On Thu, 28 Jun 2018 23:15:36 +0200 "Francisco Blas Izquierdo Riera (klondike)" <klond...@gentoo.org> wrote:
> Hi! > > I just want to notify that an attacker has taken control of the Gentoo > organization in Github and has among other things replaced the portage > and musl-dev trees with malicious versions of the ebuilds intended to > try removing all of your files. > > Whilst the malicious code shouldn't work as is and GitHub has now > removed the organization, please don't use any ebuild from the GitHub > mirror ontained before 28/06/2018, 18:00 GMTÂ until new warning. > > Sincerely, > Francisco Blas Izquierdo Riera (klondike) > Gentoo developer. > > Is it at all likely that any signing keys have been compromised? I can't think of how that would happen, but I don't know much about the situation.
