Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57649 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 94473 invoked from network); 3 Feb 2012 09:20:49 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Feb 2012 09:20:49 -0000 Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.170 as permitted sender) X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 209.85.213.170 mail-yx0-f170.google.com Received: from [209.85.213.170] ([209.85.213.170:43047] helo=mail-yx0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id F0/C6-21135-BE6AB2F4 for ; Fri, 03 Feb 2012 04:20:44 -0500 Received: by yenm5 with SMTP id m5so1655273yen.29 for ; Fri, 03 Feb 2012 01:20:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=HZMgbLD1vb1oVWKF573rcIxQC++I0tBZDtko4lRkwXc=; b=e7bQ6LNrR1X7a8g3jj2y3ladXEnXlv0cXcGTiU6+xI8cRVo3/qR0XzHxhbVNh+wmmD TNw/Nki2n1to21/Uhl5KA6sRIViAtFtustajilBJZ63DxDYJnZpwxRrtFMyjvgx5XjwI K2RyEWufoGfwtBjKE8IJJR3BAcv8U55BHeeVI= MIME-Version: 1.0 Received: by 10.236.75.198 with SMTP id z46mr9385791yhd.45.1328260841254; Fri, 03 Feb 2012 01:20:41 -0800 (PST) Received: by 10.146.197.7 with HTTP; Fri, 3 Feb 2012 01:20:41 -0800 (PST) In-Reply-To: <72878E6C-4C17-4D94-9F73-1446769247E1@nopiracy.de> References: <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <4F2A9378.70803@thelounge.net> <4F2AC9CA.2070308@sugarcrm.com> <4F2B2ED8.4050900@jimdo.com> <72878E6C-4C17-4D94-9F73-1446769247E1@nopiracy.de> Date: Fri, 3 Feb 2012 10:20:41 +0100 Message-ID: To: Stefan Esser Cc: Soenke Ruempler - Jimdo , PHP internals Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: pierre.php@gmail.com (Pierre Joye) hi Stefan, On Fri, Feb 3, 2012 at 9:24 AM, Stefan Esser wrote: > Hello Soenke, > >> I know it's hard because he personally attacks people and this doesn't >> help at all, but deal with him. He really made PHP and the interwebs >> more secure for the last decade. >> >> Do not respect him for how (bad) he's communicating things, respect him >> for what he coded. We are coders. > > I am not attacking people personally. Telling someone that he looks very = stupid, because he did something stupid is not a personal attack. It is sta= ting the facts. OH! Please! Please! Can we move this discussion at a technical level? > How does it not look stupid for the "lead" maintainer of PHP in Debian* t= o write a "We do not need Suhosin, because I believe there will be no futur= e Bugs in PHP" mail the very same day various PHP distributions have to put= out updates because of a critical security bug that INFACT is mititgated b= y PHP. > People don't get that saying we do not need Suhosin because there have be= en no such critical bugs is like saying: we code perfectly we do not need A= SLR, NX, Fortify Source, ... Again, please tell me which part of Suhosin would make sense to have in the core? With technical explanation or details. Then we can begin a good discussion and maybe a RFC to get them in. Cheers, --=20 Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org