I'm just providing this link as a public service as I know that many members here like and use Linux and may wish to know of this news. Let's keep everything civil and not turn this thread into a war. Thank you, have a nice day.

https://nakedsecurity.sophos.com/2018/06/29/linux-distro-hacked-on-github-all-code-considered-compromised/

Linux distro = Gentoo

I simply did a direct cut and paste of the article's headline and the link leading to the article. I do not use Linux or claim to be an expert on it, I only wanted to let our many Linux users here know about it in case they might be affected.

What interests me is how the breach / change is done in the first place and no explanation for that on the article.

Normally people have to fork a github repo, make change and re-upload. It all requires valid github login and approvement from project manager. I'm curious if they found a backdoor or anything like it in github

Few lucky I didn't download it TY TARFU

oh and +1

Whatever. I use gentoo, and this is the least of my current distro-related concerns. I prefer lwn.net for Linux-related news and informed discussion over gog.com. Never even heard of nakesecurity.sophos.com, and don't care.

Ah, Gentoo. One of the more whacked up distros anyway.

And nothing of value was lost.

it seems one account was compromised (probably password stolen ??). as things happen most of the time.
no need to hack the infrastructure, just find a user who isn't careful enough about his personal security.

By the changes done by the attackers you can probably guess that some dumb script kiddys from 4chan did this for the lolz, ie it is not an sophisticated attack. the acquisition is done by the end of the calendar year I think, so we probably have to dismiss this nice conspiracy theory ;)