Does this incident undermine Gentoo's security credentials?
techcrunch.com
Hackers took over the Gentoo Linux GitHub repository
Brody Moore
Other urls found in this thread:
medium.com
twitter.com
Brody Brooks
Just a mirror, nobody uses it for anything serious.
Lucas Ramirez
Angel Campbell
?
I guess they meant "Three Github repositories - the Gentoo code, Musl, and systemd", rather than "repositories containing Gentoo code...systemd" which infers the systemd repo contains Gentoo code, thus implying Gentoo has systemd.
Easton Torres
moving the goal post lol
if their git repo was easily compromised, what else in gentoo has been compromised? clearly they don't know what they're doing
source-based distros are just a meme anyway
Thomas Nelson
Whatever (((you))) say.
Levi Bailey
...
John Lopez
...
Eli Lopez
yeah dude, everything is a conspiracy
compiling is a conspiracy to hide backdoors, obviously
and nobody has ever obfuscated backdoors in source code before
oh wait...
the idea that compiling everything yourself solves all security issues is dumb, especially if you're on a modern intel processor anyway, with its own OS running within it, out of reach for your OS (beyond ring 0, hidden management shit running minix)
Christopher Sanchez
yeah dude, whatever.
pick one.
Pro tip: It's the second and ring -4 is a known known
Hunter Reed
Reminder you're never going to read even a tiny fraction of the millions of lines of code in your kernel, let alone the hundreds of millions of lines in the rest of your system.
Reminder the Linux kernel, let alone the mountains of software for it, have never been subject to a full independent audited
Reminder no production OS has been formally proven.
Cooper Ross
Only niggers are too lazy to read.
Landon Mitchell
no one is moving any goal posts. github is just a mirror and you shouldn't use it.
Fixed that for you.
Their response was very professional. Also, why don't you verify your repository snapshots like a white man would?
nice bait. you should go back to >>>/reddit/ and take your shitty spacing with you. thanks.
typical macfag doesn't know how to read.
Jayden Allen
yeah sure
Jack Gutierrez
...
Colton Reyes
...
Dylan Hughes
Software is modular. Linux isn't one big .c file with millions of lines of code.
Landon Watson
*github, thanks, go away.
Benjamin Collins
github is a hub for git repos, dumbass
git is what you use with github
Adrian Howard
Just ask one user deliberately put some codes in the source and ask another user to find it in the source code.
Michael Jackson
Oh really?
Jeremiah Lopez
Old news
Ian Ward
dumbshit, you're trying to imply that a weakness in sjwhub is a weakness in gentoo. gtfo glownigger.
John Sullivan
THIS IS FROM 6 MONTHS AGO RETARD
We already had a thread on this.
1. That's just a mirror
2. You can't actually set emerge to just use that repository as it doesn't have all the metadata needed
3. The attacker was retarded and just added rm -rf / in the scripts. Emerge builds stuff in a sandbox so rm -rf / will just cause an error as that's outside of the sandbox
4. The attacker force pushed their changes so when trying to update git would error out unless this was a fresh clone.
Josiah Sanchez
yeah, really
imagine being this retarded
Adam Davis
Oh really?
Hudson Butler
Oh really?
Caleb Ortiz
He'll just look up the Git commits.
Easton Edwards
yeah, really
imagine being this retarded
Connor Hernandez
It's a reminder that anonymous maintainers can cause a great deal of harm with little effort.
How many developers downloaded the code and hadn't checked the news until the damage was done. An hour is a long time for a CIA nigger.
See medium.com
Blake Wilson
...
Bentley Scott
Thank you for clarifying.
Asher Garcia
Holy fucking shit look at all that driver bloat LOL
Linux BTFO
Linux BTFO
Linux BTFO
Linux BTFO
Linux BTFO
Josiah Davis
dumbfucks on 8ch r willing to sell their mommies for gentoo & templeos. guess u all must b the bastard children of whore_son terry! now comes the oops moment. just a matter of time b4 this site will be gone for good. merry jew_mas. ;)
Carter Reyes
Whose to say they haven't fucked with other distros?
Easton Baker
Zig Forums 2018
Ethan Davis
I read somewhere about how criminals will offer money (up to $1 per install!) to firefox and chrome extension developers so that they can push a malicious update for ransomware or spyware or something, and then the developer pretends that it was just a "compromise" rather than selling out
it doesn't matter if they get rid of it afterwards, the damage was already done
Jace King
the absolute state of this board
total damage control
cognitive fucking dissonance
Xavier Reyes
Said noone ever. We use Gentoo because its extreme customizability makes it easy to avoid freedesktopware.
Noah Miller
people pretend source-based distros are more secure because apparently tinfoil hat-wearing freetards think all compilers are malicious
William King
Have (You) compiled your own compiler after thoroughly reading its source code?
Thomas Reed
Why?
Xavier Scott
old news lmao
Nathaniel King
People use Gentoo because it's the most stable distro at this point. I haven't had a Gentoo install break ever since I started using it over 10 years ago. I can't say the same for Debian and especially CentOS.
Jace White
OpenBSD is intended to be easy to read/audit, it's an readability-performance tradeoff.
It's the only software I know of where code audits are regularly done. You've disproven your post with one of your pictures, as OpenBSD is a production OS that is formally proven.
Jason Gutierrez
here's an idea : Stop using cloud shit or github, you bloody immigrants.
Brody Davis
...
Andrew Flores
Ftfy