Hi! > Slipping in a malicious code in such a diff could easily go unnoticed,
This is not a bug. And if we have a malicious comitter, we have much bigger problems than generated lexers. Fortunately, there's exactly zero evidence that it is of any concern to us. > you have to trust that it was generated and not touched after. Why this > unnecessary trust to give, when we can simply not have the file? Again, if you do not trust people who are working on most sensitive part of the engine with being able to observe minimal rules of sane coding, you have bigger problems than lexers. Not that there are hundreds of them committing any way, this year we had exactly 1 (one) big lexer commit so far, last year there were three. And it's not that hard to scan through them either, if you're interested. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
