Date: Wed, 31 Mar 2021 08:03:09 -0600 From: "@lbutlr" <kremels@kreme.com> To: FreeBSD <freebsd-ports@freebsd.org> Subject: Re: Lessons from the PHP git repo "hack" Message-ID: <1035BFA8-667D-45CD-9066-848351F648EF@kreme.com> In-Reply-To: <20210331135819.rzy3weyxunobnne6@nexus.home.palmen-it.de> References: <6314D726-F55D-4374-AB63-B17B7B3E4D14@kreme.com> <20210331135819.rzy3weyxunobnne6@nexus.home.palmen-it.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 31 Mar 2021, at 07:58, Felix Palmen <felix@palmen-it.de> wrote: > * @lbutlr <kremels@kreme.com> [20210331 07:47]: >> Which brings me to the reason for this post, as it seems that the >> ports collection of FreeBSD 13.x will be in the same position, = running >> a private git server network and using GitHub as a mirror and I = wonder >> if some lessons from php's experience with this should be considered >> for this setup before it's implemented. >=20 > Apart from the fact there's only one ports tree=E2=80=A6 How does that make any difference? If someone gains access to the repo = and makes changes everyone gets this changes. > I'd say the lesson is keep your systems updated and pay attention to > keep your credentials safe/secret. I don't see how Github would = prevent > such an incident any better. That is making an assumption that the people running the php git server = were incompetent, which is not something I am willing to do at this = point. --=20 But I been sane a long while now, and change is good.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1035BFA8-667D-45CD-9066-848351F648EF>