archives.gentoo.org
HAHAHAHAHAHAHA
JUST
D-Dude it's just the GitHub bro, like don't worry. There are absolutely NO implications for what has happened in regards to developer incompetence! Trust me!
oh no somebody might compromise my meme gentoo system
>Install Gentoo
nooooooooooooooooooo :(
wtf i hate gentoo now
I guess ignoring Jow Forums and not installing gentoo was the right thing to do.
I’m the h4x0r known as Jow Forums that did this. AMA.
I don't understand
A mirror was compromised. It's literally nothing.
Just a mirror though, right? Thought they didn't use github. Still pretty embarrassing.
Debian literally got one of its internal servers hacked and yet no one bats an eye.
Void's main developer disappears.
This is absolutely nothing in comparison.
>muh whabaoutism
It's Nutella. He's got the passwords in plaintext and now he's going all Extend Extinguish on Gentoo's ass.
Get ready for your Microsoft overlords, Gentooers!
>lemme use meaningless words to look like a kool kid
there was something about gentoo forum having laughable security for some decade now
At least /our distro/ is safe
Arch's lead dev used to get hacked repeatedly though, it wasnt until they took control away from him that it stopped.
DELET THIS
This, literally every major distro had problems of the sort at some point, and they all overcame them.
Having a mirror compromised is tame as fuck compared to what happened to other distros in the past.
s-sudo .. em-emerge .. -w-webrsynIS IT SAFE? :(
Did you set it to sync from github? No.
Otherwise, yes.
y-you really think someone would do that?
just install the gentoo and sync from github? :(
Paranoid here. Maybe it is an inside job to damage the reputation of github since Microsoft bought it.
{,web}rsync doesn't go anywhere near GitHub.
You'd have to generate a fuckton of metadata yourself unless you want Portage to drag along for ages, if you use the main Gentoo repo. And if you use the Gentoo-Mirror repo, which has this metadata impregnated, but is on a seperate GitHub org entirely, then you should be unaffected.
That would just make Gentoo even better.
Sources?
Canonical Ubuntu does not have this problem
this makes me worried about their password security on their servers. it should not be possible to do this if you have a good password
Password security is irrelevant when you own the platform. :^)
GitHub DOES have 2fa also... guess security isn't a top priority.
that logo looks terrible. any of the old logos are much better.
>Debian literally got one of its internal servers hacked and yet no one bats an eye.
That was 12 years ago.
>Void's main developer disappears.
Void is a meme distro, nowhere near as popular and important as Gentoo.
>That was 12 years ago.
Wew, I guess events get deleted from history after a certain period.
So because OpenBSD had a remote hole 11 years ago it says something about the quality of the project now? Debian is 25 years old, a server was compromised once, is it really pertinent?
What said is because of something that happened today. A bit different.
Time to move to a self-hosted gitlab I guess.