hi Stefan, On Fri, Feb 3, 2012 at 9:24 AM, Stefan Esser <ste...@nopiracy.de> wrote: > Hello Soenke, > >> I know it's hard because he personally attacks people and this doesn't >> help at all, but deal with him. He really made PHP and the interwebs >> more secure for the last decade. >> >> Do not respect him for how (bad) he's communicating things, respect him >> for what he coded. We are coders. > > I am not attacking people personally. Telling someone that he looks very > stupid, because he did something stupid is not a personal attack. It is > stating the facts.
OH! Please! Please! Can we move this discussion at a technical level? > How does it not look stupid for the "lead" maintainer of PHP in Debian* to > write a "We do not need Suhosin, because I believe there will be no future > Bugs in PHP" mail the very same day various PHP distributions have to put out > updates because of a critical security bug that INFACT is mititgated by PHP. > People don't get that saying we do not need Suhosin because there have been > no such critical bugs is like saying: we code perfectly we do not need ASLR, > NX, Fortify Source, ... Again, please tell me which part of Suhosin would make sense to have in the core? With technical explanation or details. Then we can begin a good discussion and maybe a RFC to get them in. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
