On Fri, Jun 29, 2018 at 7:19 AM, Francisco Blas Izquierdo Riera (klondike) <klond...@gentoo.org> wrote: > El 29/06/18 a las 03:55, Duane Robertson escribió: >> On Thu, 28 Jun 2018 23:15:36 +0200 >> "Francisco Blas Izquierdo Riera (klondike)" <klond...@gentoo.org> wrote: >> >>> Hi! >>> >>> I just want to notify that an attacker has taken control of the Gentoo >>> organization in Github and has among other things replaced the portage >>> and musl-dev trees with malicious versions of the ebuilds intended to >>> try removing all of your files. >>> >>> Whilst the malicious code shouldn't work as is and GitHub has now >>> removed the organization, please don't use any ebuild from the GitHub >>> mirror ontained before 28/06/2018, 18:00 GMT until new warning. >>> >>> Sincerely, >>> Francisco Blas Izquierdo Riera (klondike) >>> Gentoo developer. >>> >>> >> Is it at all likely that any signing keys have been compromised? I >> can't think of how that would happen, but I don't know much about the >> situation. >> > If you mean the release signing key the answer is a clear no according > to infra's forensics. If you mean specific developers' keys it is > unlikely but not fully impossible as we still don't know how the > attackers got hold of the compromised accounts. >
I can't help but notice this was moved to gentoo-user. Are posts to gentoo-dev being moderated properly, or should I not bother submitting anything?
