Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:23374 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 3090 invoked by uid 1010); 15 May 2006 16:14:32 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 3074 invoked from network); 15 May 2006 16:14:31 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 15 May 2006 16:14:31 -0000 X-PHP-List-Original-Sender: andi@zend.com X-Host-Fingerprint: 80.74.107.235 mail.zend.com Linux 2.5 (sometimes 2.4) (4) Received: from ([80.74.107.235:17963] helo=mail.zend.com) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id 91/FF-19568-5E8A8644 for ; Mon, 15 May 2006 12:14:30 -0400 Received: (qmail 1438 invoked from network); 15 May 2006 16:14:18 -0000 Received: from localhost (HELO ANDI-NOTEBOOK.zend.com) (127.0.0.1) by localhost with SMTP; 15 May 2006 16:14:18 -0000 Message-ID: <7.0.1.0.2.20060515091102.044df950@zend.com> X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0 Date: Mon, 15 May 2006 09:14:20 -0700 To: Stefan Esser ,PHP internals In-Reply-To: <4468848D.5020602@php.net> References: <4468848D.5020602@php.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: [PHP-DEV] PHP Release Process Sucks From: andi@zend.com (Andi Gutmans) Stefan, I don't see why this attack is directed at Zend people working on PHP, where the release process is completely a community driven effort (and last time I checked, no enterprise was involved in that process either). I agree the release process isn't perfect yet, and it becomes increasingly hard as PHP grows, but your points would be better made if they were not directed against individual contributors but as an email to raise general awareness and discussion. Ilia for one works hard and does his best (probably better than any release manager before him) to juggle between the various issues and priorities of each release. Andi At 06:39 AM 5/15/2006, Stefan Esser wrote: >Hello, > >okay, mistakes happen everyday but it really sucks that PHP.net >continues trying to hide mistakes. > >1) PHP 5.1.4 was released with a nonsense announcement claiming that >there was only a problem with POST arrays or POST fileuploads. > -> In reality a paid Zend developer had destroyed the handling of >arrays in any kind of user input in PHP 5.1.3 completely. Ironically >after that incident another Zend man came forward and dares to say "I >don't trust our core testers anymore" >2) PHP 5.1.4 was lacking the PEAR installer which resulted in make >install downloading the file from the web. > a) this part should be removed from the make file completlely >because 'make install' is usually executed as root and under no >circumstances should download a file from an insecure HTTP source. > b) this fact was again hidden by silently replacing the PHP 5.1.4 >tarball with a new one, after the other one was out for more than a week. > >PHP.net is more and more turning into Microsoft (more than 3 months to >resolve critical security problems). I guess that comes with the >involvement of Enterprise companies. > >Yours, >Stefan Esser > >-- >PHP Internals - PHP Runtime Development Mailing List >To unsubscribe, visit: http://www.php.net/unsub.php