The Gentoo distribution replaced it GitHub mirror as it was allegedly lost control by someone who breached the repository code.
In a warning, the Gentoo project announced that the attacker managed to take control of Gentoo Github 28 in June at 11: 20 time of Greece.
"All Gentoo code hosted on github should be considered hacked at this time," the statement said.
The Gentoo project reported that its infrastructure is considered safe and that users should be ok if they make rsync or webrsync from gentoo.org.
A suspension in the gentoo-dev listings it states that the attacker replaced all portage and musl-dev trees with ebuilds that would attempt to remove all files from system of the end user.
Although the malicious code should not work as is and GitHub has now been restored, please do not usesno ebuild from GitHub mirror acquired before 28/06/2018, 9:00 (Greece time) until further notice.
The distribution has not provided more details on how the attack took place.
__________________________________