On Wed, Jun 11, 2014 at 10:58 AM, Tyler Romeo tylerromeo@gmail.com wrote:
On Wed, Jun 11, 2014 at 10:56 AM, Brad Jorsch (Anomie) < bjorsch@wikimedia.org> wrote:
... That's just awful.
How so?
Well, it makes *me* wince because you're directing people to pull code over the network and feed it straight to the PHP interpreter, probably as root, without inspecting it first. And the site is happy to send it to you via plain HTTP, which means a one-character typo gives an active attacker a chance to pwn your entire installation.
No, nobody bothers to read all the code they just checked out of Git, but it's integrity-protected by design, independent of the transport channel -- you know that the code you just received is the exact same code everyone else is getting, so you can trust that *someone* did the security audit.
(And yeah, no one does *that* either, which is how we got the OpenSSL fiasco, but computers can't solve that problem.)
zw