Newsgroups: php.doc,php.internals Path: news.php.net Xref: news.php.net php.doc:969387883 php.internals:113926 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 7121 invoked from network); 1 Apr 2021 20:30:24 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 1 Apr 2021 20:30:24 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id A68DE18050B; Thu, 1 Apr 2021 13:28:14 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com [209.85.167.48]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS; Thu, 1 Apr 2021 13:28:13 -0700 (PDT) Received: by mail-lf1-f48.google.com with SMTP id m12so4657078lfq.10; Thu, 01 Apr 2021 13:28:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wsb+DSuF640Zk5wow1Mebe55VInPLQZuq6lisO+1lD4=; b=G0V7PHd96La9ykN8hmYgxnulriy1iCJI7AhkNtTCojP2VwT304YfhPygtdWKN5Ac9U 3f5D8Ex0irWgL2nwZbMwAJ7/hBKVqT73kqHT/SlB887wlZNcLLRUzh9Xucn1S2IpFUVs J1pzA2AsFQEfcWW6sCYjFtz6Fs3sUKREPxSba4P/gmJkE8lNjLsJ4WXcr7pkaeepaIOq ul8KmHTCKuchdyTleXjirQVzpdXetcVVRWyCoUwa9Fd00arnrLmJ81CWfLMoCYnCMhQ+ ROpj+MZKd//oWDOZwSg2miu3j+HUEoBLrCPPZrnqz96smv6HyEQr8hiDf9QIpUG2Q38e 3Z8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wsb+DSuF640Zk5wow1Mebe55VInPLQZuq6lisO+1lD4=; b=ce0V0g7EHhLc9XvUHj3D6SerAd7wc8Dpa8hj+WcwaCezIR6Qvi1puRBDGwKNNGsGVa H3Bg6loJEZEu/ILEFYv36mIi8HonxexKYi8VRw50SJmGf0JP8EvhS9Se1UaBUenefsu/ PVi+CbAF/HXYKzwxQa+i9Bo4o/5+sUlrbHBATv/cLISbbpIxafY6yqmv5Q11Wk1KuURA d9XSjZxadNlvaI1IUly8RG9HHUxyjH6iswcS9XO7XMylSrFhbY6ykB0nXStk1eHztyXl nc+vW69b2X/VUFb4bSEuvfRCM/vpIM4XNM/beIrbLN4BSv/JFfV31+7qsGQTVJKG88SX ujRA== X-Gm-Message-State: AOAM532fHVNnjiy3MVfNWPWm7ptan8mZGGnESNavLSDdgpj20lIW62ZC SVKVPUi/ODD05XKSUz2KqB5w61OJRTSogX5ixkWsShYQxXgx0A== X-Google-Smtp-Source: ABdhPJxu2vKXAfeWIP+icarc1QjBLZfyJNuHIZsNXHdf96t5nsHMLRxnu7hx2Ix5C7PUPAOhXfJX+DW4LaA4V2jsTWY= X-Received: by 2002:ac2:5df6:: with SMTP id z22mr6620460lfq.485.1617308891649; Thu, 01 Apr 2021 13:28:11 -0700 (PDT) MIME-Version: 1.0 References: <2a7501d72733$f7eb7e60$e7c27b20$@jhdxr.com> In-Reply-To: <2a7501d72733$f7eb7e60$e7c27b20$@jhdxr.com> Date: Thu, 1 Apr 2021 22:27:55 +0200 Message-ID: To: CHU Zhaowei Cc: PHP internals , PHP Doc Mailing List Content-Type: multipart/alternative; boundary="000000000000fa9b5605beef1170" Subject: Re: [PHP-DEV] Changes to Git commit workflow From: nikita.ppv@gmail.com (Nikita Popov) --000000000000fa9b5605beef1170 Content-Type: text/plain; charset="UTF-8" On Thu, Apr 1, 2021 at 10:17 PM CHU Zhaowei wrote: > Hi Nikita, > > Can I check with you if the hook integrating with bugs.php.net still > works? I just committed a bug fix on doc-zh repo, and the bug report has > been updated. Thanks. > > Regards, > CHU Zhaowei > This issue is probably fixed by https://github.com/php/web-master/commit/d0cac5411f97ec9df5995a632c20da770a77dedb . Nikita -----Original Message----- > From: Nikita Popov > Sent: Monday, March 29, 2021 6:52 AM > To: PHP internals ; PHP Doc Mailing List < > phpdoc@lists.php.net> > Subject: [PHP-DEV] Changes to Git commit workflow > > Hi everyone, > > Yesterday (2021-03-28) two malicious commits were pushed to the php-src > repo [1] from the names of Rasmus Lerdorf and myself. We don't yet know how > exactly this happened, but everything points towards a compromise of the > git.php.net server (rather than a compromise of an individual git > account). > > While investigation is still underway, we have decided that maintaining > our own git infrastructure is an unnecessary security risk, and that we > will discontinue the git.php.net server. Instead, the repositories on > GitHub, which were previously only mirrors, will become canonical. This > means that changes should be pushed directly to GitHub rather than to > git.php.net. > > While previously write access to repositories was handled through our > home-grown karma system, you will now need to be part of the php > organization on GitHub. If you are not part of the organization yet, or > don't have access to a repository you should have access to, contact me at > nikic@php.net with your php.net and GitHub account names, as well as the > permissions you're currently missing. Membership in the organization > requires 2FA to be enabled. > > This change also means that it is now possible to merge pull requests > directly from the GitHub web interface. > > We're reviewing the repositories for any corruption beyond the two > referenced commits. Please contact security@php.net if you notice > anything. > > Regards, > Nikita > > [1]: > > https://github.com/php/php-src/commit/c730aa26bd52829a49f2ad284b181b7e82a68d7d > and > > https://github.com/php/php-src/commit/2b0f239b211c7544ebc7a4cd2c977a5b7a11ed8a > > > > --000000000000fa9b5605beef1170--