[prev in list] [next in list] [prev in thread] [next in thread]
List: php-internals
Subject: Re: [PHP-DEV] Re: What happened to the 5.6.1 =?UTF-8?Q?release=3F?=
From: Pierre Schmitz <pierre () archlinux ! de>
Date: 2014-09-29 16:35:50
Message-ID: de33d80f16d5777b8883f3ca72dfa653 () archlinux ! de
[Download RAW message or body]
Am 29.09.2014 17:04, schrieb Johannes Schlüter:
> On Mon, 2014-09-29 at 06:35 -0700, Rasmus Lerdorf wrote:
>> >> Actually, some php.net machines have been compromised and prevent us
>> >> from releasing 5.6.1.
> [...]
> Q: Is the git repo affected?
> A: No. The infected box is a different one. git's cryptographic commit
> identifiers and distributed antature along with out automatic mirroring
> to github serve as further mitigation for potential issues.
This sounds like it wont be that bad of an idea to build directly from a
git tag if you know how. Together with signed tags this should be more
trustworthy imho. I don't see a huge downside here.
I wonder if one could replace that release server with a simple vagrant
setup or similar so the RM can actually create release archives on his
own.
Greetings,
Pierre
--
Pierre Schmitz, https://pierre-schmitz.com
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic