Add FreeBSD ports repo years back (9-RELEASE). Binary packages compromised through leaked ssh key of a ports contributor.

I wonder which government agency did the hack. North Korea? Russia? USA?
Good thing there's some sort of audit going on.

Not sure what any of this has to do with PHP's git server being compromised, but since you brought it up...

When the pimply faced teenagers at Taco Bell fail to cook your lunch properly and you get a surprise case of the sudden shits later, you should never "choose to drive" yourself to the gas station over pooping in the woods you're already standing in. If you make it to the gas station, great, but if you don't, then what are you gonna do??

This isn't about saving time or cost cutting -- it's about being properly prepared for an emergency. It is far more sanitary and safer to poop in the woods (or a suitable bag, pee in a bottle, etc) than unsuccessfully driving to a gas station when duty calls. Prepare yourself in advance for this often unspoken and unfortunate situation. Carry a roll of toilet paper, some water/sanitizer, a bag/bottle/shovel, etc every time you are in a situation that may not have a restroom handy at all times. It's the smart and responsible thing to do.

My hat's off to those brave men and women working through the pandemic at Amazon, especially the ones smart enough to think about these problems in advance and do the right things to keep everything safe and sanitary.

This, but unironically.

Why is it sad? The prime competency and interest of those various foundations and communities are not to run infrastructure so it far better to hand over those details to people that handle it professionally. And let's not pretend that the people handling the infrastructure for Github is in any way shape or form the same people that write POS software like Exchange or Sharepoint.

I do not see any good or bad in that, it's a service provided by one of the largest software companies at the moment, it's free, and the source was open anyway. And Microsoft uses it themselves, so they do have an interest to keep it maintained, stable and secure.

Everything can and will eventually be breached. Even the Pentagon was by a british guy with Authism interested in UFOs.

If Microsoft should decide to change their stance on the platforms usage and payment models, moving to another provider isn't even close to as hard as it used to be.

I have no preference personally, and currently use GitLab at work and mostly github privately. As long as it's free for open source and you do not give up any rights by using it... I'm fine with that.

I wish github provided an open source version,

There is nothing Microsoft in GitHub's tech stack. It's open source, so there is a contradiction in your claim: GitHub can't be secure if open source is insecure.
GitHub tech stack: https://stackshare.io/github/github

The question was what *Microsoft* servers have been breached.

So, keep researching.

Heh, yeah, torsionbar28 picked up on that too. Correctly so because my post was fairly lazy. I certainly don't believe that malicious entities will no longer be able to compromise the PHP source code (Haha, that impenetrable Microsoft forcefield!). I guess I was stating that Microsoft was simply the biggest malicious entity around .

Edit: I tweaked my original post. I feel I had mistakenly given Microsoft some credit when they are basically a danger to our industry. I also believe they are out of their depth with GitHub and their incompetence will show sooner rather than later.

That might be true if M$ had a decent track record when it comes to security lol. So now they've moved to a platform which is a much fatter, juicier target, and they still don't know what the original attack vector was. Hilarious. So if it's simply their private keys which are compromised and they don't fix their security culture, then they are doomed to repeat the same compromise.

This message brought to you by our local proprietary software shill.

Take your meds, schizo.