"Know Your Enemies: Live Exploit of a PHP Engine Security Breach" by Alexandre Daubois at #FOSDEM
Interesting that a PHP security hole almost happened because a hacker hacked PHP's Git server and added malicious commits ... so in response they moved to GitHub.
If a big Open Source project like PHP doesn't feel comfortable managing their own infra where does that leave smaller projects?