Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57675 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 75779 invoked from network); 4 Feb 2012 08:21:26 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Feb 2012 08:21:26 -0000 Authentication-Results: pb1.pair.com header.from=smalyshev@sugarcrm.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=smalyshev@sugarcrm.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain sugarcrm.com designates 207.97.245.153 as permitted sender) X-PHP-List-Original-Sender: smalyshev@sugarcrm.com X-Host-Fingerprint: 207.97.245.153 smtp153.iad.emailsrvr.com Linux 2.6 Received: from [207.97.245.153] ([207.97.245.153:44306] helo=smtp153.iad.emailsrvr.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 04/96-08838-38AEC2F4 for ; Sat, 04 Feb 2012 03:21:23 -0500 Received: from smtp55.relay.iad1a.emailsrvr.com (localhost.localdomain [127.0.0.1]) by smtp55.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id 0AEEB2E057B; Sat, 4 Feb 2012 03:21:20 -0500 (EST) X-SMTPDoctor-Processed: csmtpprox 2.7.4 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp55.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id F1A622E057E; Sat, 4 Feb 2012 03:21:19 -0500 (EST) X-Virus-Scanned: OK Received: by smtp55.relay.iad1a.emailsrvr.com (Authenticated sender: smalyshev-AT-sugarcrm.com) with ESMTPSA id 2564F2E057B; Sat, 4 Feb 2012 03:21:19 -0500 (EST) Message-ID: <4F2CEA7E.9010906@sugarcrm.com> Date: Sat, 04 Feb 2012 00:21:18 -0800 Organization: SugarCRM User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: Stefan Esser CC: Pierre Joye , Soenke Ruempler - Jimdo , PHP internals , "security@php.net" , "zigo@debian.org" References: <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <4F2A9378.70803@thelounge.net> <4F2AC9CA.2070308@sugarcrm.com> <4F2B2ED8.4050900@jimdo.com> <72878E6C-4C17-4D94-9F73-1446769247E1@nopiracy.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: smalyshev@sugarcrm.com (Stas Malyshev) Hi! > what part of "all of it and I am not going to try to convince you > about this" do you not understand? Well, here's the answer why Suhosin is not part of PHP. > With Suhosin existing I am free to implement as many security > mitigations I like and do not have to beg the PHP developers to > consider adding something. Some people call "begging" collaboration and consider it a normal way to develop software with teams bigger than one person. Of course, being part of the team is completely voluntary. I think it is clear that Stefan is not interested in doing this. If somebody would want to take on himself working as part of PHP team on getting some features from Suhosin to PHP, he's welcome. One thing I do not understand though is how it is possible to say this and then complain about the lack of cooperation from PHP developers. When we explicitly invite you to participate, and you refuse - it's totally OK, you have no obligations towards us. But then claim that PHP developers refuse to cooperate? I don't get it. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227