Hi! > Why not use RC2 as a chance for some security patches to get tested ? > If we have a RC2 (which is not bad IMO, we have a time slice here at > end of 2015 that enables us to release an RC2) , we then could merge > into this one some well-selected security patches, f.e, some that are > *low* classified , aka that can't get trigerred remotely by user > payload.
Generally, if we publish security patch we should release ASAP, as having public unpatched security issue is bad. Fortunately, the issue disclosed is not that bad, I'd even doubt it is security issue per se, as I see no real way to trigger it without code access (it may be I miss something though). Accelerating the schedule is OK with me (as is keeping the current one, too) but please do not forget to merge pending patches (or please tell me when you want me to merge them). Thanks, -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
