Lessons from the PHP git repo "hack"

Felix Palmen felix at palmen-it.de
Wed Mar 31 14:29:19 UTC 2021


* @lbutlr <kremels at kreme.com> [20210331 08:03]:
> > Apart from the fact there's only one ports tree…
> 
> How does that make any difference? If someone gains access to the repo
> and makes changes everyone gets this changes.

Difference is that it has nothing to do with FreeBSD 13.

> > I'd say the lesson is keep your systems updated and pay attention to
> > keep your credentials safe/secret. I don't see how Github would
> > prevent such an incident any better.
> 
> That is making an assumption that the people running the php git
> server were incompetent, which is not something I am willing to do at
> this point.

What's your alternative theory? Does it imply Github would be "more
secure", and if so, how?

-- 
 Dipl.-Inform. Felix Palmen  <felix at palmen-it.de>   ,.//..........
 {web}  http://palmen-it.de  {jabber} [see email]   ,//palmen-it.de
 {pgp public key}     http://palmen-it.de/pub.txt   //   """""""""""
 {pgp fingerprint} A891 3D55 5F2E 3A74 3965 B997 3EF2 8B0A BC02 DA2A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20210331/6f549497/attachment.sig>


More information about the freebsd-ports mailing list