github portal hacked?
cal at macports.org
Tue Aug 4 21:05:35 UTC 2020
On Tue, Aug 04, 2020 at 09:24:47AM -0400, Lenore Horner wrote:
> I was going to file a bug for gnucash 4.1 because even after a clean,
> it fails to build, but when I clicked the github login button from the
> macports page https://trac.macports.org/search?q=gnucash
> <https://trac.macports.org/search?q=gnucash>, I got a warning from
> Avast that the site contains malware and is a phishing scam. Or is
> Avast being stupid?
Our GitHub login is a standard OAuth login mechanism. The code that
implements this is the trac-github Trac plugin, which we are developing
in conjunction with two people from the Trac community over at
Specifically, the code that handles the login is
To my knowledge, none of that is malicious, and I have personally
installed the plugin from this repository on trac.macports.org. I really
think this is a false positive from Avast – however, you should report
this to Avast so that they become aware of the problem and can adjust
their filter mechanisms.
More information about the macports-users