On 24.10.2016 at 17:19, Rasmus Lerdorf wrote: >>> c. Get some specific people to volunteer to review patches in security >>> repo regularly - how? Any takers? >>> >> OFC it'd be ideal to have some karma holders to participate. And another >> option, which is IMHO eligible - we could invite several reporters. There >> is already a couple of people, who regularly report security issues and >> keep them confident until they're publicly disclosed. IMHO it is a good >> base for trust. > > Yes, in the end this is about getting Stas some help here. He has been > doing an incredible job for years now handling all these annoying > off-by-one and >2gb string bugs. I occasionally read through the patches, > but I haven't been doing it consistently and even though there are a few > other people on security@ who occasionally look through the patches, it > obviously isn't enough. > > As a first step perhaps we just need to expand security@ a bit with the > specific call for volunteers to help review security patches?
I'm gladly willing to help with GD related security issues (at least). It's also okay for me to get assigned to these, when Pierre is busy. :-) -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
