Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
post-hack appreciation
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
SumDog
n00b
n00b


Joined: 16 Dec 2005
Posts: 16
Location: Chicago, USA

PostPosted: Wed Jul 04, 2018 9:32 pm    Post subject: post-hack appreciation Reply with quote

Hey, just wanted to say to all the maintainers/devs out here, Gentoo was my primary OS from University (2002 to 2008 I think), and after a brief period on a Hackintosh and then a MacBook, it's been my primary OS since 2012. I've used it on my home machines, my laptops, and even on three different work machines.

I love Gentoo. I love the ability to customize, to be able to run both with or without systemd, the colorfulness of the package manager, the incredibly support on IRC (freenode/#gentoo) and all the work that goes into making this a really fun operating system to use and develop with.

I also really appreciate all the openness around the recent Github mirror compromise, the response by the maintainers, and all the up to date information. It's pretty refreshing and I'm glad there are so many people who work incredibly hard to make this a solid operating system.

Kudos to everyone, devs, maintainers, testers and end users, that have kept the Gentoo community strong all these years.
Back to top
View user's profile Send private message
Marcih
Tux's lil' helper
Tux's lil' helper


Joined: 19 Feb 2018
Posts: 129

PostPosted: Thu Jul 05, 2018 6:46 am    Post subject: Reply with quote

Same thanks to the devs goes from me. It was a couple of days after the crack that a GPG verification of my local Portage tree took place after I did emerge --sync (I also sync'd a couple of hours after the announcement and it wasn't present yet, only when I sync'd the next days did I have the verification). If I understood correctly, the rsync verification has been in the works for a while now but it's nice to finally see it in action, regardless whether the crack accelerated the deployment or not. The information about what exactly happened was detailed and quick enough for my liking, thanks for the transparency.

I know shit gets flung the developers' way occasionally for being unprofessional and what not, but the recent event has certainly been handleded in a professional way. The Gentoo devs are volunteers (I think?) but they take Gentoo very seriously. Thank you.
_________________
Bones McCracker wrote:
It wouldn't be so bad, if it didn't suck.
Back to top
View user's profile Send private message
gengreen
Tux's lil' helper
Tux's lil' helper


Joined: 23 Dec 2017
Posts: 81

PostPosted: Thu Jul 05, 2018 10:55 am    Post subject: Reply with quote

Hack is a big word for what happen, vandalism almost harmless I would say

Do actually the edited ebuild could affect any Gentoo system ? The history of Github show that only rm -rf / was add at the first line of each ebuild, I tried this one on my system by curiosity but didn't work, portage throw this :

Code:
 External commands disallowed while sourcing ebuild: rm -rf *


Question : Could, even a single Gentoo system who have sync & emerge those ebuild, be affected in any way ?

If the answer is no, maybe it should be add here -> https://wiki.gentoo.org/wiki/Github/2018-06-28 looking at most of the article found with Google, a lot of people will be misinformed (A good example is the title made by bleeding computer, File-Wiping Malware :x)
Back to top
View user's profile Send private message
SumDog
n00b
n00b


Joined: 16 Dec 2005
Posts: 16
Location: Chicago, USA

PostPosted: Thu Jul 05, 2018 3:22 pm    Post subject: Reply with quote

gengreen wrote:
vandalism ... I would say


Yes, you're right. Hack is the wrong word. Although someone who wasn't a script kidding could have slowly done things people wouldn't have seen for a while. There is a serious aspect to this.

I was really just trying to show my appreciation in being part of the Gentoo community.
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 6875

PostPosted: Thu Jul 05, 2018 4:35 pm    Post subject: Re: post-hack appreciation Reply with quote

SumDog wrote:
I also really appreciate all the openness around the recent Github mirror compromise, the response by the maintainers, and all the up to date information.

You know it's just in the social contract to not hide problem
https://www.gentoo.org/get-started/philosophy/social-contract.html
gengreen wrote:

The history of Github show that only rm -rf / was add at the first line of each ebuild, I tried this one on my system by curiosity

even if, it's been time rm protect /
man rm wrote:
--preserve-root
do not remove '/' (default)
Back to top
View user's profile Send private message
Marcih
Tux's lil' helper
Tux's lil' helper


Joined: 19 Feb 2018
Posts: 129

PostPosted: Fri Jul 06, 2018 8:37 pm    Post subject: Re: post-hack appreciation Reply with quote

krinn wrote:
even if, it's been time rm protect
Best part is, correct me if I'm wrong, the line that was added was:
Code:
rm /*
Therefore no recursive, making it completely useless, with or without preserving root.
_________________
Bones McCracker wrote:
It wouldn't be so bad, if it didn't suck.
Back to top
View user's profile Send private message
steveL
Watchman
Watchman


Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery

PostPosted: Mon Jul 09, 2018 1:43 pm    Post subject: Re: post-hack appreciation Reply with quote

SumDog wrote:
I love Gentoo. I love the ability to customize, the colorfulness of the package manager, the incredible support on IRC (freenode/#gentoo) and all the work that goes into making this a really fun operating system to use and develop with.
++
Gentoo is definitely the best Linux distro for a software engineer.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17503

PostPosted: Wed Jul 11, 2018 3:03 pm    Post subject: Reply with quote

Moved from Other Things Gentoo to Gentoo Chat. Fits better here as it is not support related.
_________________
It is what it is out there. So whatever it is, it is.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum