Hello Pierre, > Please state the facts. I did add Debian and Ubuntu to the discussions > on secur...@php.net. For all the issues you have reported yesterday > (and I do the same for other). I do not know if Ondrej is on the > security debian list, but that's up to them to deal with that.
Actually you have not. All mails that went to me were only forwarded to redhat security and ubuntu security. If you sent any mail to debian than this mail was not CCed to me. And even if you have done so than the big fuckup is on the side of Debian for not informing their maintainers. > Yes, as far as I know no more active members are part of the list, but > they are part of the security people on bugs.php.net. Reporting flaws > via bugs.php.net would be actually much better these days as more > people can read it (see the repo for their accounts) and it is > actually archived. And thisis also one of new good things we have > changed recently. Pierre secur...@php.net was founded by me many years ago, because THIS is the worldwide accepted standard for reporting security problems. It doesn't matter if your prefered way is bugs.php.net or whatever - standards are there for a reason. Regards, Stefan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
