Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:122828 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id 992D11A009C for ; Sat, 30 Mar 2024 15:35:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1711812974; bh=UuAMZ8xVO6x+NiEtpSXhYTpOx8SxtVdqR0Ei9EBzltM=; h=Date:Subject:To:References:From:In-Reply-To:From; b=GNLxaAob4JSA1KKyzAzhbzoarkzYi3WWm+QgHM7ImDY2q00VWaew8+0hCoQWkP/mW pb1GAghgSGljH7Pub0NvooFBEIwb+Qyy18BdNgJD+v36tYS2QpcGAXW2hY7dF9f1j9 q0LgmIPqzBRkX/8KXdOmdWKh7yKNskQbWnDS4jwGzP9NAVFsARUasMCznpfavp+S1U iP0IFO0jTOerpjGA8EzTzM0fEhZogd2eFPIUVFSAXkd47g0p7l3jHbZuH2G8ca5lAh NOVLpdG4g5AJHOIpu1146YRExNrT6B+cg+HQUUeE8TJJ8gT5U0NHfG341xmLVvwHyd qZkv6j4EurEzg== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id C18F81807F5 for ; Sat, 30 Mar 2024 15:36:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,FREEMAIL_FROM, HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sat, 30 Mar 2024 15:36:11 +0000 (UTC) Received: by mail-wr1-f47.google.com with SMTP id ffacd0b85a97d-3417a3151c4so2600920f8f.3 for ; Sat, 30 Mar 2024 08:35:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711812943; x=1712417743; darn=lists.php.net; h=in-reply-to:from:content-language:references:to:subject:user-agent :mime-version:date:message-id:from:to:cc:subject:date:message-id :reply-to; bh=qwVRnKGM9snoHene8DFLYkCG0Il5qJusYbSfaPuQr5A=; b=dle39UtNTi3Cg8LOgDXX1RNNZHl1dIrT3Y2qMNED+8Q0iiduszJlsuAl3XvYteXM6m SZAuyWuhnGf8mXKOnJSbccGhazwGyeHVLnjnB3MFAzepHUaMPfw5WKvwsuo6KxISmu5U rRytCltDrB6L0QleiNvZSPra9SRnERpN0k7KtRFAwuLFMysyGnnZ00y/hGapgwwpZvDl 5kPGkcWFuTuyTUC9FTt/L3Iz/sX3lmyo0jFRGmOyKZ0aUinjnYC69lbTTzNVW+iPrqeR UbYHkieRtTY+4pE8H+MF4jlB5eGbHDTWTqOmv6HA+7kAuYGY4U1wg8J+qaWxlSt7OPpR T6qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711812943; x=1712417743; h=in-reply-to:from:content-language:references:to:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=qwVRnKGM9snoHene8DFLYkCG0Il5qJusYbSfaPuQr5A=; b=Ja/2CbapQN1+88d9jV54OVJth2yhZja/IzDnGP2fPB5yPu6PR+E+HzQesmX6bB2p1J 0Pb/NXwf5UHz40cl1cfLvhBJmZcoJ5KyhG72lHp6ztawH5RKizQrQKaX8mF39XUI45iM OzIqo5B5b07E6BgNtQOc2aRx5/fJobkLbAhey0bCfid+hvb22pbTuOmJhrf0koWx89WA PYDnQ1tm2LzEI4k/kA1q8dWrwrw9Pw7kk5eDlRAubW69JnCCzpdVFeYp+P5EDlYz7NmK OSY/Xy43CupuIQ00l+4MDCmqCBwmsHcjzZW7mvtGi5SgcTB7NDJC/d+X8JM7UXjk852C ihrw== X-Gm-Message-State: AOJu0Ywu8ESmmALaYvM0S1Zg/eYKFkFREFqhP4fzCbH0O8zTf7YRc3fM iO1viDQVpNg83YLBky2jwKUTFijoTzwZ5a5xmtV2PRXivSTby64OgUPVm362 X-Google-Smtp-Source: AGHT+IEANfTB5T+E3f9iuf1VrhdwDuP2rUEEIfXeOgYQJjI5Ch90O1t3/0+dj4yy2cCtj+EQuIV+5g== X-Received: by 2002:a5d:6384:0:b0:341:bda1:f650 with SMTP id p4-20020a5d6384000000b00341bda1f650mr4215488wru.15.1711812943307; Sat, 30 Mar 2024 08:35:43 -0700 (PDT) Received: from [192.168.69.233] (as198747.daniil.it. [128.116.205.77]) by smtp.gmail.com with ESMTPSA id u14-20020a056000038e00b003433e5cab4bsm2994542wrf.103.2024.03.30.08.35.42 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 30 Mar 2024 08:35:43 -0700 (PDT) Content-Type: multipart/alternative; boundary="------------ao669PetNOMu64OBlr9SWUTf" Message-ID: <1c7bcd0e-4e32-480f-acd2-2c8eb049bde2@gmail.com> Date: Sat, 30 Mar 2024 16:35:42 +0100 Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PHP-DEV] Consider removing autogenerated files from tarballs To: internals@lists.php.net References: <9008050F-4EE1-4E19-B513-654602E118A7@benramsey.com> <3d90e236-49d8-4f80-a6dd-3584267a83e3@php.net> <586c3320-b38b-47bb-9c06-6762f1eb242b@gmail.com> Content-Language: en-US In-Reply-To: From: daniil.gentili@gmail.com (Daniil Gentili) This is a multi-part message in MIME format. --------------ao669PetNOMu64OBlr9SWUTf Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit > That would break lots of tools as it requires extra dependencies so it > is not something that would could in stable versions. Btw, I do not believe that "it would require end users to install autotools and bison in order to compile PHP from tarballs" is valid reason to delay the patching of a serious attack vector ASAP. Regards, Daniil Gentili. --------------ao669PetNOMu64OBlr9SWUTf Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit
That would break lots of tools as it requires extra dependencies so it is not something that would could in stable versions.

Btw, I do not believe that "it would require end users to install autotools and bison in order to compile PHP from tarballs" is valid reason to delay the patching of a serious attack vector ASAP.


Regards,

Daniil Gentili.

--------------ao669PetNOMu64OBlr9SWUTf--