Announcement

**Serafean** · 29 June 2018, 06:05 AM

I wonder, is "was compromised" the correct tense? Isn't "has been compromised" more accurate?

Kudos to the Gentoo team for reaching out to get the info out, and to Michael for publishing it. Thanks, much appreciated.

**anarki2** · 29 June 2018, 06:13 AM

Originally posted by leipero View Post

Exactly, it was an inside job

.

Which is only confirmed by such tweets:

"maybe it is time to setup our own review infrastructure"

Like "oh no, we left our keys in the open and someone actually used them to get in! quick, migrate from github, cuz our own servers will protect us from silly devs not paying attention and too lazy to use 2fa!"

Legit...

**onicsis** · 29 June 2018, 07:28 AM

Originally posted by polarathene View Post

never really see people talking bad about Gentoo or it's users :\ Maybe had nothing to do with Gentoo

Actually people started to forge that Gentoo still exists or they are not aware that Gentoo exists, at least guessing for the new users.

I don't think attack is related directly to recently GitHub aquisition by Microsoft or Gentoo as a Linux distribution per se intrinsically, more rather just someone profiting from stealing some account credential for an important project. Sounds more like a bad joke or the attackers really have no clue about how to do real "rm -rf /" to "work" properly to do a lot of damages. Professional attackers would be hidden a trojan to open backdoors or install a rootkit on a target machine or something really messy on long term, even without the user suspecting something bad is happening.

Or just they want to compromise Gentoo reputation in terms of security and not interested doing any real damage.

**duby229** · 29 June 2018, 08:03 AM

Well, Gentoo has always had issues recruiting new members. Gentoo's organization just isn't very focused towards its users. It's an insider job type of situation. If you don't know about it it's hard to learn about it. They probably need to address that before this type of thing can really be prevented.

**Vistaus** · 29 June 2018, 11:38 AM

Originally posted by Serafean View Post

I wonder, is "was compromised" the correct tense? Isn't "has been compromised" more accurate?

Depends. "has been compromised" sounds like it's still compromised, while "was compromised" sounds like the issue has been solved.

**AndyChow** · 29 June 2018, 01:26 PM

I'd say odds are 5:1 that it's a sjw angry that Gentoo doesn't tolerate posting/participating only to incite drama.

Speculation is useless, but gambling is fun.

**PluMGMK** · 29 June 2018, 03:39 PM

Originally posted by soulsource View Post

With GNU rm, "rm -rf /" doesn't do anything but print a warning.

Really? Because "rm -r /" (without the f) works, as I once found out the hard way…

**nanonyme** · 29 June 2018, 05:01 PM

Interestingly Github has such concepts as mandatory two-factor auth organizations. When turned on, it will kick out all members who haven't enabled two-factor auth

**danger** · 29 June 2018, 05:35 PM

Gentoo doesn't sign the distribution? You can change ebuilds just like that?

**leipero** · 29 June 2018, 05:38 PM

Originally posted by Vistaus View Post

Depends. "has been compromised" sounds like it's still compromised, while "was compromised" sounds like the issue has been solved.

Well, both are past tense, so both suggest that is something that happened in the past and that it is no longer an issue, you can say both "has been compromised several times" or "was compromised several times" and both suggest that issue has been resolved/was resolved multiple times and attacks happened multiple times.

Long story short, this type of cases of past tenses are always used in context.

Announcement

Gentoo Was Compromised On GitHub

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment