Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Software Linux

GitHub Gentoo Organization Hacked (gentoo.org) 41

Longtime Slashdot reader Chutzpah shares a report from Gentoo Linux, a Linux distribution built using the Portage package management system: June 28 at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its repositories. All Gentoo code hosted on GitHub should for the moment be considered compromised.

This does NOT affect any code hosted on the Gentoo infrastructure. Since the master Gentoo ebuild repository is hosted on our own infrastructure and since Github is only a mirror for it, you are fine as long as you are using rsync or webrsync from gentoo.org.
Update 6/29/18: Gentoo has regained control of the Gentoo GitHub Organization and is working on a procedure for resolution. You can view the update status here.
This discussion has been archived. No new comments can be posted.

GitHub Gentoo Organization Hacked

Comments Filter:
  • Can anyone who follows Gentoo comment on if there are reasons to believe this is the result of some internal feud or a genuine hack?

  • The Plan All Along (Score:2, Insightful)

    by Anonymous Coward

    I didn't think Microsoft would attack Linux so directly nor so quickly after buying Github.

  • by Gravis Zero ( 934156 ) on Thursday June 28, 2018 @07:21PM (#56862674)

    Details are sparse, but we will update this story once we learn more.

    Don't you mean you'll update the story when details emerge? ;)

  • by Anonymous Coward

    blame Microsoft?

  • by thegarbz ( 1787294 ) on Friday June 29, 2018 @02:45AM (#56863944)

    So far the mainline repositories have only logged two changes. sys-apps/openrc-0.34.11 has been removed from the repository and replaced with sys-apps/systemd-238

    No one is quite sure yet who the hackers are or what their motivations are, but the main man page for OpenRC has been changed to an ASCII art picture of the top half of a hand showing a middle finger. Unfortunately it would appear that some bug in the way the ASCII art was formatted and the lines in the bottom half are shown out of order and some of them are missing completely. The user making the edit appears not to know how to code, and registered the username LP while also editing the page's wiki a second time leaving a footnote: corrupted image as designed WONTFIX.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...