"Yesterday (2021-03-28) two malicious commits were pushed to the php-src repo"
In related news, PHP switches to hosting their repositories on GitHub.
@fribbledom I mean as long as I dont need a github account to participate thats ok.
I'm honestly concerned about that monoculture on github.
For example if some country now decides to block US services, you will not be able to contribute to PHP anymore, merely because they depend only on github instead of an independent, self hosted service.
@sexybiggetje With mercurial, you can create a "bundle" which consists of just chosen commits. On the receiving end, they can pull those commits in as if the bundle were a full clone. Does git do something like that?
@sexybiggetje Cherry picking exports a file? I thought it was just for destroying your compatibility with upstream. Maybe I'm thinking of rebasing.
@sexybiggetje I guess so, but the `hg bundle` command creates a binary file, not text you could potentially edit. And is easy to pull from. But also, pulling in mercurial doesn't update the bookmark (branch), or working directory. So in hg workflow, you often compare incoming commits after pulling, not before. Which means git users probably don't do things like this, huh?
I think what’s being described here is most like git format-patch
git can also create a patch from a set of commits and email it.
Lots of options for creating patches and then applying them.
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!