Newsgroups: php.doc,php.internals Path: news.php.net Xref: news.php.net php.doc:969387873 php.internals:113847 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 27595 invoked from network); 29 Mar 2021 07:55:03 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 29 Mar 2021 07:55:03 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 83C661804E3; Mon, 29 Mar 2021 00:52:01 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS; Mon, 29 Mar 2021 00:51:57 -0700 (PDT) Received: by mail-ej1-f53.google.com with SMTP id r12so17936013ejr.5; Mon, 29 Mar 2021 00:51:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EXwX+T2oi5vchLIrDLdzCC4SV/tAn6kjiMPQjfUIIOU=; b=cmtXm/oJ5/dNDlDlB/a0/CkcRFtIGezjBlGtIQKTtZI0M6g3QYrcZ1AMYw69b1oIO1 vKjsOEKdsCLJpl5QBHQMf6csv7K7YYVD3tp+ooGfC+kVqIA9/QGHsnYGtc4DDqRQVjjs Y6dB8RJVJBp+7P7t3/PAgzv8lgaoIpUfH6pYepeMNe6IU3UKJS+h9Uje3jCOmrDj3unl x8LUFgSmwc9++n+amkh4PnyRELWaJQZIVu64oqg7VW5KGJUoyda4my7iOQshZEUY9Lnc 8vL5HgGxADADaplx7lbdl4qFDBC0MaPydalc1JpkTAr8rT8KOUPlsTBBgUMu+5ppMJkC eoAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EXwX+T2oi5vchLIrDLdzCC4SV/tAn6kjiMPQjfUIIOU=; b=Db2jVvIkzJcjggJU6Vy6FqguYSDXvxEfFMxx0BiE/YSwQD76j1ljUiE9FwZAZlM+yY MubLZ6YScePlocECo1dOaSBTmLKrlZRMLSW6lyb1vCrR8K+rdIXlJObSbVeZ2Ku8LtMp e2ODyUS0+TAr08CbqVy6NlZtQ9MTnv2U6IPOdhrSmPsMh5o2dgQ5fNS7eYf/WWqvjHpd XS2wbElO19vpGe18vSOt+wyjr8fpZeTCOOfscWoBjzBezRDaXNj+aRiwuh/MQweU4TGR Bapdwub34X1ScMlNXx2+dPVwKt622ieMbvlCMe+HBIdTDva2yB8DHSZQ2sGXOm3dCXFl tfBg== X-Gm-Message-State: AOAM533x5bljXkz6FQV/mp8EmTwX5drfT2ZxSkSpEEWaRiBmg4AVJ4ve lGcK6L0SmMCKi2oVFKy21Kl+rVjweuWqKsRezFn7AAnK X-Google-Smtp-Source: ABdhPJwsFah5JD1Xdrz47QSYsaIhuAPv+9uI4rqrCR1V7S/DPp3+Au38jHAoE8As3unbozJDW3kK9PCa1TuF1fNcRgE= X-Received: by 2002:a17:906:9bdb:: with SMTP id de27mr27622751ejc.459.1617004316901; Mon, 29 Mar 2021 00:51:56 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Mon, 29 Mar 2021 08:51:50 +0100 Message-ID: To: Rasmus Lerdorf Cc: Sara Golemon , Nikita Popov , PHP Doc Mailing List , PHP internals , Paul Crovella Content-Type: multipart/alternative; boundary="000000000000e8c6c905bea82717" Subject: Re: [PHP-DEV] Changes to Git commit workflow From: dragoonis@gmail.com (Paul Dragoonis) --000000000000e8c6c905bea82717 Content-Type: text/plain; charset="UTF-8" On Mon, 29 Mar 2021, 02:30 Rasmus Lerdorf, wrote: > On Sun, Mar 28, 2021 at 17:15 Sara Golemon wrote: > > > On Sun, Mar 28, 2021 at 6:57 PM Paul Crovella > > wrote: > > > >> You might consider requiring commits be signed while you're at it. > >> > >> > > I suggested this as well, and even if we don't require it, we should > > STRONGLY encourage it. > > > > I've been signing my commits for several years now, it's not even that > > hard. > > > I think for php-src commits we can require it. For doc and other repos we > can make it optional for now until people are more comfortable with it. > Hey Rasmus, This is a good compromise. However, if you leave phpweb repo without signed commits then we're at risk from XSS or similar attacks still, and the surface area is really big because literally everyone is accessing the site. Many thanks, Paul > -Rasmus > --000000000000e8c6c905bea82717--