-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 07/28/2015 05:22 PM, Johannes Schlüter wrote:
> An approach might be to remove the automatic download and
> instructing the user to put the file there manually if this is seen
> as important.
+1
--
PHP Internals - PHP Runtime Development Maili
On Tue, 2015-07-28 at 17:11 +0200, Sebastian Bergmann wrote:
> On 07/28/2015 04:45 PM, Johannes Schlüter wrote:
> > (and yes - developers doing this might be an interesting targeted
> > attack vector. Malicious code there knows where the developer keeps
> > the source tree and might inject bad code
On 07/28/2015 04:45 PM, Johannes Schlüter wrote:
> (and yes - developers doing this might be an interesting targeted
> attack vector. Malicious code there knows where the developer keeps
> the source tree and might inject bad code into the codebase which we
> notice only with good review of commits
On Mon, 2015-07-27 at 09:32 +0200, Ferenc Kovacs wrote:
> Hi,
>
> I've just realized that even thought https://pear.php.net/ is available, we
> are still downloading the install-pear-nozlib.phar via http:// in
> pear/Makefile.frag and makedist
> Do you happen to know any reason for keeping it that
Hi,
I've just realized that even thought https://pear.php.net/ is available, we
are still downloading the install-pear-nozlib.phar via http:// in
pear/Makefile.frag and makedist
Do you happen to know any reason for keeping it that way or is this only
for historical reasons (maybe pear.php.net did
