/tech/ - Technology★

Just a mirror, nobody uses it for anything serious.

>“The Gentoo Infrastructure team have identified the ingress point, and locked out the compromised account,” wrote the admins. “Three Github repositories containing the Gentoo code, Musl, and systemd. All of these repositories are being “reset back to a known good state.”

>systemd repo

?

I guess they meant "Three Github repositories - the Gentoo code, Musl, and systemd", rather than "repositories containing Gentoo code...systemd" which infers the systemd repo contains Gentoo code, thus implying Gentoo has systemd.

>>1011902

moving the goal post lol

if their git repo was easily compromised, what else in gentoo has been compromised? clearly they don't know what they're doing

source-based distros are just a meme anyway

>>1011927

Whatever (((you))) say.

>"hackers"

>guessed the admin's password

>>1011927

>source-based distros are just a meme anyway

>compiled-by-someone-else-based distros are better for you goy

>>1011943

yeah dude, everything is a conspiracy

compiling is a conspiracy to hide backdoors, obviously

and nobody has ever obfuscated backdoors in source code before

oh wait...

the idea that compiling everything yourself solves all security issues is dumb, especially if you're on a modern intel processor anyway, with its own OS running within it, out of reach for your OS (beyond ring 0, hidden management shit running minix)

>>1011961

>Reminder you're never going to read even a tiny fraction of the millions of lines of code in your kernel

Only niggers are too lazy to read.

>>1011927

>moving the goal post

no one is moving any goal posts. github is just a mirror and you shouldn't use it.

>if their [github mirror of their actual git repo] was easily compromised, what else in gentoo has been compromised? clearly they don't know what they're doing

Fixed that for you.

Their response was very professional. Also, why don't you verify your repository snapshots like a white man would?

>source-based distros are just a meme anyway

nice bait. you should go back to >>>/reddit/ and take your shitty spacing with you. thanks.

>>1011961

typical macfag doesn't know how to read.

>>1011973

>binary distro

>source distro

<muh blobs

The goalposts are back there

>faggots in this thread playing it entirely straight

<this is 6 month old news and was fixes just an hour after it happened

How can /tech/ be so dumb?

>>1011961

Software is modular. Linux isn't one big .c file with millions of lines of code.

>>1011927

>if their git

*github, thanks, go away.

>>1012061

github is a hub for git repos, dumbass

git is what you use with github

>>1012008

>>1011961

Just ask one anon deliberately put some codes in the source and ask another anon to find it in the source code.

>>1012101

Oh really?

>>1011927

dumbshit, you're trying to imply that a weakness in sjwhub is a weakness in gentoo. gtfo glownigger.

THIS IS FROM 6 MONTHS AGO RETARD

We already had a thread on this.

1. That's just a mirror

2. You can't actually set emerge to just use that repository as it doesn't have all the metadata needed

3. The attacker was retarded and just added rm -rf / in the scripts. Emerge builds stuff in a sandbox so rm -rf / will just cause an error as that's outside of the sandbox

4. The attacker force pushed their changes so when trying to update git would error out unless this was a fresh clone.

>>1012113

yeah, really

>Git (/ɡɪt/) is a version-control system for tracking changes in computer files and coordinating work on those files among multiple people. It is primarily used for source-code management in software development, but it can be used to keep track of changes in any set of files.

>GitHub Inc. is a web-based hosting service for version control using Git. It is mostly used for computer code. It offers all of the distributed version control and source code management functionality of Git as well as adding its own features.

>Repositories can be published via Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), rsync (removed in Git 2.8.0[31]), or a Git protocol over either a plain socket, or Secure Shell (ssh). Git also has a CVS server emulation, which enables the use of extant CVS clients and IDE plugins to access Git repositories. Subversion and svk repositories can be used directly with git-svn.

imagine being this retarded

>>1012211

Oh really?

>>1012211

Oh really?

>>1012105

He'll just look up the Git commits.

>>1012215

yeah, really

>Git (/ɡɪt/) is a version-control system for tracking changes in computer files and coordinating work on those files among multiple people. It is primarily used for source-code management in software development, but it can be used to keep track of changes in any set of files.

>GitHub Inc. is a web-based hosting service for version control using Git. It is mostly used for computer code. It offers all of the distributed version control and source code management functionality of Git as well as adding its own features.

>Repositories can be published via Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), rsync (removed in Git 2.8.0[31]), or a Git protocol over either a plain socket, or Secure Shell (ssh). Git also has a CVS server emulation, which enables the use of extant CVS clients and IDE plugins to access Git repositories. Subversion and svk repositories can be used directly with git-svn.

imagine being this retarded

>>1011985

It's a reminder that anonymous maintainers can cause a great deal of harm with little effort.

How many developers downloaded the code and hadn't checked the news until the damage was done. An hour is a long time for a CIA nigger.

See https://medium.com/@SwiftSafe/rogue-developer-infects-widely-used-nodejs-module-to-steal-bitcoins-3b2260cc3889

>>1012148

<Let's talk about the new vidya GPU.

>>1012182

Thank you for clarifying.

>>1011961

Holy fucking shit look at all that driver bloat LOL

Linux BTFO

Linux BTFO

Linux BTFO

Linux BTFO

Linux BTFO

>>1011900 (OP)

dumbfucks on 8ch r willing to sell their mommies for gentoo & templeos. guess u all must b the bastard children of whore_son terry! now comes the oops moment. just a matter of time b4 this site will be gone for good. merry jew_mas. ;)

Whose to say they haven't fucked with other distros?

/tech/ 2018

>>1012321

I read somewhere about how criminals will offer money (up to $1 per install!) to firefox and chrome extension developers so that they can push a malicious update for ransomware or spyware or something, and then the developer pretends that it was just a "compromise" rather than selling out

it doesn't matter if they get rid of it afterwards, the damage was already done

>we use gentoo because it's more secure!

>gentoo gets compromised

>this isn't a security problem!

>the security of the repository doesn't matter!

the absolute state of this board

total damage control

cognitive fucking dissonance

>>1012471

>>we use gentoo because it's more secure!

Said noone ever. We use Gentoo because its extreme customizability makes it easy to avoid freedesktopware.

>>1012473

people pretend source-based distros are more secure because apparently tinfoil hat-wearing freetards think all compilers are malicious

>>1012481

Have (You) compiled your own compiler after thoroughly reading its source code?

>>1012473

>avoiding freedesktopware

Why?

>>1012473

People use Gentoo because it's the most stable distro at this point. I haven't had a Gentoo install break ever since I started using it over 10 years ago. I can't say the same for Debian and especially CentOS.

>>1011961

OpenBSD is intended to be easy to read/audit, it's an readability-performance tradeoff.

It's the only software I know of where code audits are regularly done. You've disproven your post with one of your pictures, as OpenBSD is a production OS that is formally proven.

here's an idea : Stop using cloud shit or github, you bloody immigrants.

>>1013031

>t. unemployed gamer.

>>1012471

>A single unoffical mirror gets compromised that's hosted on a proprietary platform*

Ftfy