Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57681 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 87154 invoked from network); 4 Feb 2012 09:08:28 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Feb 2012 09:08:28 -0000 Authentication-Results: pb1.pair.com header.from=stefan@nopiracy.de; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=stefan@nopiracy.de; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain nopiracy.de from 81.169.146.162 cause and error) X-PHP-List-Original-Sender: stefan@nopiracy.de X-Host-Fingerprint: 81.169.146.162 mo-p00-ob.rzone.de Solaris 10 (beta) Received: from [81.169.146.162] ([81.169.146.162:15119] helo=mo-p00-ob.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id B8/78-08838-A85FC2F4 for ; Sat, 04 Feb 2012 04:08:28 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1328346502; l=1788; s=domk; d=nopiracy.de; h=To:References:Content-Transfer-Encoding:Cc:Date:In-Reply-To:From: Content-Type:Mime-Version:Subject:X-RZG-CLASS-ID:X-RZG-AUTH; bh=qepZbczZYz0mDxVemy5qwML+LgM=; b=TOSvgLGoUvoa6md0T7orOTRhKjvEt9NVufB/NjugVcGfGNjSyhe0r1pEapzEPGtluod GGtYHNzoFIbVeu/DLhigy2L3Atw92/CQe1DaaltR70da42Oi531aMNZpBo2p0hMVJqLEn 6Be4WFGaxkR/7ifdCIjlXOt6mzT8GWIL8K0= X-RZG-AUTH: :OH4FY0Wkd/plSHgwfKFIgHoVYx5SSathkA9OvI+ii+JXGfvQUzm/Ahii7iullNGyVg== X-RZG-CLASS-ID: mo00 Received: from [10.23.17.42] (cable-78-34-71-151.netcologne.de [78.34.71.151]) by smtp.strato.de (fruni mo3) (RZmta 27.6 DYNA|AUTH) with (AES128-SHA encrypted) ESMTPA id g04169o146RcTV ; Sat, 4 Feb 2012 10:08:04 +0100 (MET) Mime-Version: 1.0 (Apple Message framework v1251.1) Content-Type: text/plain; charset=iso-8859-1 In-Reply-To: <4F2CF2DB.7000605@sugarcrm.com> Date: Sat, 4 Feb 2012 10:08:03 +0100 Cc: Pierre Joye , Soenke Ruempler - Jimdo , PHP internals , "security@php.net" , "zigo@debian.org" Content-Transfer-Encoding: quoted-printable Message-ID: <86A9EDF4-1EF0-40B9-AFE8-2667BB036F6F@nopiracy.de> References: <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <4F2A9378.70803@thelounge.net> <4F2AC9CA.2070308@sugarcrm.com> <4F2B2ED8.4050900@jimdo.com> <72878E6C-4C17-4D94-9F73-1446769247E1@nopiracy.de> <4F2CEA7E.9010906@sugarcrm.com> <9684A843-5A7F-43BB-BFC2-86F34E27EC3B@nopiracy.de> <4F2CF2DB.7000605@sugarcrm.com> To: Stas Malyshev X-Mailer: Apple Mail (2.1251.1) Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: stefan@nopiracy.de (Stefan Esser) Hello Stas, > That's your opinion and you completely entitled to it and I have = absolutely no issue about it. As I have no issue with your preferring to = keep Suhosin as a separate project - it's your code, you decide what to = do with it. What I have an issue with is understanding how, after all = public invitations and discussion, you claim that we refuse to cooperate = and "fight you like cancer". The problem is when people like Pierre run around and tell in public = that people have only more problems due to Suhosin, that he is happy = that distributions kick it. He also tells everybody that he sees no need = in any of the Suhosin features and is VERY VOCAL about it. Nevertheless = PHP 5.3.9 introduced a vulnerability because PHP.net cloned one of those = "we see no need for any features" features. Also Pierre runs around every time I mention that Suhosin is not bitten = by a bug and accuses me of blatant advertisement or he just downplays = the fact that Suhosin users were relatively save from the critical major = vulnerability in PHP 5.3.9. He is actively lobbying against Suhosin and spreading FUD. That is = pretty much like fighting it like cancer. > Nobody demands anything from you. However, for a feature to be = included in PHP it needs to go through certain process. It's not because = we hate you and this process is not personal for you, Please read the email form Pierre: I see no sense in other features of = Suhosin. Write some RFC to convince us to include them. And BTW you cannot play the: It is Pierre you know him card. The PHP = developers are free to step up and say publicly that Pierre's view is = not that of the developers. But you choose to not to do so. So you are = behind him. Regards, Stefan=