On Thu, Jul 11, 2024, at 6:54 AM, Derick Rethans wrote: > On Wed, 10 Jul 2024, Roman Pronskiy wrote: > >> 3. Deployment Process >> Recently, there was an incident with a code block pushed to the >> website accidentally: https://github.com/php/web-php/pull/1021. It was >> promptly reverted, but the case highlighted a potential security risk: > > It wasn't an *accident* that I pushed it. Only people with commit access > to php-web can push things, and that isn't a large list of people. > > It is the RMs: https://github.com/orgs/php/teams/release-managers > and web-team: https://github.com/orgs/php/teams/web-team > > Each has 13 members, but there are some overlaps.
These aren't public. The only public info appears to be the members of the PHP organization on GitHub, and I think something needs to be done to make the teams and roles (owner, moderator, etc) public information. This could probably be scripted and automated because it looks like it's not just a matter of flipping a switch somewhere on the GitHub side. Jim
