Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Canonical github user account hacked
#1
Information 
Arrow  
One of Canonical's GitHub user accounts was recently hacked.   I have not seen an official response from Canonical, but I am sure they are performing due diligence to determine the extent of the attack.

Even though Canonical has since removed them, earlier their GitHub account had many hack entries. See the following link: https://web.archive.org/web/201907061446...nonicalLtd

Please understand I am not condemning Canonical, and I realize all corporations continuously battle security risks.   I believe all Ubuntu users should be aware of any potential malware, so stay tuned for an official Ubuntu statement.
Idea  Give a man a fish, and you feed him for a day. Teach a man to fish, and you feed him for a lifetime.

Reply
#2
Never good.  At this point the Ubuntu security team has said no source code seems to be compromised and that 11 empty repos were created.  Those and the bogus account on Github have been deleted.


Also the Ubuntu team mentioned Launchpad does not pull from Github so all code is secure on that platform from this issue.
Jeremy (Mr. Server)

* Desktop: Ubuntu MATE
* Windows are for your walls, Apple is for your health, Linux is for your computer
Reply
#3
(07-08-2019, 02:44 PM)cleverwise Wrote: Also the Ubuntu team mentioned Launchpad does not pull from Github so all code is secure on that platform from this issue.

This is the important thing: Canonical does not use GitHub as their
primary development platform. Basically no larger project does. They
all host their own git instances which are invite only. GitHub is
often used as a read-only mirror, because (to paraphrase Torvalds)
it does hosting rather well.

Off topic, but this is also why many new developers have trouble with
contributing to larger projects, as they are used to contributing to
projects on GitHub. The way GitHub handles contributions (by contributers
forking the project and submitting a pull request) is technically wrong.
Contributers are supposed to use 'git send-email', according to the
git developers.
My website - My git repos

"Things are only impossible until they’re not." - Captain Jean-Luc Picard
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)