Hello Soenke, > I know it's hard because he personally attacks people and this doesn't > help at all, but deal with him. He really made PHP and the interwebs > more secure for the last decade. > > Do not respect him for how (bad) he's communicating things, respect him > for what he coded. We are coders.
I am not attacking people personally. Telling someone that he looks very stupid, because he did something stupid is not a personal attack. It is stating the facts. How does it not look stupid for the "lead" maintainer of PHP in Debian* to write a "We do not need Suhosin, because I believe there will be no future Bugs in PHP" mail the very same day various PHP distributions have to put out updates because of a critical security bug that INFACT is mititgated by PHP. People don't get that saying we do not need Suhosin because there have been no such critical bugs is like saying: we code perfectly we do not need ASLR, NX, Fortify Source, ... And it does not only look stupid to write such a mail at that moment it also shows how disconnected the Debian PHP maintainers are from what is happening around PHP. It also shows that the PHP devs seem to not like the Debian people, because otherwise they would have kept him in the loop. I know for a fact that Ubuntu and Redhat were informed. So instead of telling me that I am bad with communication they should start critizicing themself. Regards, Stefan *well I heard there is no such thing as a lead maintainer in Debian, but he takes the lead at the moment -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
