Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:124397 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id 6C6AB1A00B7 for ; Thu, 11 Jul 2024 17:57:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1720720744; bh=hEwApxJ8mz+0AM2EzfQ32RNgn9QraJhlDkXezICjQHw=; h=Date:Subject:To:References:From:In-Reply-To:From; b=ZVvZW2B9hfzCONEyoDlU1dqMhak1yRihmPYW2Xe7XeWcW3WTfmHlG/bFUFLx1yA0w lCo1i6uuIZ+gH+iBB89ALSPtg7X8yHxtL5PmFkXBtiM52yKKTp1VbQ28404ZXAon3b 1d5ZniNHputFZgNI1LGjf26FL1p1hZMu+eQFJvSG7gAwxYppkxqWkrnvgnDbQqwtBC cpBdq4HzIVdGFk+McQoMOryoWHy5soxvlezQ0EXUPBHzBHDAus3i9sjEL1yKfxUIeG gkA4la4xfCEEWnWCjRRoa7BUgy2AOyV1TAf8TF+uGEqAzTt9dyVqGuCo6jeNz07eao aApnnXG58JfdA== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 0567A180573 for ; Thu, 11 Jul 2024 17:59:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 11 Jul 2024 17:59:03 +0000 (UTC) Received: by mail-wr1-f47.google.com with SMTP id ffacd0b85a97d-367a23462e6so739876f8f.3 for ; Thu, 11 Jul 2024 10:57:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1720720656; x=1721325456; darn=lists.php.net; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=iH1Eaugy/Rn4Y/Bvc+v+u8kvRyKMKpBMpNhXIseBtHQ=; b=LAJDxdej5bQGjNb7Kb9rrTrnzrwOwXVqSArbTMkQy0SJJS3IED32FPPtS3R1ma2+Y9 SQ0t7wVgrd8jf5K/5eihYcMjq4V2Kmvpj+O0MWk3LuaqJU9lDAVexg2JhPT9He+JsiYq Zf1EFq+N23qVLfa0JNQM+JIzTCQmN4KHSlsGSnfUoDkn5vcSFyiqaXBKV3F6zbhtNqSt +w/VGzAUfyPzrSbYgJ823HZaaMdS90uGvTyCbxcdygbmeXmhe9AIqM8pQbQ6LCxVtoez Jhi748zBdTQlLitmePtHfxbRCnClIaAwm3jryreYT0CUgiYPbq6/691NOTq8lTuJRnF2 HLyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720720656; x=1721325456; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=iH1Eaugy/Rn4Y/Bvc+v+u8kvRyKMKpBMpNhXIseBtHQ=; b=b07cUnBn2Fqkg4ttMytwCyw2VRoG2knELyOVtvqFF+hH9m20eGynusTa2p/gIWqtWs KOPANkqSsV4hBvQLEV5t3bGGTIzUtBdvXkd9UYTDDsqz5GsMGpouC5d75/9y83i5szOD 5U3LnluDjUYqR5XW/V9gZrxS+lMQab3hSqTxL6zvF5t3THFJabob1J5vz7J5oivTBO7I ye94/lQnzC7mNFM872axe2hVXH4xIIXkH6yTuYShHtihRUckVQWh7vH8QC9p9AQVCD9c C8grLImIyjgB9bkrkcMitwx2gDLy4C9CWrg9KRfwuoPrBLPkIHg2OnZM6vV2SAezEeIb 1m4A== X-Gm-Message-State: AOJu0YzLKt3gU23JtGapLGUdwpyp1SGVJT/TrYRn9uzMQyjKVloOG3SS HBCy1IrBc2pcDAiDkKinCQ5nCvu9BYQMgYRjP9Kj6jRRHJddXBogTNIRBQ== X-Google-Smtp-Source: AGHT+IG8cbSh+2KWptfi2+VxrPDfZBX3/PZBo7+XBg1VAI0ICKxOFvn/vYxxdckFDGYUEAVz+6ryqw== X-Received: by 2002:a05:6000:4025:b0:367:99d8:70 with SMTP id ffacd0b85a97d-367ceadd3b0mr8244185f8f.61.1720720655769; Thu, 11 Jul 2024 10:57:35 -0700 (PDT) Received: from [192.168.0.104] (178-117-134-240.access.telenet.be. [178.117.134.240]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-367cdfa07b9sm8279126f8f.74.2024.07.11.10.57.35 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 11 Jul 2024 10:57:35 -0700 (PDT) Message-ID: <6ba9055f-6036-4025-8379-15de9aa435c2@gmail.com> Date: Thu, 11 Jul 2024 19:56:22 +0200 Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PHP-DEV] Website php.net updates and coordination To: internals@lists.php.net References: <3054c75d-c08a-cd85-0749-c5dc6f39a1e5@php.net> <5c86a265-5670-4481-a727-5ada4284cd42@app.fastmail.com> Content-Language: en-US In-Reply-To: <5c86a265-5670-4481-a727-5ada4284cd42@app.fastmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit From: dossche.niels@gmail.com (Niels Dossche) On 11/07/2024 18:38, Jim Winstead wrote: > On Thu, Jul 11, 2024, at 6:54 AM, Derick Rethans wrote: >> On Wed, 10 Jul 2024, Roman Pronskiy wrote: >> >>> 3. Deployment Process >>> Recently, there was an incident with a code block pushed to the >>> website accidentally: https://github.com/php/web-php/pull/1021. It was >>> promptly reverted, but the case highlighted a potential security risk: >> >> It wasn't an *accident* that I pushed it. Only people with commit access >> to php-web can push things, and that isn't a large list of people. >> >> It is the RMs: https://github.com/orgs/php/teams/release-managers >> and web-team: https://github.com/orgs/php/teams/web-team >> >> Each has 13 members, but there are some overlaps. > > These aren't public. The only public info appears to be the members of the PHP organization on GitHub, and I think something needs to be done to make the teams and roles (owner, moderator, etc) public information. This could probably be scripted and automated because it looks like it's not just a matter of flipping a switch somewhere on the GitHub side. > > Jim Note that even the members aren't public information. GitHub allows you, as a user, to hide to which organizations you belong.