Gentoo's GitHub mirror compromise incident report
Gentoo's GitHub mirror compromise incident report
Posted Jul 5, 2018 3:20 UTC (Thu) by jcorgan (subscriber, #47213)In reply to: Gentoo's GitHub mirror compromise incident report by Karellen
Parent article: Gentoo's GitHub mirror compromise incident report
Github, the source code repository service that Gentoo uses as a backup, has a feature where groups of developers can have an "Organization" to organize various rights to do different things on the website. Typically the "... Github Organization" is made admin and then different developers are made members of the org. In this case it looks like an attacker gained access to that admin group and went from there.
Posted Jul 6, 2018 15:33 UTC (Fri)
by Karellen (subscriber, #67644)
[Link]
OK, that makes sense. I thought they were talking about an actual organization.
Gentoo's GitHub mirror compromise incident report
Oh, so it's an account, or a type of account, or like a group (as in a Unix group).