Lessons from the PHP git repo "hack"
Amarendra Godbole
amarendra.godbole at gmail.com
Wed Mar 31 23:58:24 UTC 2021
On Wed, Mar 31, 2021 at 3:14 PM @lbutlr <kremels at kreme.com> wrote:
>
> On 31 Mar 2021, at 12:02, Jose Quinteiro <freebsd at quinteiro.org> wrote:
> > I've found passwords checked into public Github repos more than once. I
> > don't equate Github with security.
>
> Have you also found the code necessary to replicate a 2FA token checked in to a GitHub repo?
[...]
The "official" statement [1] points to a compromise of git.php.net
server than any individual account. Potentially poorly maintained
infra. They may have simply moved to github to delegate this
responsibility of maintaining the infra to github, and potentially
simplify access control decisions.
Thanks.
-ag
[1] https://news-web.php.net/php.internals/113838
More information about the freebsd-ports
mailing list