Hackers took over the Gentoo Linux GitHub repository

Does this incident undermine Gentoo's security credentials?
techcrunch.com/2018/06/29/hackers-too-over-the-gentoo-linux-github-repository/

Attached: ClipboardImage.png (990x556, 495.71K)

Other urls found in this thread:

medium.com/@SwiftSafe/rogue-developer-infects-widely-used-nodejs-module-to-steal-bitcoins-3b2260cc3889
twitter.com/NSFWRedditVideo

Just a mirror, nobody uses it for anything serious.

Attached: Slowpoke.gif (275x300, 14.83K)

?
I guess they meant "Three Github repositories - the Gentoo code, Musl, and systemd", rather than "repositories containing Gentoo code...systemd" which infers the systemd repo contains Gentoo code, thus implying Gentoo has systemd.

moving the goal post lol

if their git repo was easily compromised, what else in gentoo has been compromised? clearly they don't know what they're doing

source-based distros are just a meme anyway

Whatever (((you))) say.

...

...

yeah dude, everything is a conspiracy
compiling is a conspiracy to hide backdoors, obviously
and nobody has ever obfuscated backdoors in source code before
oh wait...
the idea that compiling everything yourself solves all security issues is dumb, especially if you're on a modern intel processor anyway, with its own OS running within it, out of reach for your OS (beyond ring 0, hidden management shit running minix)

yeah dude, whatever.

pick one.
Pro tip: It's the second and ring -4 is a known known

Attached: gemffs.mp4 (1920x1080, 788.1K)

Reminder you're never going to read even a tiny fraction of the millions of lines of code in your kernel, let alone the hundreds of millions of lines in the rest of your system.

Reminder the Linux kernel, let alone the mountains of software for it, have never been subject to a full independent audited

Reminder no production OS has been formally proven.

Attached: 0*Q91RDOWEHzHT1dRT.png (1666x1058 111.38 KB, 53.58K)

Only niggers are too lazy to read.

no one is moving any goal posts. github is just a mirror and you shouldn't use it.
Fixed that for you.
Their response was very professional. Also, why don't you verify your repository snapshots like a white man would?
nice bait. you should go back to >>>/reddit/ and take your shitty spacing with you. thanks.

typical macfag doesn't know how to read.

yeah sure

Attached: gemsigh.mp4 (1920x1080, 810.18K)

...

...

Software is modular. Linux isn't one big .c file with millions of lines of code.

*github, thanks, go away.

github is a hub for git repos, dumbass
git is what you use with github

Just ask one user deliberately put some codes in the source and ask another user to find it in the source code.

Oh really?

Old news

Attached: 20181223_124647425_3db9.jpg (1485x1101, 58.16K)

dumbshit, you're trying to imply that a weakness in sjwhub is a weakness in gentoo. gtfo glownigger.

THIS IS FROM 6 MONTHS AGO RETARD
We already had a thread on this.
1. That's just a mirror
2. You can't actually set emerge to just use that repository as it doesn't have all the metadata needed
3. The attacker was retarded and just added rm -rf / in the scripts. Emerge builds stuff in a sandbox so rm -rf / will just cause an error as that's outside of the sandbox
4. The attacker force pushed their changes so when trying to update git would error out unless this was a fresh clone.

yeah, really
imagine being this retarded

Oh really?

Oh really?

He'll just look up the Git commits.

yeah, really

imagine being this retarded

It's a reminder that anonymous maintainers can cause a great deal of harm with little effort.
How many developers downloaded the code and hadn't checked the news until the damage was done. An hour is a long time for a CIA nigger.
See medium.com/@SwiftSafe/rogue-developer-infects-widely-used-nodejs-module-to-steal-bitcoins-3b2260cc3889

...

Thank you for clarifying.

Holy fucking shit look at all that driver bloat LOL
Linux BTFO
Linux BTFO
Linux BTFO
Linux BTFO
Linux BTFO

dumbfucks on 8ch r willing to sell their mommies for gentoo & templeos. guess u all must b the bastard children of whore_son terry! now comes the oops moment. just a matter of time b4 this site will be gone for good. merry jew_mas. ;)

Whose to say they haven't fucked with other distros?

Zig Forums 2018

I read somewhere about how criminals will offer money (up to $1 per install!) to firefox and chrome extension developers so that they can push a malicious update for ransomware or spyware or something, and then the developer pretends that it was just a "compromise" rather than selling out

it doesn't matter if they get rid of it afterwards, the damage was already done

the absolute state of this board
total damage control
cognitive fucking dissonance

Said noone ever. We use Gentoo because its extreme customizability makes it easy to avoid freedesktopware.

people pretend source-based distros are more secure because apparently tinfoil hat-wearing freetards think all compilers are malicious

Have (You) compiled your own compiler after thoroughly reading its source code?

Why?

old news lmao

Attached: 2018-12-26-071105_7680x4320_scrot.png (7680x4320, 8.73M)

People use Gentoo because it's the most stable distro at this point. I haven't had a Gentoo install break ever since I started using it over 10 years ago. I can't say the same for Debian and especially CentOS.

OpenBSD is intended to be easy to read/audit, it's an readability-performance tradeoff.

It's the only software I know of where code audits are regularly done. You've disproven your post with one of your pictures, as OpenBSD is a production OS that is formally proven.

here's an idea : Stop using cloud shit or github, you bloody immigrants.

...

Ftfy