View previous topic :: View next topic |
Author |
Message |
SumDog n00b
Joined: 16 Dec 2005 Posts: 20 Location: Chicago, USA
|
Posted: Wed Jul 04, 2018 9:32 pm Post subject: post-hack appreciation |
|
|
Hey, just wanted to say to all the maintainers/devs out here, Gentoo was my primary OS from University (2002 to 2008 I think), and after a brief period on a Hackintosh and then a MacBook, it's been my primary OS since 2012. I've used it on my home machines, my laptops, and even on three different work machines.
I love Gentoo. I love the ability to customize, to be able to run both with or without systemd, the colorfulness of the package manager, the incredibly support on IRC (freenode/#gentoo) and all the work that goes into making this a really fun operating system to use and develop with.
I also really appreciate all the openness around the recent Github mirror compromise, the response by the maintainers, and all the up to date information. It's pretty refreshing and I'm glad there are so many people who work incredibly hard to make this a solid operating system.
Kudos to everyone, devs, maintainers, testers and end users, that have kept the Gentoo community strong all these years. |
|
Back to top |
|
|
Marcih Apprentice
Joined: 19 Feb 2018 Posts: 213
|
Posted: Thu Jul 05, 2018 6:46 am Post subject: |
|
|
Same thanks to the devs goes from me. It was a couple of days after the crack that a GPG verification of my local Portage tree took place after I did emerge --sync (I also sync'd a couple of hours after the announcement and it wasn't present yet, only when I sync'd the next days did I have the verification). If I understood correctly, the rsync verification has been in the works for a while now but it's nice to finally see it in action, regardless whether the crack accelerated the deployment or not. The information about what exactly happened was detailed and quick enough for my liking, thanks for the transparency.
I know shit gets flung the developers' way occasionally for being unprofessional and what not, but the recent event has certainly been handleded in a professional way. The Gentoo devs are volunteers (I think?) but they take Gentoo very seriously. Thank you. _________________
Bones McCracker wrote: | It wouldn't be so bad, if it didn't suck. |
NeddySeagoon wrote: | The problem with leaving is that you can only do it once and it reduces your influence. |
|
|
Back to top |
|
|
gengreen Apprentice
Joined: 23 Dec 2017 Posts: 150
|
Posted: Thu Jul 05, 2018 10:55 am Post subject: |
|
|
Hack is a big word for what happen, vandalism almost harmless I would say
Do actually the edited ebuild could affect any Gentoo system ? The history of Github show that only rm -rf / was add at the first line of each ebuild, I tried this one on my system by curiosity but didn't work, portage throw this :
Code: | External commands disallowed while sourcing ebuild: rm -rf * |
Question : Could, even a single Gentoo system who have sync & emerge those ebuild, be affected in any way ?
If the answer is no, maybe it should be add here -> https://wiki.gentoo.org/wiki/Github/2018-06-28 looking at most of the article found with Google, a lot of people will be misinformed (A good example is the title made by bleeding computer, File-Wiping Malware ) |
|
Back to top |
|
|
SumDog n00b
Joined: 16 Dec 2005 Posts: 20 Location: Chicago, USA
|
Posted: Thu Jul 05, 2018 3:22 pm Post subject: |
|
|
gengreen wrote: | vandalism ... I would say |
Yes, you're right. Hack is the wrong word. Although someone who wasn't a script kidding could have slowly done things people wouldn't have seen for a while. There is a serious aspect to this.
I was really just trying to show my appreciation in being part of the Gentoo community. |
|
Back to top |
|
|
krinn Watchman
Joined: 02 May 2003 Posts: 7470
|
Posted: Thu Jul 05, 2018 4:35 pm Post subject: Re: post-hack appreciation |
|
|
SumDog wrote: | I also really appreciate all the openness around the recent Github mirror compromise, the response by the maintainers, and all the up to date information. |
You know it's just in the social contract to not hide problem
https://www.gentoo.org/get-started/philosophy/social-contract.html
gengreen wrote: |
The history of Github show that only rm -rf / was add at the first line of each ebuild, I tried this one on my system by curiosity |
even if, it's been time rm protect /
man rm wrote: | --preserve-root
do not remove '/' (default) |
|
|
Back to top |
|
|
Marcih Apprentice
Joined: 19 Feb 2018 Posts: 213
|
Posted: Fri Jul 06, 2018 8:37 pm Post subject: Re: post-hack appreciation |
|
|
krinn wrote: | even if, it's been time rm protect | Best part is, correct me if I'm wrong, the line that was added was:Therefore no recursive, making it completely useless, with or without preserving root. _________________
Bones McCracker wrote: | It wouldn't be so bad, if it didn't suck. |
NeddySeagoon wrote: | The problem with leaving is that you can only do it once and it reduces your influence. |
|
|
Back to top |
|
|
steveL Watchman
Joined: 13 Sep 2006 Posts: 5153 Location: The Peanut Gallery
|
Posted: Mon Jul 09, 2018 1:43 pm Post subject: Re: post-hack appreciation |
|
|
SumDog wrote: | I love Gentoo. I love the ability to customize, the colorfulness of the package manager, the incredible support on IRC (freenode/#gentoo) and all the work that goes into making this a really fun operating system to use and develop with. | ++
Gentoo is definitely the best Linux distro for a software engineer. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Wed Jul 11, 2018 3:03 pm Post subject: |
|
|
Moved from Other Things Gentoo to Gentoo Chat. Fits better here as it is not support related. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
|