Gentoo Archives: gentoo-dev

From:	Richard Yao <ryao@g.o>
To:	gentoo-dev@l.g.o
Cc:	gentoo-announce@l.g.o, Gentoo mailing list <gentoo-user@l.g.o>
Subject:	Re: [gentoo-dev] Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
Date:	Fri, 29 Jun 2018 00:58:35
Message-Id:	`B2CF19A4-A791-4CA4-9F59-0E28F80244D2@gentoo.org`
In Reply to:	Re: [gentoo-dev] Hostile takeover of our github mirror. Don't use ebuild from there until new warning! by Richard Yao

1	> On Jun 28, 2018, at 8:46 PM, Richard Yao <ryao@g.o> wrote:
2	>
3	>
4	>> On Jun 28, 2018, at 5:15 PM, Francisco Blas Izquierdo Riera (klondike) <klondike@g.o> wrote:
5	>>
6	>> Hi!
7	>>
8	>> I just want to notify that an attacker has taken control of the Gentoo
9	>> organization in Github and has among other things replaced the portage
10	>> and musl-dev trees with malicious versions of the ebuilds intended to
11	>> try removing all of your files.
12	>>
13	>> Whilst the malicious code shouldn't work as is and GitHub has now
14	>> removed the organization, please don't use any ebuild from the GitHub
15	>> mirror ontained before 28/06/2018, 18:00 GMT until new warning.
16	> Is the attacker using the account “gentoogang”?
17
18	Nevermind. After reading other mailing list threads, it is clear to me that he was the attacker. :/
19	>>
20	>> Sincerely,
21	>> Francisco Blas Izquierdo Riera (klondike)
22	>> Gentoo developer.
23	>>
24	>>
25	>
26	>