Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57643 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 72243 invoked from network); 3 Feb 2012 07:09:53 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Feb 2012 07:09:53 -0000 Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.42 as permitted sender) X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 209.85.213.42 mail-yw0-f42.google.com Received: from [209.85.213.42] ([209.85.213.42:33583] helo=mail-yw0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C9/F3-21135-F388B2F4 for ; Fri, 03 Feb 2012 02:09:51 -0500 Received: by yhfq11 with SMTP id q11so1638920yhf.29 for ; Thu, 02 Feb 2012 23:09:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=6eNlgFDV43MR3gssBKgfT65aScB0QMAhMTSWUi1iMXk=; b=oxjjsc0tBw1aiXOvZCNfGEuTg6NIXjCycvt4rEm/vOIV95QCS21PQtQIXiWinz+xNL nWZYfZYjUaDxb66Bnh3wA8wz4BnrFdnFZJnBwb4KFQfL9dkITpKKLOT1rHwq/lAOYsm4 X9d4Y+htG7ryqwMwifGPUZr11stKWI8bdFWZ4= MIME-Version: 1.0 Received: by 10.236.182.2 with SMTP id n2mr9079419yhm.11.1328252988352; Thu, 02 Feb 2012 23:09:48 -0800 (PST) Received: by 10.146.197.7 with HTTP; Thu, 2 Feb 2012 23:09:48 -0800 (PST) In-Reply-To: <4F2B2ED8.4050900@jimdo.com> References: <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <4F2A9378.70803@thelounge.net> <4F2AC9CA.2070308@sugarcrm.com> <4F2B2ED8.4050900@jimdo.com> Date: Fri, 3 Feb 2012 08:09:48 +0100 Message-ID: To: Soenke Ruempler - Jimdo Cc: Stas Malyshev , Reindl Harald , "internals@lists.php.net" Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: pierre.php@gmail.com (Pierre Joye) hi, On Fri, Feb 3, 2012 at 1:48 AM, Soenke Ruempler - Jimdo wrote: > _YOUR_ responsibility as the provider (READ: provider) of a > programming-language is to provide a secure environment in favor a > micro-optimized performance. This is in so many ways wrongly formulated. This is what we do, always. Today (as in the last years) security is our top concerns. The only responsibility we have is to deliver the best possible PHP. And this always has been a matter of compromises. > Please first provide a default secure config and second you might > document the more unsecure setting by saying "you know what you do". That's the case. If you know areas where we do not that, please let us know. > Do not respect him for how (bad) he's communicating things, respect him > for what he coded. We are coders. > > Be humble and get shit done. Really. For one, I am. I have been asking for years now to propose the missing features so we can include them if desired. I myself implemented features that happen to be provided by Suhosin. But to ask us to take all or nothing is not going to happen as we are not convinced at all that everything in Suhosin is actually a good thing. The RFC process now allows everyone to propose such thing, including you or Stefan (who still refused to do it). Happy proposing! And I will be the 1st to welcome you. Now that it is cleared (was already before, but better three times than none), can we get back to the technical details of this discussion and see what are actually the technical issues behind this decision? Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org