github portal hacked?

Clemens Lang cal at macports.org
Tue Aug 4 21:05:35 UTC 2020


On Tue, Aug 04, 2020 at 09:24:47AM -0400, Lenore Horner wrote:
> I was going to file a bug for gnucash 4.1 because even after a clean,
> it fails to build, but when I clicked the github login button from the
> macports page https://trac.macports.org/search?q=gnucash
> <https://trac.macports.org/search?q=gnucash>, I got a warning from
> Avast that the site contains malware and is a phishing scam.  Or is
> Avast being stupid?

Our GitHub login is a standard OAuth login mechanism. The code that
implements this is the trac-github Trac plugin, which we are developing
in conjunction with two people from the Trac community over at
github.com/trac-hacks/trac-github.

Specifically, the code that handles the login is
https://github.com/trac-hacks/trac-github/blob/master/tracext/github/__init__.py#L158-L226

To my knowledge, none of that is malicious, and I have personally
installed the plugin from this repository on trac.macports.org. I really
think this is a false positive from Avast – however, you should report
this to Avast so that they become aware of the problem and can adjust
their filter mechanisms.

-- 
Clemens


More information about the macports-users mailing list