GitHub vulnerability?

[DarkBeing]

I am sure you have already read about this -> User Hacks GitHub to Showcase Vulnerability . Is there any concern, that phpbb code has to be checked, since it is hosted on Github as far as I understand?

[callumacrae]

phpBB hasn't been affected. He pushed to the ruby branch because it was a bug in ruby (although they say that it isn't). He raised the issue a few days before, but it was ignored, so he demonstrated it.

GitHub fixed it quickly, though

[DarkBeing]

Yeah they fixed it, but only after he had to demonstrate it. The question which came to my mind is, if anyone else beside him knew about the bug and took advantage of it. From the conversation he had with the staff it appeared they did not take him seriously in the sense of "its a feature not a bug". Well, as long as everything is fine with the phpbb repositories, I am fine

[MichaelC]

It would be noticable if someone had pushed who doesn't normally have push permission as commit emails go out and it would show in commit logs.

[igorw]

He pushed to the ruby branch because it was a bug in ruby (although they say that it isn't).

Rails, and I don't see anyone denying it.

[callumacrae]

Rails, and I don't see anyone denying it.

Uh, that one.

They denied it - he made a bug report a few days previously, where he said that every major rails application he had tested was affected. They blamed it on the applications.

[Oleg]

If anyone changed any code in phpbb's repository we would know as pushes would fail with a non-fast-forward. So far this has not happened.

[callumacrae]

That and we'd all have Recieved an email…

[MichaelC]

That and we'd all have Recieved an email…

Only for new commits,, not if someone rebased and forced pushed.