Newsgroups: php.doc,php.internals Path: news.php.net Xref: news.php.net php.doc:969387882 php.internals:113925 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 4504 invoked from network); 1 Apr 2021 20:19:18 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 1 Apr 2021 20:19:18 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 987A6180505 for ; Thu, 1 Apr 2021 13:17:08 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05,FROM_EXCESS_BASE64, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS, UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from smtpbgsg2.qq.com (smtpbgsg2.qq.com [54.254.200.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 1 Apr 2021 13:17:07 -0700 (PDT) X-QQ-mid:Yeas3t1617308218t132t28011 Received: from 08355B1394674FDAAD07A274D17563B1 (me@jhdxr.com [116.14.113.108]) X-QQ-SSF:00100000000000F0FG1000000000000 To: "'Nikita Popov'" , "'PHP internals'" , "'PHP Doc Mailing List'" References: In-Reply-To: Date: Fri, 2 Apr 2021 04:16:58 +0800 Message-ID: <2a7501d72733$f7eb7e60$e7c27b20$@jhdxr.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 16.0 Content-Language: en-us Thread-Index: AQGnu0ykSYaw86KE3S7Dya9eai9WIqr+71aA X-QQ-SENDSIZE: 520 Feedback-ID: Yeas:jhdxr.com:qybgforeign:qybgforeign6 X-QQ-Bgrelay: 1 Subject: RE: [PHP-DEV] Changes to Git commit workflow From: me@jhdxr.com (=?utf-8?b?Q0hVIFpoYW93ZWk=?=) Hi Nikita, Can I check with you if the hook integrating with bugs.php.net still = works? I just committed a bug fix on doc-zh repo, and the bug report has = been updated. Thanks. Regards, CHU Zhaowei -----Original Message----- From: Nikita Popov =20 Sent: Monday, March 29, 2021 6:52 AM To: PHP internals ; PHP Doc Mailing List = Subject: [PHP-DEV] Changes to Git commit workflow Hi everyone, Yesterday (2021-03-28) two malicious commits were pushed to the php-src = repo [1] from the names of Rasmus Lerdorf and myself. We don't yet know = how exactly this happened, but everything points towards a compromise of = the git.php.net server (rather than a compromise of an individual git = account). While investigation is still underway, we have decided that maintaining = our own git infrastructure is an unnecessary security risk, and that we = will discontinue the git.php.net server. Instead, the repositories on = GitHub, which were previously only mirrors, will become canonical. This = means that changes should be pushed directly to GitHub rather than to = git.php.net. While previously write access to repositories was handled through our = home-grown karma system, you will now need to be part of the php = organization on GitHub. If you are not part of the organization yet, or = don't have access to a repository you should have access to, contact me = at nikic@php.net with your php.net and GitHub account names, as well as = the permissions you're currently missing. Membership in the organization = requires 2FA to be enabled. This change also means that it is now possible to merge pull requests = directly from the GitHub web interface. We're reviewing the repositories for any corruption beyond the two = referenced commits. Please contact security@php.net if you notice = anything. Regards, Nikita [1]: https://github.com/php/php-src/commit/c730aa26bd52829a49f2ad284b181b7e82a= 68d7d and https://github.com/php/php-src/commit/2b0f239b211c7544ebc7a4cd2c977a5b7a1= 1ed8a