Nikita Popov

PHP's git server was compromised (👋 GitHub)  ↦

Anyone on the inside know why they didn’t shift to GitHub years ago?

We don’t yet know how exactly this happened, but everything points towards a compromise of the server (rather than a compromise of an individual git account).

While investigation is still underway, we have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the server. Instead, the repositories on GitHub, which were previously only mirrors, will become canonical.

The memo points to the two malicious commits.


Sign in or Join to comment or subscribe

Player art
  0:00 / 0:00