GitHub Gentoo Organization Hacked

Longtime Slashdot reader Chutzpah shares a report from Gentoo Linux, a Linux distribution built using the Portage package management system: June 28 at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its repositories. All Gentoo code hosted on GitHub should for the moment be considered compromised.

This does NOT affect any code hosted on the Gentoo infrastructure. Since the master Gentoo ebuild repository is hosted on our own infrastructure and since Github is only a mirror for it, you are fine as long as you are using rsync or webrsync from gentoo.org. Update 6/29/18: Gentoo has regained control of the Gentoo GitHub Organization and is working on a procedure for resolution. You can view the update status here.

Re:

[Desler]

It's not hosted there. It was a mirror. Learn2Read.

Internal feud or genuine hack?

[ISayWeOnlyToBePolite]

Can anyone who follows Gentoo comment on if there are reasons to believe this is the result of some internal feud or a genuine hack?

Re:

[F.Ultra]

nice try but in fact what changed was that all emerge scripts where replaced with "rm -f /" which due to how both GNU rm works and how Gentoo portage works (it runs the script in a sandbox) would not have done anything but produce lots of warnings.

bias?

[Ungrounded Lightning]

chutzpah is a gentoo developer wiki.gentoo.org/wiki/User:Chutzpah

And that spells bias to you?

To me it looks more like "an inside source".

(But I agree that chutzpah's article should have mentioned his connection with gentoo.)

The Plan All Along

[Anonymous Coward]

I didn't think Microsoft would attack Linux so directly nor so quickly after buying Github.

Re:

[Desler]

Maybe Microsoft doesn't even know or research where the main repository is.

Except their Github page explicitly said it was a mirror and gave a link back to the main repository. So unless you're going to claim that no one at Microsoft is literate then you're getting even more stupid with your conspiracy.

Re:

[F.Ultra]

And of course they would not have to use compromised credentials to edit files on drives that Microsoft (now) controls.

wait a second.

[Gravis Zero]

Details are sparse, but we will update this story once we learn more.

Don't you mean you'll update the story when details emerge? ;)

Re: wait a second.

[Zero__Kelvin]

That is of course hilarious if you know Gentoo, and a complete WTF if you don't :-)

Re:wait a second.

[TheCreeep]

We're compiling the facts from our sources as we speak.

M$

[Anonymous Coward]

blame Microsoft?

Re:

[Desler]

Never go full retard...

Details are emerging

[thegarbz]

So far the mainline repositories have only logged two changes. sys-apps/openrc-0.34.11 has been removed from the repository and replaced with sys-apps/systemd-238

No one is quite sure yet who the hackers are or what their motivations are, but the main man page for OpenRC has been changed to an ASCII art picture of the top half of a hand showing a middle finger. Unfortunately it would appear that some bug in the way the ASCII art was formatted and the lines in the bottom half are shown out of order and some of them are missing completely. The user making the edit appears not to know how to code, and registered the username LP while also editing the page's wiki a second time leaving a footnote: corrupted image as designed WONTFIX.