Re: [gentoo-dev] Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
> On Jun 28, 2018, at 8:46 PM, Richard Yao wrote: > > >> On Jun 28, 2018, at 5:15 PM, Francisco Blas Izquierdo Riera (klondike) >> wrote: >> >> Hi! >> >> I just want to notify that an attacker has taken control of the Gentoo >> organization in Github and has among other things replaced the portage >> and musl-dev trees with malicious versions of the ebuilds intended to >> try removing all of your files. >> >> Whilst the malicious code shouldn't work as is and GitHub has now >> removed the organization, please don't use any ebuild from the GitHub >> mirror ontained before 28/06/2018, 18:00 GMT until new warning. > Is the attacker using the account “gentoogang”? Nevermind. After reading other mailing list threads, it is clear to me that he was the attacker. :/ >> >> Sincerely, >> Francisco Blas Izquierdo Riera (klondike) >> Gentoo developer. >> >> > >
Re: [gentoo-dev] Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
> On Jun 28, 2018, at 5:15 PM, Francisco Blas Izquierdo Riera (klondike) > wrote: > > Hi! > > I just want to notify that an attacker has taken control of the Gentoo > organization in Github and has among other things replaced the portage > and musl-dev trees with malicious versions of the ebuilds intended to > try removing all of your files. > > Whilst the malicious code shouldn't work as is and GitHub has now > removed the organization, please don't use any ebuild from the GitHub > mirror ontained before 28/06/2018, 18:00 GMT until new warning. Is the attacker using the account “gentoogang”? > > Sincerely, > Francisco Blas Izquierdo Riera (klondike) > Gentoo developer. > >
[gentoo-dev] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
On 28/06/18 22:54, Francisco Blas Izquierdo Riera (klondike) wrote: > El 28/06/18 a las 23:15, Francisco Blas Izquierdo Riera (klondike) escribió: >> Hi! >> >> I just want to notify that an attacker has taken control of the Gentoo >> organization in Github and has among other things replaced the portage >> and musl-dev trees with malicious versions of the ebuilds intended to >> try removing all of your files. >> >> Whilst the malicious code shouldn't work as is and GitHub has now >> removed the organization, please don't use any ebuild from the GitHub >> mirror ontained before 28/06/2018, 18:00 GMT until new warning. >> >> Sincerely, >> Francisco Blas Izquierdo Riera (klondike) >> Gentoo developer. >> >> > Just to keep up with it. There is a more complete article published at > https://www.gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html > > > Antarus has also posted on g-announce ML fyi ;) signature.asc Description: OpenPGP digital signature
[gentoo-dev] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
El 28/06/18 a las 23:15, Francisco Blas Izquierdo Riera (klondike) escribió: > Hi! > > I just want to notify that an attacker has taken control of the Gentoo > organization in Github and has among other things replaced the portage > and musl-dev trees with malicious versions of the ebuilds intended to > try removing all of your files. > > Whilst the malicious code shouldn't work as is and GitHub has now > removed the organization, please don't use any ebuild from the GitHub > mirror ontained before 28/06/2018, 18:00 GMT until new warning. > > Sincerely, > Francisco Blas Izquierdo Riera (klondike) > Gentoo developer. > > Just to keep up with it. There is a more complete article published at https://www.gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html signature.asc Description: OpenPGP digital signature
[gentoo-dev] Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
Hi! I just want to notify that an attacker has taken control of the Gentoo organization in Github and has among other things replaced the portage and musl-dev trees with malicious versions of the ebuilds intended to try removing all of your files. Whilst the malicious code shouldn't work as is and GitHub has now removed the organization, please don't use any ebuild from the GitHub mirror ontained before 28/06/2018, 18:00 GMT until new warning. Sincerely, Francisco Blas Izquierdo Riera (klondike) Gentoo developer. signature.asc Description: OpenPGP digital signature
[gentoo-dev] Lastrites: net-misc/whatportis
# Pacho Ramos (28 Jun 2018) # Doesn't work at all (#645388). Removal in a month net-misc/whatportis
[gentoo-dev] Lastrites: dev-python/pyrtf
# Pacho Ramos (28 Jun 2018) # Doesn't work, dead since 2005, bug #658984. Removal in a month. dev-python/pyrtf
[gentoo-dev] Last-rites: qt4-r2.eclass, qt4-build-multilib.eclass
qt4-r2.eclass: Marked @DEAD for removal qt4-build-multilib.eclass: Marked @DEAD for removal No consumers left in Gentoo ebuild repository (or masked).
[gentoo-dev] Lastrites: app-misc/jira-cli
# Pacho Ramos (28 Jun 2018) # Cannot be imported, bug #659410. Removal in a month. app-misc/jira-cli
[gentoo-dev] Last-rites: app-eselect/eselect-qtgraphicssystem
# Andreas Sturmlechner (26 Jun 2018) # Mask Qt4 for removal. Bug #631788 app-eselect/eselect-qtgraphicssystem