That was my intent when I joined the list. I wanted to get a feel for the community and the development process. This is the first open-source project that I've considered contributing to, so it's all new to me. I still plan to dive into it, but it's disheartening to see some of these petty arguments. That is all...
Jordan On 1/11/07, Ilia Alshanetsky <[EMAIL PROTECTED]> wrote:
Rather then commenting on what other people should and should not do, do something productive like fix bugs or help to extend the PHP test suit. On 11-Jan-07, at 2:23 PM, Jordan Moore wrote: > This is pathetic. I thought most of you were adults, but I really > can't tell sometimes. > > Why can't this be discussed without everyone getting upset and > snapping at each other? The biggest problem with PHP right now is how > thick-headed and cocky some of the posters to this list are. Grow up, > and then maybe PHP will have a chance to grow up. > > It's only taken a couple months to realize how much time is wasted on > political crap on this list instead of bug-fixing. > > On 1/11/07, Stefan Esser <[EMAIL PROTECTED]> wrote: >> >> > I wonder what do you mean by that - that PHP group should publish >> > press release "PHP is not secure, please do not use it anymore" or >> > what? I see PHP group is working quite well eliminating the >> security >> > issues. As far as I know, last year there was 7 remotely >> exploitable >> > issues in PHP (which is regrettable but that's the way of life >> to have >> > bugs), and all of them are fixed, IIRC, and within acceptable >> > timeframe (the last can be debatable, but PHP being opesource >> project >> > the only way to fix it is to get more participation from people in >> > submitting patches). I know of no remotely exploitable security >> issue >> > that is now in current PHP version. >> > So I wonder what would you like PHP Group to improve? What would >> you >> > mean by facing reality - what in your opinion the reality is and >> what >> > would you have PHP group to do to satisfy you on facing reality >> account? >> First of all PHP group is doing nothing. Neither do they improve >> PHP's >> security nor do they stop well known PHP license abusers (because >> they >> are friends). >> Secondly security patches are done by Ilia and maybe the Zend >> stuff by >> Dmitry. All the others are doing nothing in the sense of security. >> >> And do I need to remind you about a certain bug in the new super >> duper >> Zend Memory manager that results in a far too small buffer being >> allocated? >> >> Do I need to post an exploit that uses this bug to exploit for >> example >> the Soap HTTP client from ext/soap? This is a kind of remote exploit >> against PHP. And god knows how many other places are vulnerable >> because >> of the new "improved" Zend Memory Manager. >> >> And what about the heap underflow bug in ext/filter... Also not a >> remote >> exploit? >> >> The fact that you do not know about any remote exploit against PHP is >> quite irrelevant for reality. >> >> Stefan Esser >> >> -- >> PHP Internals - PHP Runtime Development Mailing List >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > Ilia Alshanetsky
-- Jordan Moore - Creative Director Sanctus Studios LLC http://sanctusstudios.com (360) 616-4818 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
