Gentoo Was Compromised On GitHub

Written by Michael Larabel in Operating Systems on 28 June 2018 at 09:32 PM EDT. 39 Comments
OPERATING SYSTEMS
Unknown individuals were able to gain access to the Gentoo repositories on GitHub, including the modification of said repositories.

While we don't normally cover all these individual security incidents, a Gentoo representative has asked we relay it here. Their public announcement warns, "All Gentoo code hosted on github should for the moment be considered compromised."

But for those relying upon the Gentoo.org infrastructure or Gentoo outside of GitHub, there is no known compromise, including the master Gentoo ebuild repository.

Their notice can be read on Gentoo.org. Gentoo is working with GitHub to properly address the situation.
39 Comments
Related News
Serpent OS Shines New Light On Solus Partnership, Pushing More D Language Code
Mageia 9 Beta 2 Released With Linux 6.3 Kernel, KDE Plasma 5.27 + GNOME 44 Desktops
AlmaLinux 8.8 Released For Those Relying On RHEL8
OpenBMC 2.14 Apparently Released
Rocky Linux 9.2 Released With Intel Arc Graphics Support, AArch64 64kb Page Size Kernel
AlmaLinux 9.2 Released As Free Alternative To Red Hat Enterprise Linux 9.2
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
System76 Virgo Aims To Be The Quietest Yet Most Performant Linux Laptop
XFS Metadata Corruption On Linux 6.3 Tracked Down To One Missing One-Line Patch
Red Hat To Stop Shipping LibreOffice In Future RHEL, Limiting Fedora LO Involvement
System76's Coreboot Open Firmware Manages To Disable Intel ME For Raptor Lake
Vulkan 1.3.251 Released With One New Extension Worked On By Valve, Nintendo & Others
Linux 6.4-rc4 Released As A "Fairly Normal" Release
NVIDIA R535 Linux Beta Brings New Vulkan Extensions, DMA-BUF v4 Wayland Protocol
Linux 6.3.5 Released With XFS Metadata Corruption Fix