* @lbutlr <krem...@kreme.com> [20210331 08:03]: > On 31 Mar 2021, at 07:58, Felix Palmen <fe...@palmen-it.de> wrote: > > I'd say the lesson is keep your systems updated and pay attention to > > keep your credentials safe/secret. I don't see how Github would > > prevent such an incident any better. > > That is making an assumption that the people running the php git > server were incompetent,
Also note this isn't assumed at all.
"Incompetence", that could mean several things, e.g.:
* A committer somehow "leaking" their credentials
* A configuration error on the server
Then, it could be the case the server just wasn't maintained well
enough, which is typically more an issue of time / man power than of
incompetence. The move to Github somehow suggests that the people in
charge might suspect something like this.
And finally, they could also be the victim of some 0day. But then,
moving to Github would hardly reduce the risk.
So, is there any other scenario you have in mind?
--
Dipl.-Inform. Felix Palmen <fe...@palmen-it.de> ,.//..........
{web} http://palmen-it.de {jabber} [see email] ,//palmen-it.de
{pgp public key} http://palmen-it.de/pub.txt // """""""""""
{pgp fingerprint} A891 3D55 5F2E 3A74 3965 B997 3EF2 8B0A BC02 DA2A
signature.asc
Description: PGP signature
