One thing i'd like to add to this thread is:
Be very wary of being asked for login credentials when installing
a package, and certainly don't just provide those
credentials. Even more so when installing packages from any ebuild
repo that's not the main Gentoo repo or GURU. Such repos
(including my own overlay!) aren't necessarily quality-controlled
by a Gentoo maintainer or proxy maintainer. i can imagine an
ebuild which provides prompts to the user which _look_ like
e.g. GitHub prompts (e.g. via the use of Bash's `read` builtin),
but which will actually save those details in a way that can later
(i.e. after the package has been installed) be exfiltrated
somehow.
If you're asked for login details when merging a package, stop,
and seek assistance with what might be going on. (At the very
least, you can check the contents of the ebuild for possible
malfeasance.)
Alexis.
