Hi, 1. Every peice of software has bugs - PHP still bugs - it always will have. Deal with it.
2. It is no-one's responsibility other than your own to *test the software*. Anyone using any form of software in a production environment has at least one test bed to install new versions of software on to test for security. 3. You dont have to upgrade! You should, but you dont have to... its down to the system administrator to assess the need. 4. If your software requires register_globals to be set "On" in the php.ini then your software is badly coded and quite possiblty insecure in its own nature. 5. At the end of the day, we arent choosing YOU to use PHP... you chose PHP for your own reasons. If you dont like it - Microsoft will be happy to take chunks of money off your hands for a Win2k Server with IIS and ASP on it. The grass it always greener huh. - Dan >> Who said anything about M$? I don't use their crappy products so I >> don't have to deal with their security issues. > > I'm the one who brought up Microsoft, I'm saying it's a whole lot better > then the alternatives. > >> If PHP 4.2 is unsafe then why is it listed at the top of the page for >> download? There is not a shread of text saying do not use in >> production, no unsafe warnings whatsoever. How am I supposed to >> magically find the 'do not use' warnings? > > You have to magically find this by reading the messages on this list, > not more then a month ago, someone asked was it considered stable for > production use, and the answer was no. I was going to type a long rant > about how you should test software or atleast wait a while for the kinks > to be worked out of new versions instead of running cutting edge, but > screw it, I'm not wasting any more time on this. > >> It's not about that.. It's about the hell I've already been through >> with the new register_globals setting. Then two huge ass security >> holes following in the next couple of months after that. > > I know, there such bastards for releasing security patches to fix the > holes they know about instead of burrying the evidence and denying a > hole exists. > >> If it doesn't bother you the hassles 'the php group' is putting me, >> you, and alot of others through then I guess that's just you. I >> can't help but get pissed about it. I did not have the time to do >> these upgrades, but now I have to make time. > > You know your right, the PHP group (god bless them) is out to get you, > individually, they intentionally put security holes into the software, > so they can go back later and make you patch your "dozens of systems" > and make your life a living hell. And it's not just me who doesn't mind > upgrading, it's just you who can't handle it. > > Adam Voigt > [EMAIL PROTECTED] > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software & Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
