Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57681
Return-Path: <stefan@nopiracy.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 87154 invoked from network); 4 Feb 2012 09:08:28 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Feb 2012 09:08:28 -0000
Authentication-Results: pb1.pair.com header.from=stefan@nopiracy.de; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=stefan@nopiracy.de; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain nopiracy.de from 81.169.146.162 cause and error)
X-PHP-List-Original-Sender: stefan@nopiracy.de
X-Host-Fingerprint: 81.169.146.162 mo-p00-ob.rzone.de Solaris 10 (beta)
Received: from [81.169.146.162] ([81.169.146.162:15119] helo=mo-p00-ob.rzone.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B8/78-08838-A85FC2F4 for <internals@lists.php.net>; Sat, 04 Feb 2012 04:08:28 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1328346502; l=1788;
	s=domk; d=nopiracy.de;
	h=To:References:Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:
	Content-Type:Mime-Version:Subject:X-RZG-CLASS-ID:X-RZG-AUTH;
	bh=qepZbczZYz0mDxVemy5qwML+LgM=;
	b=TOSvgLGoUvoa6md0T7orOTRhKjvEt9NVufB/NjugVcGfGNjSyhe0r1pEapzEPGtluod
	GGtYHNzoFIbVeu/DLhigy2L3Atw92/CQe1DaaltR70da42Oi531aMNZpBo2p0hMVJqLEn
	6Be4WFGaxkR/7ifdCIjlXOt6mzT8GWIL8K0=
X-RZG-AUTH: :OH4FY0Wkd/plSHgwfKFIgHoVYx5SSathkA9OvI+ii+JXGfvQUzm/Ahii7iullNGyVg==
X-RZG-CLASS-ID: mo00
Received: from [10.23.17.42] (cable-78-34-71-151.netcologne.de [78.34.71.151])
	by smtp.strato.de (fruni mo3) (RZmta 27.6 DYNA|AUTH)
	with (AES128-SHA encrypted) ESMTPA id g04169o146RcTV ;
	Sat, 4 Feb 2012 10:08:04 +0100 (MET)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset=iso-8859-1
In-Reply-To: <4F2CF2DB.7000605@sugarcrm.com>
Date: Sat, 4 Feb 2012 10:08:03 +0100
Cc: Pierre Joye <pierre.php@gmail.com>,
 Soenke Ruempler - Jimdo <soenke@jimdo.com>,
 PHP internals <internals@lists.php.net>,
 "security@php.net" <security@php.net>,
 "zigo@debian.org" <zigo@debian.org>
Content-Transfer-Encoding: quoted-printable
Message-ID: <86A9EDF4-1EF0-40B9-AFE8-2667BB036F6F@nopiracy.de>
References: <CALjhHG_wYvJn-Z+x9fJUi+dgmZ+Ha9BD54N5VwhneJM4sg1xBQ@mail.gmail.com> <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <CAEZPtU7jtQTDNpUovxxnDdRunjH9BOdX=WbS8JcGz+5Wkz8ocw@mail.gmail.com> <4F2A9378.70803@thelounge.net> <4F2AC9CA.2070308@sugarcrm.com> <4F2B2ED8.4050900@jimdo.com> <72878E6C-4C17-4D94-9F73-1446769247E1@nopiracy.de> <CAEZPtU5CP3GqUnKsxx51-ieHAdGh=ySvZCWhhAwa0kwuNG6Bhg@mail.gmail.com> <A33C7716-F355-455E-863D-5458205C3208@nopiracy.de> <4F2CEA7E.9010906@sugarcrm.com> <9684A843-5A7F-43BB-BFC2-86F34E27EC3B@nopiracy.de> <4F2CF2DB.7000605@sugarcrm.com>
To: Stas Malyshev <smalyshev@sugarcrm.com>
X-Mailer: Apple Mail (2.1251.1)
Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
From: stefan@nopiracy.de (Stefan Esser)

Hello Stas,

> That's your opinion and you completely entitled to it and I have =
absolutely no issue about it. As I have no issue with your preferring to =
keep Suhosin as a separate project - it's your code, you decide what to =
do with it. What I have an issue with is understanding how, after all =
public invitations and discussion, you claim that we refuse to cooperate =
and "fight you like cancer".
The problem is when people like Pierre run around and tell in public =
that people have only more problems due to Suhosin, that he is happy =
that distributions kick it. He also tells everybody that he sees no need =
in any of the Suhosin features and is VERY VOCAL about it. Nevertheless =
PHP 5.3.9 introduced a vulnerability because PHP.net cloned one of those =
"we see no need for any features" features.

Also Pierre runs around every time I mention that Suhosin is not bitten =
by a bug and accuses me of blatant advertisement or he just downplays =
the fact that Suhosin users were relatively save from the critical major =
vulnerability in PHP 5.3.9.

He is actively lobbying against Suhosin and spreading FUD. That is =
pretty much like fighting it like cancer.

> Nobody demands anything from you. However, for a feature to be =
included in PHP it needs to go through certain process. It's not because =
we hate you and this process is not personal for you,
Please read the email form Pierre: I see no sense in other features of =
Suhosin. Write some RFC to convince us to include them.

And BTW you cannot play the: It is Pierre you know him card. The PHP =
developers are free to step up and say publicly that Pierre's view is =
not that of the developers. But you choose to not to do so. So you are =
behind him.

Regards,
Stefan=