The Gentoo Linux distribution has warned of an attack on its GitHub-hosted source code, which saw individuals unknown gain control of its organisation and modify files - but it claims its users should be safe.
Founded in 2000, Gentoo Linux differs from the majority of Linux distributions by distributing source code rather than pre-compiled binaries, having software compiled locally with optimisations specific to the user's hardware and preferences. Unfortunately, some of that source code has been maliciously modified, the project's maintainers have announced, following an attack on one of its organisations on the collaborative coding site GitHub.
'Today 28 June at approximately 20:20 UTC unknown individuals have gained control of the GitHub Gentoo organisation, and modified the content of repositories as well as pages there,' the project maintainers explained in the original announcement published late last night. 'We are still working to determine the exact extent and to regain control of the organisation and its repositories. All Gentoo code hosted on GitHub should for the moment be considered compromised.'
While the unauthorised access was reverted a few hours later, the project warns that the source code hosted there should still be considered suspect. Thankfully, the attack was limited in scope: The project maintainers have confirmed that the master Gentoo build repository is hosted on in-house infrastructure with GitHub serving only as a mirror, meaning end users who use the Portage package management system to install and update Gentoo and its software packages should not have been affected by the attack.
'We continue to work with GitHub on establishing a timeline of what happened,' the maintainer's latest update continues, 'and we commit to sharing this with the community as soon as we can.'
October 14 2021 | 15:04
In line with recent changes to data protection legislation in the UK and Europe we would like to direct you to our updated Privacy Policy here.
Want to comment? Please log in.
Posted by Glix - Sat Jun 30 2018 12:43
Posted by Cheapskate - Sun Jul 01 2018 15:54
Posted by edzieba - Mon Jul 02 2018 11:37
Plus, that's assuming the changelogs were not also compromised.