Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 31 Mar 2021 16:29:11 +0200
From:      Felix Palmen <felix@palmen-it.de>
To:        freebsd-ports@freebsd.org
Subject:   Re: Lessons from the PHP git repo "hack"
Message-ID:  <20210331142911.qg4pinaiz7yy6rzy@nexus.home.palmen-it.de>
In-Reply-To: <1035BFA8-667D-45CD-9066-848351F648EF@kreme.com>
References:  <6314D726-F55D-4374-AB63-B17B7B3E4D14@kreme.com> <20210331135819.rzy3weyxunobnne6@nexus.home.palmen-it.de> <1035BFA8-667D-45CD-9066-848351F648EF@kreme.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--5zd4t35gsossiu65
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* @lbutlr <kremels@kreme.com> [20210331 08:03]:
> > Apart from the fact there's only one ports tree=E2=80=A6
>=20
> How does that make any difference? If someone gains access to the repo
> and makes changes everyone gets this changes.

Difference is that it has nothing to do with FreeBSD 13.

> > I'd say the lesson is keep your systems updated and pay attention to
> > keep your credentials safe/secret. I don't see how Github would
> > prevent such an incident any better.
>=20
> That is making an assumption that the people running the php git
> server were incompetent, which is not something I am willing to do at
> this point.

What's your alternative theory? Does it imply Github would be "more
secure", and if so, how?

--=20
 Dipl.-Inform. Felix Palmen  <felix@palmen-it.de>   ,.//..........
 {web}  http://palmen-it.de  {jabber} [see email]   ,//palmen-it.de
 {pgp public key}     http://palmen-it.de/pub.txt   //   """""""""""
 {pgp fingerprint} A891 3D55 5F2E 3A74 3965 B997 3EF2 8B0A BC02 DA2A

--5zd4t35gsossiu65
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEqJE9VV8uOnQ5ZbmXPvKLCrwC2ioFAmBkhzcACgkQPvKLCrwC
2irCAgf+IALVANFAKyASoSON1wiDFlVfUM9gS8GJuNjMuKKDI7JwLXEkJC2YF704
QTjl+4b4WI1CIxFBtQpKBwmOLZv4Y6F9dpskDdsaqiUV0w6qgWfdMFvlCVbytlx6
1wZbmKJGMg99GrOc7xbv+amwIj9dochPSOt+J7b2sEhCne3O+t/Mh11zqjkRIUsq
cBvp8L5sO7uT3QYrGdO246mlJwh+wqSbTIqivQ7473OOtzaRnXsdmQOMqDZcpfMO
vZd+1QWIJaftiDzJRSHjveHb/XqP5Du00ABLwe+l7CypTdNSr67FSuO4KrBKaMi1
a7/qPKM7dEw3jiJVOJYimvh4z0xN3g==
=WyNl
-----END PGP SIGNATURE-----

--5zd4t35gsossiu65--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210331142911.qg4pinaiz7yy6rzy>