Hello Andi, > I don't see why this attack is directed at Zend people working on PHP, > where the release process is completely a community driven effort (and > last time I checked, no enterprise was involved in that process either). Well I don't see why Zend people commit code that obviously broke a key functionality without testing it. And then Zend people come out under the trees and speak up that our testers are doing bad jobs. It is true that obviously NOONE has tested the code, because otherwise it would have been seen instantly.
> Ilia for one works hard and does his best (probably better than any > release manager before him) to juggle between the various issues and > priorities of each release. Andi, I was not speaking against Ilia. I know that he does a job that actually noone really likes todo. The problems with 5.1.x releases have to be blamed on other parties. Maybe you can say it was his fault that this stupid .phar was not in the archive, but the bigger fault is the lack of a sense of basic security principles. From my point of view it is unbelievable how someone can add a 'wget pear.php.net/bla...' to the 'make install' process. Of course this is not triggered if the .phar file is packaged, but this fallback is insane. And Ilia has also nothing todo with the lack of a PHP 4.4.3 release. Yours, Stefan Esser -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
