Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:77703
Return-Path: <pierre@archlinux.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 1910 invoked from network); 29 Sep 2014 16:35:55 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 29 Sep 2014 16:35:55 -0000
Authentication-Results: pb1.pair.com header.from=pierre@archlinux.de; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=pierre@archlinux.de; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain archlinux.de designates 144.76.107.12 as permitted sender)
X-PHP-List-Original-Sender: pierre@archlinux.de
X-Host-Fingerprint: 144.76.107.12 allison.archlinux.de  
Received: from [144.76.107.12] ([144.76.107.12:36572] helo=allison.archlinux.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id E3/52-18131-96A89245 for <internals@lists.php.net>; Mon, 29 Sep 2014 12:35:54 -0400
Received: from allison.archlinux.de (allison.archlinux.de [IPv6:2a01:4f8:192:520b::2])
	by allison.archlinux.de (Postfix) with ESMTPSA id 1AA6360455
	for <internals@lists.php.net>; Mon, 29 Sep 2014 18:35:50 +0200 (CEST)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
Date: Mon, 29 Sep 2014 18:35:50 +0200
To: internals@lists.php.net
Organization: Arch Linux
In-Reply-To: <1412003052.13103.30.camel@kuechenschabe>
References: <0cb6f4a2d771155c6cad865f945e98e6@archlinux.de>
 <m34g2apbuvh79jed2jqbojq2ru3fjlpn49@4ax.com>
 <CAMUwpuQSHsbtuUGouk9rYWoNPp2wU5ktH9Dbg+q_HY5yLSDEPw@mail.gmail.com>
 <h4fi2ap2n5r3lbvb59oldibatouaov8731@4ax.com>
 <46ABAB22-F304-4BC3-A3AE-02DE462565D2@lerdorf.com>
 <1412003052.13103.30.camel@kuechenschabe>
Message-ID: <de33d80f16d5777b8883f3ca72dfa653@archlinux.de>
X-Sender: pierre@archlinux.de
User-Agent: Roundcube Webmail/1.0.2
Subject: Re: [PHP-DEV] Re: What happened to the 5.6.1
 =?UTF-8?Q?release=3F?=
From: pierre@archlinux.de (Pierre Schmitz)

Am 29.09.2014 17:04, schrieb Johannes Schlüter:
> On Mon, 2014-09-29 at 06:35 -0700, Rasmus Lerdorf wrote:
>> >> Actually, some php.net machines have been compromised and prevent us
>> >> from releasing 5.6.1.
> [...]
> Q: Is the git repo affected?
> A: No. The infected box is a different one. git's cryptographic commit
> identifiers and distributed antature along with out automatic mirroring
> to github serve as further mitigation for potential issues.

This sounds like it wont be that bad of an idea to build directly from a 
git tag if you know how. Together with signed tags this should be more 
trustworthy imho. I don't see a huge downside here.

I wonder if one could replace that release server with a simple vagrant 
setup or similar so the RM can actually create release archives on his 
own.

Greetings,

Pierre

-- 
Pierre Schmitz, https://pierre-schmitz.com