Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57768 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 99913 invoked from network); 6 Feb 2012 15:23:41 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Feb 2012 15:23:41 -0000 Authentication-Results: pb1.pair.com smtp.mail=dmgx.michael@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=dmgx.michael@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.54 as permitted sender) X-PHP-List-Original-Sender: dmgx.michael@gmail.com X-Host-Fingerprint: 74.125.82.54 mail-ww0-f54.google.com Received: from [74.125.82.54] ([74.125.82.54:48884] helo=mail-ww0-f54.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id BC/31-28299-D70FF2F4 for ; Mon, 06 Feb 2012 10:23:41 -0500 Received: by wgbdq12 with SMTP id dq12so5787552wgb.11 for ; Mon, 06 Feb 2012 07:23:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=ogaBAiWvr7RApYSvvXysFXVMsjqCpfRwadoH4p2hO1U=; b=QTdJhQn8iOSYpKPUZB91YwlR14li0G6B+gDSeRreYU0WZkVdgkLMs7Tz7ldgQHxCfg TwhCzsy39aPV+ETophdrPNejAmAPcWOsjyLckV+dwJFD2GqUieJ9jQLQX+uDBDux5Hua hACeehTg/fQ4vFbB6dLLmeqvKlUN/yL1bzhP0= MIME-Version: 1.0 Received: by 10.180.100.234 with SMTP id fb10mr27944873wib.8.1328541817343; Mon, 06 Feb 2012 07:23:37 -0800 (PST) Received: by 10.216.158.203 with HTTP; Mon, 6 Feb 2012 07:23:37 -0800 (PST) In-Reply-To: <4F2FEE7A.9030309@thelounge.net> References: <4F2A9378.70803@thelounge.net> <4F2AC9CA.2070308@sugarcrm.com> <4F2B2ED8.4050900@jimdo.com> <72878E6C-4C17-4D94-9F73-1446769247E1@nopiracy.de> <4F2CEA7E.9010906@sugarcrm.com> <9684A843-5A7F-43BB-BFC2-86F34E27EC3B@nopiracy.de> <90A22109-8267-4C6F-B35C-0A3612213915@nopiracy.de> <4F2FEE7A.9030309@thelounge.net> Date: Mon, 6 Feb 2012 10:23:37 -0500 Message-ID: To: internals@lists.php.net Content-Type: multipart/alternative; boundary=f46d043748f3178d1e04b84d3f73 Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: dmgx.michael@gmail.com (Michael Morris) --f46d043748f3178d1e04b84d3f73 Content-Type: text/plain; charset=ISO-8859-1 I don't think so. My experience with the attitude he has shown is, when mistakes get made by such a person, they are hidden away rather than honestly reported. To paraphrase a line from Harry Potter - brilliant people don't make many mistakes, but the ones they make tend to be large and very damaging. Security is trust. Given what I have seen I do not trust Stefan to report any vulnerabilities created in PHP by Sushonin in a timely manner. I do not believe he has the humility necessary to own up to a mistake. Since he is that project's only caretaker, I cannot trust the code. If I do not trust it, I don't run it. On Mon, Feb 6, 2012 at 10:15 AM, Reindl Harald wrote: > > > if your make technical decisions especially security ones by > "The character displayed by Stefan" you are maybe doing the > wrong job! > > --f46d043748f3178d1e04b84d3f73--