Security Market Segment LS
Friday, 29 June 2018 09:07

Gentoo Linux GitHub mirror hacked, content modified


The GitHub mirror of the Gentoo Linux distribution has been compromised and the project behind Gentoo is warning users not to use code from this source.

In a statement, the Gentoo leadership said some unknown individuals had gained control of the GitHub Gentoo mirror on 28 June at 20.20 UTC and modified the content and pages.

Gentoo is a Linux distribution meant for advanced users. The source is compiled locally depending on user preferences and is often optimised for specific hardware.

Some larger packages are offered as precompiled binaries with the same applying to those which have no source code available.

GitHub was recently acquired by Microsoft for US$7.5 billion (A$9.79 billion) in Microsoft stock.

As iTWire  reported, the NSA could now have access to the source code stored on the site, if Microsoft's past practices of allowing the agency access to its systems are any guide.

The Gentoo project said: "We are still working to determine the exact extent and to regain control of the mirror and its repositories. All Gentoo code hosted on GitHub should, for the moment, be considered compromised."

The project said that this did not affect any code hosted on the Gentoo infrastructure. "Since the master Gentoo ebuild repository is hosted on our own infrastructure and since GitHub is only a mirror for it, you are fine as long as you are using rsync or webrsync from

"Also, the gentoo-mirror repositories including metadata are hosted under a separate Github mirror and likely not affected as well. All Gentoo commits are signed, and you should verify the integrity of the signatures when using git."


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments