Lessons from the PHP git repo "hack"
@lbutlr
kremels at kreme.com
Wed Mar 31 14:03:11 UTC 2021
On 31 Mar 2021, at 07:58, Felix Palmen <felix at palmen-it.de> wrote:
> * @lbutlr <kremels at kreme.com> [20210331 07:47]:
>> Which brings me to the reason for this post, as it seems that the
>> ports collection of FreeBSD 13.x will be in the same position, running
>> a private git server network and using GitHub as a mirror and I wonder
>> if some lessons from php's experience with this should be considered
>> for this setup before it's implemented.
>
> Apart from the fact there's only one ports tree…
How does that make any difference? If someone gains access to the repo and makes changes everyone gets this changes.
> I'd say the lesson is keep your systems updated and pay attention to
> keep your credentials safe/secret. I don't see how Github would prevent
> such an incident any better.
That is making an assumption that the people running the php git server were incompetent, which is not something I am willing to do at this point.
--
But I been sane a long while now, and change is good.
More information about the freebsd-ports
mailing list