Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57678 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 81668 invoked from network); 4 Feb 2012 08:46:20 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Feb 2012 08:46:20 -0000 Authentication-Results: pb1.pair.com smtp.mail=stefan@nopiracy.de; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=stefan@nopiracy.de; sender-id=unknown Received-SPF: error (pb1.pair.com: domain nopiracy.de from 81.169.146.160 cause and error) X-PHP-List-Original-Sender: stefan@nopiracy.de X-Host-Fingerprint: 81.169.146.160 mo-p00-ob.rzone.de Solaris 10 (beta) Received: from [81.169.146.160] ([81.169.146.160:25650] helo=mo-p00-ob.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 7D/87-08838-B50FC2F4 for ; Sat, 04 Feb 2012 03:46:20 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1328345175; l=881; s=domk; d=nopiracy.de; h=To:References:Content-Transfer-Encoding:Cc:Date:In-Reply-To:From: Content-Type:Mime-Version:Subject:X-RZG-CLASS-ID:X-RZG-AUTH; bh=1609FRqP3nYoWx3j+lf66kQkods=; b=KN9GVpE9L9ClT1CJDi4HKVb0edwV8Ikv5mk4Xed8LhVK/L/espwvG/Q3M9CPIuPjwSW hKUkHuxYjETXGFOqnLFGelBtQueoglwtzCu3tDGoxPN9kU6b+AECGToLVuG3Y8jifN8H8 E5PJOvCYM/e08W6vn8xGJlVnLD22Y5C3c+I= X-RZG-AUTH: :OH4FY0Wkd/plSHgwfKFIgHoVYx5SSathkA9OvI+ii+JXGfvQUzm/Ahii7iullNGyVg== X-RZG-CLASS-ID: mo00 Received: from [10.23.17.42] (cable-78-34-71-151.netcologne.de [78.34.71.151]) by smtp.strato.de (klopstock mo15) (RZmta 27.6 DYNA|AUTH) with (AES128-SHA encrypted) ESMTPA id U0020ao147E4l1 ; Sat, 4 Feb 2012 09:46:02 +0100 (MET) Mime-Version: 1.0 (Apple Message framework v1251.1) Content-Type: text/plain; charset=iso-8859-1 In-Reply-To: Date: Sat, 4 Feb 2012 09:46:01 +0100 Cc: Stas Malyshev , Soenke Ruempler - Jimdo , PHP internals , "security@php.net" , "zigo@debian.org" Content-Transfer-Encoding: quoted-printable Message-ID: <7BEA0B67-FA4C-425F-9AF3-B8B34107CBCA@nopiracy.de> References: <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <4F2A9378.70803@thelounge.net> <4F2AC9CA.2070308@sugarcrm.com> <4F2B2ED8.4050900@jimdo.com> <72878E6C-4C17-4D94-9F73-1446769247E1@nopiracy.de> <4F2CEA7E.9010906@sugarcrm.com> To: Pierre Joye X-Mailer: Apple Mail (2.1251.1) Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: stefan@nopiracy.de (Stefan Esser) Hi Pierre, > And if security features in Suhosin is so critical, I also why its > users rely on one single person for that, the bus factor is quite > high. everybody is free to join the Suhosin team. People rely on me because they consider me the person knowing most about = PHP security. And the same people do not trust PHP.net anymore. Don't forget that the last 2 releases of PHP had to be followed by new = versions because both times code was commited AFTER the last RC that = introduced a security vulnerability. People do not trust you anymore. And it is a joke that you are running = around telling everyone that all is perfect now with your RFC and new = processes. Reality shows a different picture. BTW: "rely on a single person" is also funny. At SektionEins we have = more than one person looking into Suhosin. Regards, Stefan Esser=