Follow

Check your binaries guys!

> Giteabot account was compromised

github.com/go-gitea/gitea/issu

@Sir_Boops it's written in go, it's almost trivial to compile it yourself. Why have binaries up at all -__-

@Sir_Boops And this is why you should always put hashes or even better, signatures(OpenPGP or signify) on your source archives.

@Sir_Boops oh dear. Incidentally I just switched off of gitea for unrelated reasons, so I guess that's good

@Sir_Boops yeah :B I was using docker so no clue about that

@annika @Sir_Boops

Looks like the two hashes they posted may have been a comparison (?) but at this point we don't know.

I'm a bit frustrated by the "hey you all might have viruses, we'll let you know at a later date" vibe of the casual GitHub issue. Bummer.

@Sir_Boops @christianbundy They updated the issue with an all-clear (binaries were replaced with 13 kilobyte crypto miners, if your binary _actually worked_ you didn't get a compromised one). I'll look into source builds anyway. :P

Sign in to participate in the conversation
Sergal.org - Mastodon

A general friendly, up to date, secure instance that trends toward topics of tech, games, and everything fluffy!

✔️ Up since November 19, 2017 Current Up-Time
✔️ Onion federation support
✔️ I2P federation support

Onion Links: v2, v3

Please note .onion users to login you will have to accept the invalid TLS cert for it to work correctly!
Also you will need a valid CLEARNET email address to signup!

If you're new to Mastodon checkout this guide for some tips!

More about this instance