On 14.10.2019 at 09:44, Joe Watkins wrote: > Recently we voted on classification criteria for security bugs [1], we > include under "not an issue" any issue that "requires invocation of > specific code, which may be valid but is obviously malicious". > > I would like to add an explicit clause under the "not an issue" section for > anything related to FFI. > > It hardly seems worth it to run an RFC, although I'll be happy too if there > is a single dissenting voice. > > If there are no objections, I'll modify the document 7 days from today > (Monday 21st October). > > Cheers > Joe > > [1] https://wiki.php.net/security
What is the status here? It seems the security classification document has not yet been updated. Cheers, Christoph -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
