Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:116437 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 3416 invoked from network); 17 Nov 2021 11:06:38 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 17 Nov 2021 11:06:38 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id B7D731804F2 for ; Wed, 17 Nov 2021 04:01:49 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_40,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Wed, 17 Nov 2021 04:01:49 -0800 (PST) Received: by mail-ed1-f49.google.com with SMTP id w1so10013206edc.6 for ; Wed, 17 Nov 2021 04:01:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=oCw+xP94wwAAQft4sM9BQ3LgU5h10uZ/GQFq5/CkF/g=; b=kuNKpBIPbp80LAnBzP77Nilc8hCPeqphZfDxzKW3svbmfw667KGNFVwpFIzH6s4vZd w6H20xXqEHZgygnpF5FJ5V74xtPywcZ9a7m4xHI6lEbSSRUoBYXjtw0/VRvnDeYmGOrR QJT+7KIn53vAQr/NvAc0KzXn4eyR3X+XP289ajqvMU9RoRJuvYloNRLAaWTTjUOXB282 MSqdr6kSAAYMN2Z/JmJISIkBI7wbQPRnvQnTeYAy2uSiQlXqfFZPB5qvQeqvjOLGPbsz PY+ghrOPMjuwpTgiKi55mEKZR5irrdeE20E9nSdeUjxH9A0Dv0TNf717MCQEl42Kjpxo 2Hiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oCw+xP94wwAAQft4sM9BQ3LgU5h10uZ/GQFq5/CkF/g=; b=xEJBdvVt5LCdM8eJMdVir3i9/y78yFmBeL7ROQLtw5IxvkkmlQEtaQHTNPEXxwbpEG 2kgsjJ7wxhDzIxUQS64fLsdx69A+D6y+LQeOmnVpObMN3GZJvbcwImlduDaN1WBLC5VW +IvWRnhZiUxHQl3a5yRk9x7plCD0XnPnLk3CIipoAPDgUmjX3BICOdsj9Fp1RerST58M 2Jnj9xfSd9QGwtaNmw562KJwxID0XQc+EU3AScyvIFpbroY3kxdo/ibkkUvonbefucxi k2YAwiHrpgY+QBzcKfd+yQ/7+/2Pf5Ji0QmjMWxnZvWbkpyxV/gYRlDuvgRRW02zcGCp b36A== X-Gm-Message-State: AOAM5312CjdE5klWjwSCJWuAlNsPNAqdbiM6YWgBMckM5iDImJ2tyZ8M RZLHYIMP3tgsnfHsd8TOqtzowiqSzJRwMpHrLRgt9YQYg7I= X-Google-Smtp-Source: ABdhPJymHS4UvQZMP51147NNJpq0qwOPS/yCzulMHDz+jeIzz+IkxBNLsPSftmQvpX+8mX64I8hi/uMTvOczjWQGjCM= X-Received: by 2002:aa7:cb41:: with SMTP id w1mr21311436edt.327.1637150507817; Wed, 17 Nov 2021 04:01:47 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: Date: Wed, 17 Nov 2021 13:01:31 +0100 Message-ID: To: =?UTF-8?Q?Bj=C3=B6rn_Larsson?= Cc: PHP internals Content-Type: multipart/alternative; boundary="000000000000765ea705d0face6c" Subject: Re: [RFC] Migrating to GitHub issues From: nikita.ppv@gmail.com (Nikita Popov) --000000000000765ea705d0face6c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Nov 15, 2021 at 9:18 PM Bj=C3=B6rn Larsson wrote: > Den 2021-11-02 kl. 15:19, skrev Nikita Popov: > > Hi internals, > > > > The migration from bugs.php.net to GitHub issues has already been > discussed > > in https://externals.io/message/114300 and has already happened for > > documentation issues. > > > > I'd like to formally propose to use GitHub for PHP implementation issue= s > as > > well: https://wiki.php.net/rfc/github_issues > > > > Regards, > > Nikita > > > Hi, > > The current proposal is to move all new issues from bugs.php.net to > Github except security ones. > > I think it's important to think a bit on what that means for reporting > security issues in the future. I mean, if we leave bugs.php.net to rot > in the corner, what are the consequences for reporting security issues? > > I think that aspect needs to be a bit further analysed like: > - Will this move have a negative impact on reporting security issues > on bugs.php.net? > # Both from a technical and people perspective. > - Can one assume that by bugs.php.net having probably even less > attention, that reporting security issues will work as is? > - Is there an alternative for also handling security issues? > > Think it would be good if the RFC could analyse that a little, besides > saying business as usual for security issues. > I don't think there's much more to say than that -- it should indeed be business as usual. The only complication I see for security issues is that we will not be able to easily move security issues that turn out to be non-security bugs over to GitHub. As such, we may have a very low number of new bugs appearing on bugs.php.net by being reported as security issues first and being reclassified later. I don't view that as an immediate problem, because to start with, we'll still be working with recent reports on bugs.php.net anyway. Longer term, I do hope that GitHub will provide a way to report issues privately (i.e. as indicated in https://github.blog/2021-11-12-highlights-github-security-roadmap-universe-= 2021/), so that we can consolidate everything in one tracker. But given the lack of clear roadmap for this, I'm not basing any plans on it yet. I do think that the handling of security issues is the weakest part of this move, and probably the only area where choosing a different platform could have a tangible advantage. However, we receive orders of magnitude less security issues than other reports, and there is a much smaller number of people involved in handling them, so I don't think we need to put too strong a focus on this aspect. Regards, Nikita --000000000000765ea705d0face6c--