Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57685 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 94035 invoked from network); 4 Feb 2012 09:32:37 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Feb 2012 09:32:37 -0000 Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.170 as permitted sender) X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 209.85.213.170 mail-yx0-f170.google.com Received: from [209.85.213.170] ([209.85.213.170:44099] helo=mail-yx0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 18/B9-08838-33BFC2F4 for ; Sat, 04 Feb 2012 04:32:36 -0500 Received: by yenm5 with SMTP id m5so2154402yen.29 for ; Sat, 04 Feb 2012 01:32:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=03xsfbSgQsthFtNJUso3R9P+syqElKqu9gQmaCZTH5w=; b=I6uwU4mRgANQA+cPDUnRAdAJsvo6L8AZtd//ib6eSX5L0Ko29MaWAqaMNKgrBACz7n x+HlMKPcUDh1/M6Cl4xnHkRBDHXgHkaKW6PPYL4J/TLp9nidp3ixgTGBhRSN6TlU6hxj z3X27DsCYqsEeuOCdO/UzbjzuSxWnGc9syrJY= MIME-Version: 1.0 Received: by 10.236.75.198 with SMTP id z46mr15138795yhd.45.1328347952504; Sat, 04 Feb 2012 01:32:32 -0800 (PST) Received: by 10.146.197.7 with HTTP; Sat, 4 Feb 2012 01:32:32 -0800 (PST) In-Reply-To: References: <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <4F2A9378.70803@thelounge.net> <4F2AC9CA.2070308@sugarcrm.com> <4F2B2ED8.4050900@jimdo.com> <72878E6C-4C17-4D94-9F73-1446769247E1@nopiracy.de> <4F2CEA7E.9010906@sugarcrm.com> <9684A843-5A7F-43BB-BFC2-86F34E27EC3B@nopiracy.de> Date: Sat, 4 Feb 2012 10:32:32 +0100 Message-ID: To: Stefan Esser Cc: Stas Malyshev , Soenke Ruempler - Jimdo , PHP internals , "security@php.net" , "zigo@debian.org" Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: pierre.php@gmail.com (Pierre Joye) On Sat, Feb 4, 2012 at 10:25 AM, Stefan Esser wrote: > Grow up Pierre. here we go again... failed. next time.... > See you do it again. You claim I believe EMET has been created because of Suhosin. I never said that. Although one of the lead developers of EMET compared it himself to it. > You know some features of Suhosin are already in PHP and the HTTP response splitting drama shows that when you break it there is a secondary layer of defense that protects you in case you use Suhosin. I was talking about the compilation security options which are similar (in some extends) to what Suhosin does (for some features). > Pierre it is time for you to come out of the delusional state. You repeatedly claim that everything is now superb. No, I said it is different and better than what you have experienced. And anyone active today in php.net can tell you the same. > Do you forget PHP 5.3.7 and PHP 5.3.9 both times there were security vulnerabilities introduced right after the last RC. > This is a sign that the PHP development process is still not healthy at all. So any software having security issues at one point or another is not healthy? I consider the opposite, I am very careful when I see a software without any discovered issues for a long time, a sign of lack of activities and users. > You claim I have personal issues, while I repeatedly tell you the technical reasons why I see it different then you. Sorry but I do not see technical issues in this thread, as in technical explanations about why one given feature is actually a good thing. I did not see any either in the past discussions. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org