Sir Bøøps is a user on sergal.org. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Sir Bøøps @Sir_Boops
Follow

Check your binaries guys!

> Giteabot account was compromised

github.com/go-gitea/gitea/issu

· Web · 26 · 6

@Sir_Boops it's written in go, it's almost trivial to compile it yourself. Why have binaries up at all -__-

@Sir_Boops And this is why you should always put hashes or even better, signatures(OpenPGP or signify) on your source archives.
@Sir_Boops

I just did

apk add gitea

which was built from source lol

@Sir_Boops oh dear. Incidentally I just switched off of gitea for unrelated reasons, so I guess that's good

@kevin If ya built from source it's fine anyway :p

@Sir_Boops yeah :B I was using docker so no clue about that

@annika @Sir_Boops

Looks like the two hashes they posted may have been a comparison (?) but at this point we don't know.

I'm a bit frustrated by the "hey you all might have viruses, we'll let you know at a later date" vibe of the casual GitHub issue. Bummer.

@christianbundy @annika Best idea is to just build from source ;D

@Sir_Boops @christianbundy They updated the issue with an all-clear (binaries were replaced with 13 kilobyte crypto miners, if your binary _actually worked_ you didn't get a compromised one). I'll look into source builds anyway. :P