github portal hacked?

Clemens Lang cal at
Tue Aug 4 21:05:35 UTC 2020

On Tue, Aug 04, 2020 at 09:24:47AM -0400, Lenore Horner wrote:
> I was going to file a bug for gnucash 4.1 because even after a clean,
> it fails to build, but when I clicked the github login button from the
> macports page
> <>, I got a warning from
> Avast that the site contains malware and is a phishing scam.  Or is
> Avast being stupid?

Our GitHub login is a standard OAuth login mechanism. The code that
implements this is the trac-github Trac plugin, which we are developing
in conjunction with two people from the Trac community over at

Specifically, the code that handles the login is

To my knowledge, none of that is malicious, and I have personally
installed the plugin from this repository on I really
think this is a false positive from Avast – however, you should report
this to Avast so that they become aware of the problem and can adjust
their filter mechanisms.


More information about the macports-users mailing list