Rather then commenting on what other people should and should not do,
do something productive like fix bugs or help to extend the PHP test
suit.
On 11-Jan-07, at 2:23 PM, Jordan Moore wrote:
This is pathetic. I thought most of you were adults, but I really
can't tell sometimes.
Why can't this be discussed without everyone getting upset and
snapping at each other? The biggest problem with PHP right now is how
thick-headed and cocky some of the posters to this list are. Grow up,
and then maybe PHP will have a chance to grow up.
It's only taken a couple months to realize how much time is wasted on
political crap on this list instead of bug-fixing.
On 1/11/07, Stefan Esser <[EMAIL PROTECTED]> wrote:
> I wonder what do you mean by that - that PHP group should publish
> press release "PHP is not secure, please do not use it anymore" or
> what? I see PHP group is working quite well eliminating the
security
> issues. As far as I know, last year there was 7 remotely
exploitable
> issues in PHP (which is regrettable but that's the way of life
to have
> bugs), and all of them are fixed, IIRC, and within acceptable
> timeframe (the last can be debatable, but PHP being opesource
project
> the only way to fix it is to get more participation from people in
> submitting patches). I know of no remotely exploitable security
issue
> that is now in current PHP version.
> So I wonder what would you like PHP Group to improve? What would
you
> mean by facing reality - what in your opinion the reality is and
what
> would you have PHP group to do to satisfy you on facing reality
account?
First of all PHP group is doing nothing. Neither do they improve
PHP's
security nor do they stop well known PHP license abusers (because
they
are friends).
Secondly security patches are done by Ilia and maybe the Zend
stuff by
Dmitry. All the others are doing nothing in the sense of security.
And do I need to remind you about a certain bug in the new super
duper
Zend Memory manager that results in a far too small buffer being
allocated?
Do I need to post an exploit that uses this bug to exploit for
example
the Soap HTTP client from ext/soap? This is a kind of remote exploit
against PHP. And god knows how many other places are vulnerable
because
of the new "improved" Zend Memory Manager.
And what about the heap underflow bug in ext/filter... Also not a
remote
exploit?
The fact that you do not know about any remote exploit against PHP is
quite irrelevant for reality.
Stefan Esser
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
