Morning all, Recently we voted on classification criteria for security bugs [1], we include under "not an issue" any issue that "requires invocation of specific code, which may be valid but is obviously malicious".
I would like to add an explicit clause under the "not an issue" section for anything related to FFI. It hardly seems worth it to run an RFC, although I'll be happy too if there is a single dissenting voice. If there are no objections, I'll modify the document 7 days from today (Monday 21st October). Cheers Joe [1] https://wiki.php.net/security
