Seems the website may have been hacked. It’s unclear if the repo is affected. You may want to delay updates from it for now.
I saw this soon after getting the latest cuda updates. 
2 Likes
Thanks for the update, I was actually thinking about updating today. 
The repo is fine. Ive audited the repository… Signatures sha256 are a okay…
Yes his site was hacked but I doubt it had an effect on his github builds of the software
It looks like it was some DNS hijack… Oh well might as well halt updates from here on until he posts an update to what happened
1 Like
On the other hand. Why so few people use DNSSEC
Yeah DNS over HTTPS would be ideal
Seems all clear now. The website has been fixed and apparently the repos were unaffected. Thanks @PhaseLockedLoop for checking the signatures. The maintainer responded:
Hello! I fixed the website yesterday, some automated bot used a Wordpress bug to put an extra php file and a redirect in place, no other file is compromised.
Repositories as well are fine, I will move the GPG key somewhere else (Github?) so people can be sure that it has not been tampered.
Also: https://www.reddit.com/r/Fedora/comments/c0z8zf/updatenegativo17_issue_fixed/
This got me wondering, what would be appropriate user response in case some repo did get hacked?
For a while I’ve been reducing the number of third party repos I use, but negativo17 seems more practical than rpmfusion because it also contains cuda dev files, which to my knowledge rpmfusion does not.
remove the software packages … purge the repo… audit the system
If you still want those packages… find the github build from source
What do you mean specifically by this?
I’m not overly worried in this case, but in general perhaps it’s just a matter of time before some repo gets compromised.
Would this threat change the kind of backups you make, such as disk images vs backing up only certain files/directories?
If your ever worried about Linux security start at this blog
2 Likes
You should! Linux is not secure out of the box. Linux Myth # 14,587,895. # 14,587,896 is that Kali offers “privacy and security”.
Best wheeze.jpeg scenario EVER.
