The Gentoo distribution replaced the GitHub mirror as it allegedly lost control of someone who violated the repository code.
In a warning, the Gentoo project announced that the attacker managed to take control of Gentoo Github 28 in June at 11: 20 time of Greece.
"All Gentoo code hosted on github should be considered hacked at this time," the statement said.
The Gentoo project has stated that its infrastructure is considered secure and that the users should be fine if they rsync or webrsync from gentoo.org.
A suspension in the gentoo-dev lists that the attacker replaced all portage and musl-dev trees with ebuilds that would try to remove all the files from the end user system.
Although the malicious code should not work as GitHub is now restored, please do not use any ebuilds from the GitHub mirror acquired before 28 / 06 / 2018, 9: 00 (Greece time) until the next communication.
The distribution has not provided more details on how the attack took place.
__________________________________