Check your binaries guys!
> Giteabot account was compromised
@Sir_Boops it's written in go, it's almost trivial to compile it yourself. Why have binaries up at all -__-
@kaniini Glad I build from source too!
@Sir_Boops oh dear. Incidentally I just switched off of gitea for unrelated reasons, so I guess that's good
@kevin If ya built from source it's fine anyway :p
@Sir_Boops yeah :B I was using docker so no clue about that
@Sir_Boops Nice, I've got one of these: https://github.com/go-gitea/gitea/issues/4167#issuecomment-395583557
Time to rebuild that box I guess.
Looks like the two hashes they posted may have been a comparison (?) but at this point we don't know.
I'm a bit frustrated by the "hey you all might have viruses, we'll let you know at a later date" vibe of the casual GitHub issue. Bummer.
@christianbundy @annika Best idea is to just build from source ;D
@Sir_Boops @christianbundy They updated the issue with an all-clear (binaries were replaced with 13 kilobyte crypto miners, if your binary _actually worked_ you didn't get a compromised one). I'll look into source builds anyway. :P
@Sir_Boops Install Gentoo to fix.
@Sir_Boops oh no 😰