Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:124393 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id 9339C1A00B7 for ; Thu, 11 Jul 2024 16:38:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1720716015; bh=TzAwkVal7urypB/vIWtJmLoI02hstxdV2lIrvkJXHro=; h=In-Reply-To:References:Date:From:To:Cc:Subject:From; b=EBTOGA64lEo2nL1IaMZ5pws7g34j+mhsYxQE3YXrcXZezjByFqNnikXjITVRdqP0e bFD1CqcDUn9CNPJXy+iW023HHJdjjWKKQcCsaKMBmofG//y/+NRkczCS29ggSbbXTS VGE/YyvKhmsekZCUVySbqRFdkvRe5NbCLfOewEAR5hdtCVjY3fpe31zTIjzeVMl+p+ 6CxUxtcYfuvF8UHHVGGerz+O2sufTIjgWY4O5t5Y3ZjwguS4SM6tjBSEPI0FYsRQ4+ MTZBLwic63Mnc8nyyoBHmDTySHq9KPKilwzWmLKxvIiR9/VBib5tgES91t55gCEoUT u8MJgpzWJlUzw== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 1AFC31801DE for ; Thu, 11 Jul 2024 16:40:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,RCVD_IN_DNSWL_LOW, SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from fout8-smtp.messagingengine.com (fout8-smtp.messagingengine.com [103.168.172.151]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 11 Jul 2024 16:40:14 +0000 (UTC) Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailfout.nyi.internal (Postfix) with ESMTP id 874A21380F9B; Thu, 11 Jul 2024 12:38:47 -0400 (EDT) Received: from imap47 ([10.202.2.97]) by compute7.internal (MEProxy); Thu, 11 Jul 2024 12:38:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= trainedmonkey.com; h=cc:cc:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1720715927; x=1720802327; bh=xP0V1SkFKkXNAt5dVMpQXXcrTjUIaCkUM3wytygEIZg=; b= kKQCNDJ1Qw8c1AR77bBESMVG6rzgiWtbOQBmq1ngQ43Yi1Ha0YgaKBISQAha0+9n S5q64K0NzNGqC+aLnZvQ/hyf7uTPNX+KA2istqWytIoy/tjkAckW7GMnHM78SGHk YHqM2YfsBgnnrpBwMjGPjwi/CbepBkJX8TMYKh6EHw/ustfGBWKbq3Z76/wKlaLG fvvxPNtY3NXw7Jf0gT3XGckpniPjPY2i1G70wFxbNHgbUmyFEjO1bC+CPzjKAdhX DVieCJ1D2ZDpb41O6kDsk36zuGiiIB0VKptrlomxdUrHpp07sbao1Ifi9lrd6ocY /oXNTiYb35BnTl79azqxLA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1720715927; x=1720802327; bh=xP0V1SkFKkXNAt5dVMpQXXcrTjUI aCkUM3wytygEIZg=; b=PYqu461qu5e1a9QIMi0pwfUIww1iKfVQIiWNhaCDJjKE 3n1ODWLFxCimQFtvo2lGwvj66FY8MX15318DPItE2y57m5isTOU8RL/C0EFCteVM Waqqka1pYrIwK/Up/LPnfb104bQZ19qaXDYpqRsVVsCXsIQxh651fJ6QalpU//K5 QvhJhm0qwK1YUixcezOI8sffbsf4fdEU+KAOSCHcQHgLlDkhh4kSX6XYy4Vys8AI aQd3sxjndBLzTG6P9XDR2aOV347oPRcxVuKIQ7r5+f421VdeY0nHd9AlzEpYv+R+ Agp76Lmbcipy8x0ygdi2Kf9NwEjyP0KD31WcpA9NHw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrfeeggddutdefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsehttdertderredtnecuhfhrohhmpedflfhi mhcuhghinhhsthgvrggufdcuoehjihhmfiesthhrrghinhgvughmohhnkhgvhidrtghomh eqnecuggftrfgrthhtvghrnhepvefgffelieegieduleffteehjeeljeekieeutdefudef teekieefiedujeduhffhnecuffhomhgrihhnpehgihhthhhusgdrtghomhdpphhhphdrnh gvthenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehj ihhmfiesthhrrghinhgvughmohhnkhgvhidrtghomh X-ME-Proxy: Feedback-ID: ia2404087:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 38288A60079; Thu, 11 Jul 2024 12:38:46 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.11.0-alpha0-568-g843fbadbe-fm-20240701.003-g843fbadb Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net MIME-Version: 1.0 Message-ID: <5c86a265-5670-4481-a727-5ada4284cd42@app.fastmail.com> In-Reply-To: <3054c75d-c08a-cd85-0749-c5dc6f39a1e5@php.net> References: <3054c75d-c08a-cd85-0749-c5dc6f39a1e5@php.net> Date: Thu, 11 Jul 2024 09:38:25 -0700 To: "Derick Rethans" , "Roman Pronskiy" Cc: "PHP internals" Subject: Re: [PHP-DEV] Website php.net updates and coordination Content-Type: text/plain From: jimw@trainedmonkey.com ("Jim Winstead") On Thu, Jul 11, 2024, at 6:54 AM, Derick Rethans wrote: > On Wed, 10 Jul 2024, Roman Pronskiy wrote: > >> 3. Deployment Process >> Recently, there was an incident with a code block pushed to the >> website accidentally: https://github.com/php/web-php/pull/1021. It was >> promptly reverted, but the case highlighted a potential security risk: > > It wasn't an *accident* that I pushed it. Only people with commit access > to php-web can push things, and that isn't a large list of people. > > It is the RMs: https://github.com/orgs/php/teams/release-managers > and web-team: https://github.com/orgs/php/teams/web-team > > Each has 13 members, but there are some overlaps. These aren't public. The only public info appears to be the members of the PHP organization on GitHub, and I think something needs to be done to make the teams and roles (owner, moderator, etc) public information. This could probably be scripted and automated because it looks like it's not just a matter of flipping a switch somewhere on the GitHub side. Jim