The distribution Gentoo replaced the GitHub mirror as it reportedly lost control to someone who hacked the code repository.
In one warning, the Gentoo project announced that an attacker managed to gain control of the Gentoo Github on June 28 at 11:20 a.m. Greeces.
"All Gentoo code hosted on github should be considered hacked at this time," the statement said.
The Gentoo project reported that its infrastructure is considered safe and that users should be ok if they make rsync or webrsync from gentoo.org.
A suspension in the gentoo-dev listings it states that the attacker replaced all portage and musl-dev trees with ebuilds that would attempt to remove all archives from the end user's system.
Although the malicious code should not work as GitHub is now restored, please do not use any ebuilds from the GitHub mirror acquired before 28 / 06 / 2018, 9: 00 (Greece time) until the next communication.
The distribution has not provided more details on how the attack took place.
__________________________________