Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:308
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Date: Wed, 26 Mar 2003 16:29:30 +0200
To: internals@lists.php.net
Message-ID: <20030326162930.1088c608.tony2001@phpclub.net>
In-Reply-To: <1048685915.4577.9.camel@trior.martinjansen.com>
References: <20030326112602.4479ad59.tony2001@phpclub.net>
	<Pine.WNT.4.53.0303260126190.1812@DELL>
	<20030326113944.5c6ce93b.tony2001@phpclub.net>
	<1048685915.4577.9.camel@trior.martinjansen.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] socket_iovec_alloc segfault && security advisory
From: tony2001@phpclub.net (Antony Dovgal)

On 26 Mar 2003 14:38:36 +0100
Martin Jansen <mj@php.net> wrote:

> So you are proposing to move sockets to PECL, because the extension
> will not attract that much interest there and thus the possible
> security issues will not be revealed so fast?
> I agree with that up to a certain point, but technically this isn't a
> great solution: The issues should be fixed *before* moving it to PECL.
Yes, of course.
I just don't see any reasons to include experimental extensions, 
that will cause such "security advisories", into the core distribution.
Someone can explain this to me, maybe I'm wrong?

> Otherwise PECL will soon be a hazardous waste site for all sorts of
> PHP extensions that have more or less severe security problems ;-).
No, I'm not going to fill PECL with hazardous extentions =)
In PECL we can at least tell, that this extention is not stable
yet and we have only alpha/beta/gamma version.
IMHO, this will warn admins of installing this extention on production
environments.


P.S. It seems, that cc'ing to Internals doesn't work.
Did I miss something?

--
Wbr,
Antony Dovgal aka tony2001	mailto:tony2001@phpclub.net
http://phpclub.net
---
Stand for something or you will fall for nothing.