Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57775
Return-Path: <stefan@nopiracy.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 35908 invoked from network); 6 Feb 2012 17:01:18 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 6 Feb 2012 17:01:18 -0000
Authentication-Results: pb1.pair.com smtp.mail=stefan@nopiracy.de; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=stefan@nopiracy.de; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain nopiracy.de from 85.214.103.31 cause and error)
X-PHP-List-Original-Sender: stefan@nopiracy.de
X-Host-Fingerprint: 85.214.103.31 h1332034.stratoserver.net Linux 2.6
Received: from [85.214.103.31] ([85.214.103.31:52232] helo=mail.sektioneins.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id E2/91-27897-657003F4 for <internals@lists.php.net>; Mon, 06 Feb 2012 12:01:13 -0500
Received: from [10.23.17.42] (cable-78-34-71-151.netcologne.de [78.34.71.151])
	by mail.sektioneins.de (Postfix) with ESMTPSA id 0BC75189C019;
	Mon,  6 Feb 2012 18:00:54 +0100 (CET)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset=iso-8859-1
In-Reply-To: <CAF+90c9+9qDCOojnhM4BD-Ri1WfR67q3KdZyW1rM_fVojPAatw@mail.gmail.com>
Date: Mon, 6 Feb 2012 18:00:53 +0100
Cc: Reindl Harald <h.reindl@thelounge.net>,
 Mailing-List php <internals@lists.php.net>
Content-Transfer-Encoding: quoted-printable
Message-ID: <293002B6-F4DE-46A6-8541-D11F210F9884@nopiracy.de>
References: <CALjhHG_wYvJn-Z+x9fJUi+dgmZ+Ha9BD54N5VwhneJM4sg1xBQ@mail.gmail.com> <A33C7716-F355-455E-863D-5458205C3208@nopiracy.de> <4F2CEA7E.9010906@sugarcrm.com> <9684A843-5A7F-43BB-BFC2-86F34E27EC3B@nopiracy.de> <CAEZPtU6eYxWM+hL4RzO_Mpx7GgDe3cxJNbZXbwD2MXdFUPS+aA@mail.gmail.com> <A3FA10BF-D660-4705-BBF0-1AF8F9D27C35@nopiracy.de> <CAEZPtU7qyezW44HJbHS=wz5+2_O4PJywg8=Oafhn1JBLonQmwA@mail.gmail.com> <BB9858AE-5AC9-4602-9D6A-2240E0F497AD@nopiracy.de> <CAEZPtU6BVOchkVrx_iOpsyFkcDXf9bcR+=UKC9Re2QA4v9GPOg@mail.gmail.com> <90A22109-8267-4C6F-B35C-0A3612213915@nopiracy.de> <CAEZPtU43eGqTmXEijpd581ucYY3AVZFs7WQzS5Q4MB0cxD1ajw@mail.gmail.com> <EA673E88-3FC5-4916-8B60-74D32DCE9A1F@nopiracy.de> <CAGovj_Ox+aYBX9qXhRHuxLZDiLDc6vZ6X7OV526pUkd+L9ifbA@mail.gmail.com> <4F2FEE7A.9030309@thelounge.net> <CAGovj_NbiVMZyi2vy5QoLLBUN+bpRvHhbB_0oJY-gakkng9CWA@mail.gmail.com> <4F2FF2A5.7000906@thelounge.net> <CAGovj_M5LaPLZ_9fSmFLbTmOKV7JNkBw9pjVmok2VO7Pr+j18Q@mail.gmail.com> <4F2FFE2E.4060102@thel
 ounge.net> <CAF+90c9+9qDCOojnhM4BD-Ri1WfR67q3KdZyW1rM_fVojPAatw@mail.gmail.com>
To: Nikita Popov <nikita.ppv@googlemail.com>
X-Mailer: Apple Mail (2.1251.1)
Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
From: stefan@nopiracy.de (Stefan Esser)

Hey Nikita,

> Full disclosure sure is controversial, but I don't think it is
> regarded as necessarily bad. Just look at the way Stefan disclosed the
> PHP 5.3.9 remote code execution vulnerability: Full disclosure.
>=20
> So please, again, don't call people names.

I guess you are not aware that the bug was disclosed by Stas when he =
commited the fix to the SVN.
I never told anyone where the bug is before it was already all over the =
internet.

So please get your facts straight.

Regards,
Stefam=