Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:77702
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 161 invoked from network); 29 Sep 2014 16:27:43 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 29 Sep 2014 16:27:43 -0000
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.173 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.160.173 mail-yk0-f173.google.com  
Received: from [209.85.160.173] ([209.85.160.173:39341] helo=mail-yk0-f173.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 64/F1-18131-E7889245 for <internals@lists.php.net>; Mon, 29 Sep 2014 12:27:42 -0400
Received: by mail-yk0-f173.google.com with SMTP id 200so714966ykr.4
        for <internals@lists.php.net>; Mon, 29 Sep 2014 09:27:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type:content-transfer-encoding;
        bh=8itl5bTJ5lxmuClWqT+rBnHIqe3e9iCxARVoDZmUj5Y=;
        b=eWWgRfMvREnUm2rbdrrYVz2Ge071w1Q7/pB22UO0zEqv4NNWOQoLRC+nhkMTgMFOmI
         aq649eWGSVQFU30US22iHn9Br9+jbd2Pb6O5BAvLOluyVwV2Uti6ClbbfMGRr5ymo/9r
         Dx+ZsbQelZ2+GsNEhSaDyXyGRB8f2kwhXTyQTaZ5Tf4t6z4T2MtrPE/mDO7F7+x+PhDB
         dEq2BxY6W5iRjg8+4Ni3HBhSkeHUI8fIonuJ/riNuOYznnRClIHGWySZ7Q68cjcLcrw/
         tX2wby9TR65LBw6/8gBRtd/8VWChUKCYODOzdlpUVlB4HPy6svJ+XUlSx1hAwA72fFc6
         1y5w==
MIME-Version: 1.0
X-Received: by 10.236.126.52 with SMTP id a40mr544671yhi.193.1412008058820;
 Mon, 29 Sep 2014 09:27:38 -0700 (PDT)
Received: by 10.170.68.134 with HTTP; Mon, 29 Sep 2014 09:27:38 -0700 (PDT)
In-Reply-To: <7e60be9478cf4d5dbbcf82c213d5a039@BN1PR03MB139.namprd03.prod.outlook.com>
References: <0cb6f4a2d771155c6cad865f945e98e6@archlinux.de>
	<m34g2apbuvh79jed2jqbojq2ru3fjlpn49@4ax.com>
	<CAMUwpuQSHsbtuUGouk9rYWoNPp2wU5ktH9Dbg+q_HY5yLSDEPw@mail.gmail.com>
	<h4fi2ap2n5r3lbvb59oldibatouaov8731@4ax.com>
	<46ABAB22-F304-4BC3-A3AE-02DE462565D2@lerdorf.com>
	<1412003052.13103.30.camel@kuechenschabe>
	<7e60be9478cf4d5dbbcf82c213d5a039@BN1PR03MB139.namprd03.prod.outlook.com>
Date: Mon, 29 Sep 2014 18:27:38 +0200
Message-ID: <CAEZPtU5EK-7nm7XZsFsErox4fB4GUUE71J2frHGsUQRnMjuYmw@mail.gmail.com>
To: Stephen Zarkos <Stephen.Zarkos@microsoft.com>
Cc: =?UTF-8?Q?Johannes_Schl=C3=BCter?= <johannes@schlueters.de>, 
	Rasmus Lerdorf <rasmus@lerdorf.com>, Jan Ehrhardt <phpdev@ehrhardt.nl>, 
	"internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] Re: What happened to the 5.6.1 release?
From: pierre.php@gmail.com (Pierre Joye)

On Mon, Sep 29, 2014 at 5:57 PM, Stephen Zarkos
<Stephen.Zarkos@microsoft.com> wrote:
> Hi,
>
>
>> -----Original Message-----
>> From: Johannes Schl=C3=BCter [mailto:johannes@schlueters.de]
>>
>> On Mon, 2014-09-29 at 06:35 -0700, Rasmus Lerdorf wrote:
>> > >> Actually, some php.net machines have been compromised and prevent
>> > >> us from releasing 5.6.1.
>> [...]
>> > All the source and binary releases along with git is safe.
>>
>> To be more precise: The machine used to package up the releases show
>> some traces of an infection. recent releases are being reviewed and show=
 no
>> traces of anything being injected there, still we are not comfortable wi=
th
>> using the box to build new tarballs ;)
>>
>> Short FAQ:
>>
>> Q: Is the git repo affected?
>> A: No. The infected box is a different one. git's cryptographic commit
>> identifiers and distributed antature along with out automatic mirroring =
to
>> github serve as further mitigation for potential issues.
>>
>> Q: Are downloads from php.net/downloads affected?
>> A: The attack would happen during creating the release tarballs. Recent
>> releases are being reviewed and show no traces of modifications.
>>
>> Q: Are downloads from windows.php.net affected?
>> A: Windows builds are created from release tarballs. If those were infec=
ted
>> this might affect Windows, too. But no such infection could be found.
>
> The answer is No.  We always pull from git.php.net for new releases.  We =
also scan all releases before posted them.  RMs, please let me know if you'=
d like me to pull the bins on windows.php.net, or if you're not planning on=
 retagging we can just sit tight and wait for the official announcement.

yes, pull them off for now. Only to be in sync with the official
releases, thanks!


--=20
Pierre

@pierrejoye | http://www.libgd.org