PHP 的 Git Server 被打穿,決定把整個 Git 系統搬到 GitHub 上
source link: https://blog.gslin.org/archives/2021/03/29/10094/php-%e7%9a%84-git-server-%e8%a2%ab%e6%89%93%e7%a9%bf%ef%bc%8c%e6%b1%ba%e5%ae%9a%e6%8a%8a%e6%95%b4%e5%80%8b-git-%e7%b3%bb%e7%b5%b1%e6%90%ac%e5%88%b0-github-%e4%b8%8a/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
PHP 的 Git Server 被打穿,決定把整個 Git 系統搬到 GitHub 上
就如同標題說的:「Changes to Git commit workflow」,Hacker News 上的討論也可以看一下:「PHP's Git server compromised, moving to GitHub (php.net)」。
Yesterday (2021-03-28) two malicious commits were pushed to the php-src repo [1] from the names of Rasmus Lerdorf and myself. We don't yet know how exactly this happened, but everything points towards a compromise of the git.php.net server (rather than a compromise of an individual git account).
While investigation is still underway, we have decided that maintaining our
own git infrastructure is an unnecessary security risk, and that we will
discontinue the git.php.net server. Instead, the repositories on GitHub,
which were previously only mirrors, will become canonical. This means that
changes should be pushed directly to GitHub rather than to git.php.net.
不知道發生什麼事情,要等事後的報告出來...
Related
GitHub 重新定位 Redis 的功能...
GitHub Engineering 說明了他們為什麼改變 Redis 的使用情境:「Moving persistent data out of Redis」。 在 GitHub 裡面,Redis 有兩種不同的情境,一種叫做 transient Redis,只用做 cache: We used it as an LRU cache to conveniently store the results of expensive computations over data originally persisted in Git repositories or MySQL. We call this transient Redis. 另外一種則是打開 persistence 功能,叫做 persistent…
January 12, 2017In "Computer"
Percona 將自家產品程式碼也放一份到 GitHub 上...
前幾天提到 Percona 把 Oracle MySQL tree 放一份到 GitHub 上:「Percona 提供的 MySQL Git Mirror...」。 現在 Percona 自家產品的程式碼也放上去了:「Experimental GIT Mirrors of Percona XtraBackup, Percona Server plus Oracle MySQL trees」。 包含了: Percona Server Percona XtraBackup Percona Playback 目前開發都還是在 Launchpad 上,這邊只是 mirror...
September 29, 2013In "Computer"
GitHub 保護自家的 OAuth Access Token 不會進入 GitHub 上公開的 Repository
GitHub 的公告:「Keeping GitHub OAuth Tokens Safe」。 當你不小心把 GitHub 的 OAuth Access Token 推到 GitHub 的 public repository 時,站方會自動 revoke 掉: Starting today you can commit more confidently, knowing that we will email you if you push one of your OAuth Access Tokens to any public repository with a git push…
February 6, 2015In "Computer"
Author Gea-Suan LinPosted on March 29, 2021Categories Computer, Murmuring, Network, Programming, Security, ServiceTags code, commit, git, github, php, security, server, source Leave a Reply Cancel reply
Your email address will not be published. Required fields are marked *
Comment
Name *
Email *
Website
Notify me of follow-up comments by email.
Notify me of new posts by email.
Post navigation
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK