Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57651 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 936 invoked from network); 3 Feb 2012 09:38:37 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Feb 2012 09:38:37 -0000 Authentication-Results: pb1.pair.com smtp.mail=stefan@nopiracy.de; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=stefan@nopiracy.de; sender-id=unknown Received-SPF: error (pb1.pair.com: domain nopiracy.de from 81.169.146.161 cause and error) X-PHP-List-Original-Sender: stefan@nopiracy.de X-Host-Fingerprint: 81.169.146.161 mo-p00-ob.rzone.de Solaris 10 (beta) Received: from [81.169.146.161] ([81.169.146.161:61246] helo=mo-p00-ob.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 36/C7-21135-B1BAB2F4 for ; Fri, 03 Feb 2012 04:38:37 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1328261913; l=1242; s=domk; d=nopiracy.de; h=To:References:Content-Transfer-Encoding:Cc:Date:In-Reply-To:From: Content-Type:Mime-Version:Subject:X-RZG-CLASS-ID:X-RZG-AUTH; bh=avhJEpIAclJ/PU1B5cdpPvzCJHk=; b=JE5YUixtsFGx+sRhbKVbgS1DF2SvLqnsiFIbqjo2zJS3Hjua1s33HmDYKG9owPktVLG IoSxIL5LZt00Lc7Olz/j63idLnrgJVLqsUJ8TJ4Z+c3AIHhIzAQYlnshiDqhrgJ4zbbKY 0gjocyw+wLmOCxA/WbJLa/8nXMxLtXIkwjI= X-RZG-AUTH: :OH4FY0Wkd/plSHgwfKFIgHoVYx5SSathkA9OvI+ii+JXGfvQUzm/Ahii7iullNGyVg== X-RZG-CLASS-ID: mo00 Received: from [10.23.17.42] (cable-78-34-71-151.netcologne.de [78.34.71.151]) by smtp.strato.de (fruni mo51) (RZmta 27.6 DYNA|AUTH) with (AES128-SHA encrypted) ESMTPA id a0518fo1397JL8 ; Fri, 3 Feb 2012 10:38:08 +0100 (MET) Mime-Version: 1.0 (Apple Message framework v1251.1) Content-Type: text/plain; charset=iso-8859-1 In-Reply-To: Date: Fri, 3 Feb 2012 10:38:07 +0100 Cc: =?utf-8?Q?Ond=C5=99ej_Sur=C3=BD?= , Soenke Ruempler - Jimdo , PHP internals Content-Transfer-Encoding: quoted-printable Message-ID: <3E1DFAB8-327F-4365-AE19-903B6DBA2F46@nopiracy.de> References: <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <4F2A9378.70803@thelounge.net> <4F2AC9CA.2070308@sugarcrm.com> <4F2B2ED8.4050900@jimdo.com> <72878E6C-4C17-4D94-9F73-1446769247E1@nopiracy.de> To: Pierre Joye X-Mailer: Apple Mail (2.1251.1) Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: stefan@nopiracy.de (Stefan Esser) Hello Pierre, > Please state the facts. I did add Debian and Ubuntu to the discussions > on security@php.net. For all the issues you have reported yesterday > (and I do the same for other). I do not know if Ondrej is on the > security debian list, but that's up to them to deal with that. Actually you have not. All mails that went to me were only forwarded to = redhat security and ubuntu security. If you sent any mail to debian than this mail was not CCed to me. And even if you have done so than the big fuckup is on the side of = Debian for not informing their maintainers. > Yes, as far as I know no more active members are part of the list, but > they are part of the security people on bugs.php.net. Reporting flaws > via bugs.php.net would be actually much better these days as more > people can read it (see the repo for their accounts) and it is > actually archived. And thisis also one of new good things we have > changed recently. Pierre security@php.net was founded by me many years ago, because THIS = is the worldwide accepted standard for reporting security problems. It doesn't matter if your prefered way is bugs.php.net or whatever - = standards are there for a reason. Regards, Stefan=