PHP internals contributor Sara Golemon answers questions from a panel of php[architect] and PHP Ugly contributors about the recent git compromise that affected the PHP project and what they’re doing about it. You can also watch a video of the roundtable with Sara.
More on This
From Rasmus Lerdorf:
It wasn't, but we caught it quickly and we have moved to https://t.co/zJeXPbbmEy requiring 2FA and signed commits. There are a lot of eyeballs on every PHP commit so it is really really hard to sneak something in like this.
— Rasmus Lerdorf (@rasmus) March 29, 2021
From Enrico Zimuel:
I just wrote an article about the recent #PHP Git server attack: https://t.co/m1YX2Uz7oA
— Enrico Zimuel (@ezimuel) March 30, 2021