Lessons from the PHP git repo "hack"
Felix Palmen
felix at palmen-it.de
Wed Mar 31 14:29:19 UTC 2021
* @lbutlr <kremels at kreme.com> [20210331 08:03]:
> > Apart from the fact there's only one ports tree…
>
> How does that make any difference? If someone gains access to the repo
> and makes changes everyone gets this changes.
Difference is that it has nothing to do with FreeBSD 13.
> > I'd say the lesson is keep your systems updated and pay attention to
> > keep your credentials safe/secret. I don't see how Github would
> > prevent such an incident any better.
>
> That is making an assumption that the people running the php git
> server were incompetent, which is not something I am willing to do at
> this point.
What's your alternative theory? Does it imply Github would be "more
secure", and if so, how?
--
Dipl.-Inform. Felix Palmen <felix at palmen-it.de> ,.//..........
{web} http://palmen-it.de {jabber} [see email] ,//palmen-it.de
{pgp public key} http://palmen-it.de/pub.txt // """""""""""
{pgp fingerprint} A891 3D55 5F2E 3A74 3965 B997 3EF2 8B0A BC02 DA2A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20210331/6f549497/attachment.sig>
More information about the freebsd-ports
mailing list