Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57776 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 44923 invoked from network); 6 Feb 2012 17:11:30 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Feb 2012 17:11:30 -0000 Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@googlemail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=nikita.ppv@googlemail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain googlemail.com designates 209.85.217.170 as permitted sender) X-PHP-List-Original-Sender: nikita.ppv@googlemail.com X-Host-Fingerprint: 209.85.217.170 mail-lpp01m020-f170.google.com Received: from [209.85.217.170] ([209.85.217.170:49093] helo=mail-lpp01m020-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D8/A3-27897-1C9003F4 for ; Mon, 06 Feb 2012 12:11:30 -0500 Received: by lboj14 with SMTP id j14so1218267lbo.29 for ; Mon, 06 Feb 2012 09:11:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=WVlMsMNWomWcAOJ9P7oOXebN2U3tCIO29PRaVl0UZmQ=; b=YC6LDUim81YLFBYwY91iojfhszDkh0Yj+vM3Tpvx7bZVhmvzBcPkTbZym+NmADGctI cyCNEvTnhskzeWHAEuaAA5pPsEVqslBwKmc4+2Knpy5+KImI/MOS3n24oaYhxfAGzS9T S7z2DofdnGea/Bd+o3l4KDUGyf2w2AVgcjcJU= MIME-Version: 1.0 Received: by 10.112.48.9 with SMTP id h9mr5025622lbn.20.1328548285700; Mon, 06 Feb 2012 09:11:25 -0800 (PST) Received: by 10.152.18.166 with HTTP; Mon, 6 Feb 2012 09:11:25 -0800 (PST) In-Reply-To: <293002B6-F4DE-46A6-8541-D11F210F9884@nopiracy.de> References: <4F2CEA7E.9010906@sugarcrm.com> <9684A843-5A7F-43BB-BFC2-86F34E27EC3B@nopiracy.de> <90A22109-8267-4C6F-B35C-0A3612213915@nopiracy.de> <4F2FEE7A.9030309@thelounge.net> <4F2FF2A5.7000906@thelounge.net> <293002B6-F4DE-46A6-8541-D11F210F9884@nopiracy.de> Date: Mon, 6 Feb 2012 18:11:25 +0100 Message-ID: To: Stefan Esser Cc: Reindl Harald , Mailing-List php Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: nikita.ppv@googlemail.com (Nikita Popov) On Mon, Feb 6, 2012 at 6:00 PM, Stefan Esser wrote: > Hey Nikita, > >> Full disclosure sure is controversial, but I don't think it is >> regarded as necessarily bad. Just look at the way Stefan disclosed the >> PHP 5.3.9 remote code execution vulnerability: Full disclosure. >> >> So please, again, don't call people names. > > I guess you are not aware that the bug was disclosed by Stas when he commited the fix to the SVN. > I never told anyone where the bug is before it was already all over the internet. > > So please get your facts straight. Sorry, I was misinformed. My point still stands, that full disclosure is controversial, but not necessarily bad. Sorry again for mixing things up.