Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57773 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 28916 invoked from network); 6 Feb 2012 16:51:19 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Feb 2012 16:51:19 -0000 Authentication-Results: pb1.pair.com header.from=nikita.ppv@googlemail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@googlemail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain googlemail.com designates 209.85.215.42 as permitted sender) X-PHP-List-Original-Sender: nikita.ppv@googlemail.com X-Host-Fingerprint: 209.85.215.42 mail-lpp01m010-f42.google.com Received: from [209.85.215.42] ([209.85.215.42:41345] helo=mail-lpp01m010-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 14/00-27897-505003F4 for ; Mon, 06 Feb 2012 11:51:18 -0500 Received: by lagk11 with SMTP id k11so3410556lag.29 for ; Mon, 06 Feb 2012 08:51:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=S90GrfWLW13pYlACBgjsPjfpcN3QHzMx1jvKbl+lix0=; b=PkWcvSeIqw+jO4UbbLR0YA6mcUpqQzCdInF11DF3aIgiGizNwrkeSezLquVn4AmHjh Po5sLUFieAbY5Gd0GG1AY8qWNkMFi+9TC4GnH4EjCctlSdVL912XHRx1y8Tdt69Q96bp eh5VRq4vNaBR6ay/n39QnyhJOFhWaxgK//16I= MIME-Version: 1.0 Received: by 10.112.101.130 with SMTP id fg2mr504868lbb.46.1328547073279; Mon, 06 Feb 2012 08:51:13 -0800 (PST) Received: by 10.152.18.166 with HTTP; Mon, 6 Feb 2012 08:51:13 -0800 (PST) In-Reply-To: <4F2FFE2E.4060102@thelounge.net> References: <4F2CEA7E.9010906@sugarcrm.com> <9684A843-5A7F-43BB-BFC2-86F34E27EC3B@nopiracy.de> <90A22109-8267-4C6F-B35C-0A3612213915@nopiracy.de> <4F2FEE7A.9030309@thelounge.net> <4F2FF2A5.7000906@thelounge.net> <4F2FFE2E.4060102@thelounge.net> Date: Mon, 6 Feb 2012 17:51:13 +0100 Message-ID: To: Reindl Harald Cc: Michael Morris , Mailing-List php Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: nikita.ppv@googlemail.com (Nikita Popov) On Mon, Feb 6, 2012 at 5:22 PM, Reindl Harald wrot= e: > if you anwer to a list mail answer to the list and not private =A0damend! Please, such kind of language is really not necessary. Hitting Reply instead of Reply All happens to everybody once in a while. > would it have been better to make a full disclosure before > having a fix to help attackers? if this is your opinion > you are a foolsih idiot, sorry but no other words for that Full disclosure sure is controversial, but I don't think it is regarded as necessarily bad. Just look at the way Stefan disclosed the PHP 5.3.9 remote code execution vulnerability: Full disclosure. So please, again, don't call people names.