On Mon, Sep 29, 2014 at 6:35 PM, Pierre Schmitz <pie...@archlinux.de> wrote: > Am 29.09.2014 17:04, schrieb Johannes Schlüter: >> >> On Mon, 2014-09-29 at 06:35 -0700, Rasmus Lerdorf wrote: >>> >>> >> Actually, some php.net machines have been compromised and prevent us >>> >> from releasing 5.6.1. >> >> [...] >> Q: Is the git repo affected? >> A: No. The infected box is a different one. git's cryptographic commit >> identifiers and distributed antature along with out automatic mirroring >> to github serve as further mitigation for potential issues. > > > This sounds like it wont be that bad of an idea to build directly from a git > tag if you know how. Together with signed tags this should be more > trustworthy imho. I don't see a huge downside here. > > I wonder if one could replace that release server with a simple vagrant > setup or similar so the RM can actually create release archives on his own.
Not using vagrant but this is how it is done now. That box was used until a couple of years ago due to some bison (or ac) issues, to be sure that the src releases work on any supported systems. Cheers, -- Pierre @pierrejoye | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
