Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:118990
Return-Path: <cmbecker69@gmx.de>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 30570 invoked from network); 10 Nov 2022 13:29:25 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 10 Nov 2022 13:29:25 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id CA2891804FF;
	Thu, 10 Nov 2022 05:29:23 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,
	FREEMAIL_FROM,NICE_REPLY_A,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H2,
	SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-ASN: AS8560 212.227.0.0/16
X-Spam-Virus: No
X-Envelope-From: <cmbecker69@gmx.de>
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS;
	Thu, 10 Nov 2022 05:29:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417;
	t=1668086961; bh=xaxzs9nat/t9Sc+6iHpTznE4HM6qVq57f7F0ROMZnaU=;
	h=X-UI-Sender-Class:Date:Subject:To:Cc:References:From:In-Reply-To;
	b=ftZSW5LmPmviF/QsuSZ4VJg98fTArRc4IkjRe1G8z55wPDyUl0Ng+iodD1CjMGnzX
	 GCWEjJThqjWZhx78ThPo/Pez/aEwwvzVWKcncWYUhF0DYrz4nsoAC9NRKbdZ77RWJ2
	 YBfaJ0nthrGwWTsEBSAUWb5OMsjMazT8HeakytRDz3h3neFiLn9qWw+pR4vaZVIHWN
	 fT3oFfF8L4Dtf0N3Y8oRdUVXE1h9cF4+27k7xHfr1kdVn2m5tlpnATY6U2fkJ+HUCK
	 OhYxu/XmTzM28hvRxfNE7vj8g5xX8WYKe9H0ySPhqfB1cbuHjO7ds3TxqMwwlEUrrT
	 7+Jew1kvga75Q==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [192.168.2.130] ([79.220.80.221]) by mail.gmx.net (mrgmx104
 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MQe5u-1ofHj448UI-00Nm2J; Thu, 10
 Nov 2022 14:29:21 +0100
Message-ID: <8fbb3af9-5fb5-1220-3b88-a42f5aaa40ef@gmx.de>
Date: Thu, 10 Nov 2022 14:29:20 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.4.2
To: Nikita Popov <nikita.ppv@gmail.com>,
 Stanislav Malyshev <smalyshev@gmail.com>, "security@php.net"
 <security@php.net>
Cc: internals@lists.php.net
References: <CAF+90c90pTtjxuMaQ88h+njhByfbv4qs=xx72CVPSw40tde6Cg@mail.gmail.com>
 <dde40b06-93c4-cb5b-0abf-48dfd8781fdf@telia.com>
 <CAF+90c_=GhEy0pX5wp9Hcj5+D31tjhhKBCSDCs4ofAoZj00_fA@mail.gmail.com>
 <25f35ef5-7f86-9aa3-a069-195a1ed39a91@gmx.de>
 <CACwt+JeLADQC6QvFt4m1gZCZ+oEeQnhSun-37T39bAR1N-uBjQ@mail.gmail.com>
 <CAF+90c9_u2BgDKywLMCfx9C3mFz-a-XZFeMe8NCvk8w4Fr1R0Q@mail.gmail.com>
 <CAJp_myWdQze1_WuL9ddDoi+1UTLUNz+9nU5_7hiKGG_-QhVqjg@mail.gmail.com>
 <d68fc8c9-4e5e-2bd7-6e02-e5afe1fc4c10@gmail.com>
 <CAF+90c-Lbtav0dhAuPi0g2hox2MgNNRNagzxusBSoWvAAg-2Ow@mail.gmail.com>
In-Reply-To: <CAF+90c-Lbtav0dhAuPi0g2hox2MgNNRNagzxusBSoWvAAg-2Ow@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:wdmACjSwduI6gURfAj6nErYJKNLhPBY9QQh+ON9/EWyqoBOtrdx
 xFN0A/QgI8jRgcWtDnkefVvk50AbQ3FdOqUfjL9CfouGhXxN/EY2FL4NG5mSiCeJMZ9ywPU
 8NCTv0u2mOHHNQkXiYbls6ontXSYGeSl1bLQZasGHWWb1NJt62Z6iV1+1mL8oYcf46m3YMy
 wcHQY9Fx9ffm9Wba9n7ow==
UI-OutboundReport: notjunk:1;M01:P0:bf4KFhgLAT0=;rGuPoD/ZDYDXGkq6Erlr2fn9o8R
 l1YzJP8laww/OcuAS0H5moMrWX2mgrMJldLJDiKa8SBRuODVrBI6XuVg/7A5zXDKoREdFGdy8
 vMpGAJGAs/7o9C4EcNGnxz5huI1JGPFgCFNVLk+n0R8LAZQQFL1LDX2lnuLHGxDl1mez8Xse1
 0xOP3e1c7MiDBPH9jkGL17z9PZEEzsOKVVuQZlhUGpIUT/BOKDk31QNIfNkl1wP33yoLoNXVN
 AefT6r0vk4TaolyaECjvIWjFimziA/j6Qgev7tptIlLsYCRHCTd9Z8/V3a4dNxku4MPXDRykK
 QQfpodCuFo0xEHQwtvYoSU4YLrRYIYtR7A601se+w2FTKkB7aT2xiWWoGWIEDTLtZcpNstz4R
 9gtWZ+xEB0zQsITCyMRaZ/uM4PadiSyahisXzaocotudR+1ZEdZ99CPQcsPuzi6RVSzogXBbt
 oiGAht7T8pnOyAfZmFVNIKDjLDMkvEWFwzuHWkuN4m/YLrnKiijh7K65g21aWAiIqM33TPjpB
 Ufa8GgeyEfL4vWj05WSOx19lqNe7ffS16nDm5y5IRC5QX825AGM9fIPcBTSQcBn2GGKQTcXfN
 b/EtZ/Sz1ihgfRMIZF6rTNO0CgsHTP6ws56xWX6V8x/xgWToxTfA1er7cDOkSh8e9zQZcG9uq
 tf/stKFaUkf9xZtwWfafF/Qj/XTIIMUoBvvnwgahDr4H+DC/jaDOcNacgsj4VsrugRhx4yKlA
 SYkMcqTMbTdj0dWff+trhfonRAOpaMmcx607e+7uInpsslZKwfUknWbD0mvWzwovgSsxfzPzi
 fvxLYbuwugZhaPQg6EL1PkznS0WW9s2LpCdHvTZxJAYrdxRwEVtQdCFXhGR0Yx2NR0oMkoRHn
 4upd3bjfhwNErr9ZXhczSNt9bbc9TNfQMwlfQ3EnW5jwpW7Lj33KP0MWuhkAJ5B+t40JJUfcd
 5QaKD0nwCo15uSjhnEv8ZQzD6hM=
Subject: Re: [PHP-DEV] Re: [RFC] Migrating to GitHub issues
From: cmbecker69@gmx.de ("Christoph M. Becker")

On 09.11.2022 at 23:27, Nikita Popov wrote:

> It looks like GitHub has just added support for private security reports=
:
> https://github.blog/changelog/2022-11-09-privately-report-vulnerabilitie=
s-to-repository-maintainers/
>
> I haven't looked into the details, but it probably makes sense to enable
> those on php-src and make this our official venue for security bug repor=
ts.
> This would allow retiring the last remaining use of bugs.php.net (well,
> apart from the archive of old issues, which should of course remain).

I agree, but maybe the security team is in favor of sticking with
bugs.php.net.

=2D-
Christoph M. Becker