	gentoo-announce@l.g.o, Gentoo mailing list <gentoo-user@l.g.o>
Subject:	Re: [gentoo-dev] Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
Date:	Fri, 29 Jun 2018 00:46:57
Message-Id:	`6BB8E093-FA06-4336-8467-9311E2F50252@gentoo.org`
In Reply to:	[gentoo-dev] Hostile takeover of our github mirror. Don't use ebuild from there until new warning! by "Francisco Blas Izquierdo Riera (klondike)"

1	> On Jun 28, 2018, at 5:15 PM, Francisco Blas Izquierdo Riera (klondike) <klondike@g.o> wrote:
2	>
3	> Hi!
4	>
5	> I just want to notify that an attacker has taken control of the Gentoo
6	> organization in Github and has among other things replaced the portage
7	> and musl-dev trees with malicious versions of the ebuilds intended to
8	> try removing all of your files.
9	>
10	> Whilst the malicious code shouldn't work as is and GitHub has now
11	> removed the organization, please don't use any ebuild from the GitHub
12	> mirror ontained before 28/06/2018, 18:00 GMT until new warning.
13	Is the attacker using the account “gentoogang”?
14	>
15	> Sincerely,
16	> Francisco Blas Izquierdo Riera (klondike)
17	> Gentoo developer.
18	>
19	>

Subject	Author
Re: [gentoo-dev] Hostile takeover of our github mirror. Don't use ebuild from there until new warning!	Richard Yao <ryao@g.o>