Re: [PHP-DEV] CVS Account Request From: Rasmus Lerdorf (rasmus <email protected>)
Date: 11/15/00

Like every other cvs commit, a commit to the phpweb tree is monitored by
dozens of people. Something as blatant as what you describe would never
go through. There are people in all timezones on these lists. There is
also a delay between a cvs commit and the actual site updating.

Regardless, I am in favour of trying to ACL's to separate things a bit.

-Rasmus

On Thu, 16 Nov 2000, [ISO-8859-1] André Langhorst wrote:

> > Security (and safety) are relative terms, they're never absolute.
>
> anyway, an improvment over the current situation will be to limit "web"
> cvs access to as few people as possible to avoid beeing "hacked" and
> slashdotted afterwards, eg.
> "surprisingly php releases a new verison - PHP 5 (3xt3nD4d) - featuring
> warez, porn and building bombs"
> guessing a private "hacker" does it would not generate any positive
> effect for PHP I think :)
>
> Remembering, 2 month ago, I was *really* surprised when Rasmus told me
> to make changes to the php website myself, sure - I've had CVS access
> and sure "phpweb" is in the CVS list, but I wouldn't have thought to
> have access to the site itself, ok. - perhaps he knew I would not do any
> harm, but anyone with CVS access could have tried if access is possible
> editing the "links" section and then shut down the whole site while
> rasmus is sleeping replacing it with anything else...
>
> this should be done as fast as possibe (guessing the enemy is listening ;) )
>
>
> andré
> 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>