IF YOU HAVE DOWNLOADED any files from Linux distribution Gentoo in the last 24 hours, you should probably delete them.
That’s because the organisation had its GitHub mirror compromised on Thursday evening (US time), with GitHub pages changed and e-builds replaced.
In an alert posted to its website on Friday morning, Gentoo said the attacker gained control of the open source project at approximately 20:20 UTC time, with “unknown individuals” modifying the content of repositories as well as pages there.
“We are still working to determine the exact extent and to regain control of the organization and its repositories,” the organisation said. “All Gentoo code hosted on GitHub should for the moment be considered compromised.”
However, the firm said that the breach does not affect any code hosted on the Gentoo infrastructure, because the master Gentoo e-build repository is hosted on their own infrastructure.
“And since GitHub is only a mirror for it, you are fine as long as you are using rsync or webrsync from gentoo.org,” the company added.
It also was keen to mention that the Gentoo-mirror repositories, including metadata, are hosted under a separate GitHub organisation, so are also “likely not affected”.
In a more recent update, Gentoo confirmed it had regained control of the Gentoo GitHub Organization and is “currently working with GitHub” on a procedure for resolution.
“Please continue to refrain from using code from the Gentoo GitHub Organization,” the update reads.
“Development of Gentoo primarily takes place on Gentoo operated hardware (not on GitHub) and remains unaffected. We continue to work with GitHub on establishing a timeline of what happened and we commit to sharing this with the community as soon as we can.”
The distribution is yet to provide any details on how the attack happened. Nevertheless, it claimed that all of its commits are signed, and so users should verify the integrity of the signatures when using its GitHub platform. µ
Source : Inquirer