Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57698
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 36612 invoked from network); 4 Feb 2012 14:09:01 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Feb 2012 14:09:01 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.170 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.213.170 mail-yx0-f170.google.com  
Received: from [209.85.213.170] ([209.85.213.170:60573] helo=mail-yx0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 43/8E-08838-BFB3D2F4 for <internals@lists.php.net>; Sat, 04 Feb 2012 09:09:00 -0500
Received: by yenm5 with SMTP id m5so2195725yen.29
        for <internals@lists.php.net>; Sat, 04 Feb 2012 06:08:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=/ZkTPYCAD6DExl7YjpkmTdIudygCvLjWlbkcwLFhgz4=;
        b=jbbKLFU6jPNIDX8PlkmLNcs4TzhDPR92cM4li6MJeXnFaVKHXHs8UiOnLRpeBIo6Sn
         7gTe+VSqsvB10vWHRTKaKt6lcMa400C+F+slioG3nOxAqdtXTJAQz4oRtv4z9yb4m8C1
         1P7yj+lWwZV84T+dL3Y/irlSQRGuHcVN9KGRk=
MIME-Version: 1.0
Received: by 10.236.153.226 with SMTP id f62mr16507977yhk.62.1328364536651;
 Sat, 04 Feb 2012 06:08:56 -0800 (PST)
Received: by 10.146.197.7 with HTTP; Sat, 4 Feb 2012 06:08:56 -0800 (PST)
In-Reply-To: <BB9858AE-5AC9-4602-9D6A-2240E0F497AD@nopiracy.de>
References: <CALjhHG_wYvJn-Z+x9fJUi+dgmZ+Ha9BD54N5VwhneJM4sg1xBQ@mail.gmail.com>
	<5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de>
	<CAEZPtU7jtQTDNpUovxxnDdRunjH9BOdX=WbS8JcGz+5Wkz8ocw@mail.gmail.com>
	<4F2A9378.70803@thelounge.net>
	<4F2AC9CA.2070308@sugarcrm.com>
	<4F2B2ED8.4050900@jimdo.com>
	<72878E6C-4C17-4D94-9F73-1446769247E1@nopiracy.de>
	<CAEZPtU5CP3GqUnKsxx51-ieHAdGh=ySvZCWhhAwa0kwuNG6Bhg@mail.gmail.com>
	<A33C7716-F355-455E-863D-5458205C3208@nopiracy.de>
	<4F2CEA7E.9010906@sugarcrm.com>
	<9684A843-5A7F-43BB-BFC2-86F34E27EC3B@nopiracy.de>
	<CAEZPtU6eYxWM+hL4RzO_Mpx7GgDe3cxJNbZXbwD2MXdFUPS+aA@mail.gmail.com>
	<A3FA10BF-D660-4705-BBF0-1AF8F9D27C35@nopiracy.de>
	<CAEZPtU7qyezW44HJbHS=wz5+2_O4PJywg8=Oafhn1JBLonQmwA@mail.gmail.com>
	<BB9858AE-5AC9-4602-9D6A-2240E0F497AD@nopiracy.de>
Date: Sat, 4 Feb 2012 15:08:56 +0100
Message-ID: <CAEZPtU6BVOchkVrx_iOpsyFkcDXf9bcR+=UKC9Re2QA4v9GPOg@mail.gmail.com>
To: Stefan Esser <stefan@nopiracy.de>
Cc: Stas Malyshev <smalyshev@sugarcrm.com>, Soenke Ruempler - Jimdo <soenke@jimdo.com>, 
	PHP internals <internals@lists.php.net>, "security@php.net" <security@php.net>, 
	"zigo@debian.org" <zigo@debian.org>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
From: pierre.php@gmail.com (Pierre Joye)

On Sat, Feb 4, 2012 at 10:46 AM, Stefan Esser <stefan@nopiracy.de> wrote:

> These are all basic prinicples of security mitigations. Why is there a need to write up RFC about these things. They are widely accepted by other software vendors/products.

Why do you need a RFC to propose something to the W3C, or python? Even
if it is widely adopted already. No need to answer, that's rather
obvious.

Cheers.
-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org