"Yesterday (2021-03-28) two malicious commits were pushed to the php-src repo"

In related news, PHP switches to hosting their repositories on GitHub.

news-web.php.net/php.internals

@fribbledom I mean as long as I dont need a github account to participate thats ok.
I'm honestly concerned about that monoculture on github.

@fabiscafe
I'm sure you'd need a GitHub account if you'd want to contribute. But then again, you would have needed to be part of the PHP team before as well
@fribbledom

@sexybiggetje @fribbledom
Having a dependency on one proprietary service provider always enslaves you to the rules of this ones system. That shouldnt be a thing for opensource software.

For example if some country now decides to block US services, you will not be able to contribute to PHP anymore, merely because they depend only on github instead of an independent, self hosted service.

@fabiscafe
I'm pretty sure that git itself is decentralised by it's nature. One could just make a copy on another service and push to it. Just the management for releases is centralised. I don't see much of a problem at the moment. Note the word much in there
@fribbledom

Follow

@sexybiggetje @fribbledom
Sure. It's not about git, git is great. But lets say I could clone it and push my changes to my private gitlab instance. How will they go upstream without github account, maybe even under consideration of the worst scenario where github is blocked by my country?

Β· Β· 1 Β· 0 Β· 0

@fabiscafe
I understand. That's not possible. But I don't see much problems in that when offsetted to the point of maintenance/upkeep they have to do.

You provide a valid problem, but the same could happen to for instance hosted gitlab. Hosting over multiple vendors is an admin nightmare as well. So the only way is to self host. Which could ofcourse also be blocked.

Short summary: I don't think there is a perfect solution that satifies all problems.
@fribbledom

Sign in to participate in the conversation
Mastodon 🐘

Discover & explore Mastodon with no ads and no surveillance. Publish anything you want on Mastodon: links, pictures, text, audio & video.

All on a platform that is community-owned and ad-free.
Hosted by Stuxhost.