On Mon, 29 Mar 2021, 08:51 Paul Dragoonis, <dragoo...@gmail.com> wrote:
> > > On Mon, 29 Mar 2021, 02:30 Rasmus Lerdorf, <ras...@lerdorf.com> wrote: > >> On Sun, Mar 28, 2021 at 17:15 Sara Golemon <poll...@php.net> wrote: >> >> > On Sun, Mar 28, 2021 at 6:57 PM Paul Crovella <paul.crove...@gmail.com> >> > wrote: >> > >> >> You might consider requiring commits be signed while you're at it. >> >> >> >> >> > I suggested this as well, and even if we don't require it, we should >> > STRONGLY encourage it. >> > >> > I've been signing my commits for several years now, it's not even that >> > hard. >> > >> I think for php-src commits we can require it. For doc and other repos we >> can make it optional for now until people are more comfortable with it. >> > > Hey Rasmus, > > This is a good compromise. > > However, if you leave phpweb repo without signed commits then we're at > risk from XSS or similar attacks still, and the surface area is really big > because literally everyone is accessing the site. > > Many thanks, > Paul > I also wanted to say; back when I was rebuilding our website a few years ago, when you pushed to master it would automatically deploy this to the live site. If we are compromised and we still automatically roll out to production, this would make it really easy for someone. Can someone check how we currently do this, and maybe we should reconsider auto production deploys, even if its temporary, to be on the safe side. > > > >> -Rasmus >> >
