Hello Pierre,
>> This is ironic because Pierre's employer is Microsoft (excuse me if that is >> not correct anymore). > > Again you are totally wrong. I work with them not for. > > And can you please once in this thread (or at all) stop your kiddish > personal attack and finally bring technical points to this discussion? > Can you do it? Grow up Pierre. Telling people that you work for Microsoft while you only work with them is not a personal attack. The technical points are all over my emails. You just choose to ignore them and highlight every second sentence of mine as personal attack. >> Microsoft created "recently" Suhosin for Windows. They call it EMET and they >> actively support it, not fight it like cancer. > > It is a very pretentious to consider that EMET has been created from > or because of Suhosin. Also some Suhosin features are per se enabled > on Windows through VC options (whehter they act the same way or not is > disputable but you know it). See you do it again. You claim I believe EMET has been created because of Suhosin. I never said that. Although one of the lead developers of EMET compared it himself to it. You know some features of Suhosin are already in PHP and the HTTP response splitting drama shows that when you break it there is a secondary layer of defense that protects you in case you use Suhosin. > Nobody ever asked you to kill it. never. But we did kindly and > friendly ask you to participate instead of doing your little crusades > like these days. No, you ordered me to sit down and write RFC so that I can convince YOU. >> A suhosin that is merged to PHP mainline will never provide the same >> security as an external solution. >> This is not good enough for me. > > That's your opinion, I'm convinced of the opposite. The issue here is > that you lived in the past, based on your experiences with php core > years ago, php3/4 and partially 5/5.2. It is really time for you to > wake up. Pierre it is time for you to come out of the delusional state. You repeatedly claim that everything is now superb. Do you forget PHP 5.3.7 and PHP 5.3.9 both times there were security vulnerabilities introduced right after the last RC. This is a sign that the PHP development process is still not healthy at all. >> Also PHP.net demands that I convince them to take feature A, B and F from >> Suhosin into PHP. > > It is a standard procedure that applies to any new feature. Many > projects do that as well. There is no exception, even for you. No it is not a standard procedure that you order someone that does not see a need to merge features into PHP to sit down and write RFC to convince you nevertheless. > And yes, I do lobby against Suhosin because I consider it causes more > harms to the whole thing that what it solves. That's my rights and I > do not engage php.net in my statement but only my personal opinions. > And I will continue to lobby, actually not against Suhosin, but to get > what PHP needs in PHP and not in some random external patches. Enough said. > I also try to convince you to finally get around your personal issues > with us and join our efforts. I do that every time we meet live at > conferences or other events. It is also somehow amusing that you are > much more polite and nice in a live discussion than through emails, > let try to solve that next time we meet :-) You claim I have personal issues, while I repeatedly tell you the technical reasons why I see it different then you. Regards, Stefan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
