Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:73303 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 704 invoked from network); 19 Mar 2014 15:22:12 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Mar 2014 15:22:12 -0000 Authentication-Results: pb1.pair.com smtp.mail=narf@devilix.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=narf@devilix.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain devilix.net designates 209.85.213.53 as permitted sender) X-PHP-List-Original-Sender: narf@devilix.net X-Host-Fingerprint: 209.85.213.53 mail-yh0-f53.google.com Received: from [209.85.213.53] ([209.85.213.53:60238] helo=mail-yh0-f53.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 15/C1-22153-226B9235 for ; Wed, 19 Mar 2014 10:22:11 -0500 Received: by mail-yh0-f53.google.com with SMTP id v1so8725518yhn.12 for ; Wed, 19 Mar 2014 08:22:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=devilix.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=t+HC3uJA9NPMM3Tjgw3g/xGFgh8Vg49dHYVLbV+JnCA=; b=Mn7Ffn92pNQgkdv0blD4Cp+hMeNtrYT9eQxWG17e24/+C5EW/GxofIqr3LvLWMiRFE pJvFzQ0RWcRhZZlE8fsAXUmFNwgiU6i3yhUo9oasI9Wih0kcAUlEnqxIdw1bBWeSGoLH Lrl0bzEJqqK/AKq3cGr0BiZfxYjwYyv8E/xYc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=t+HC3uJA9NPMM3Tjgw3g/xGFgh8Vg49dHYVLbV+JnCA=; b=jD2FrNiOGO0I8LibtkyPysYPULXJ1rv/DxBgm9SfRoZQbYvJn1hs3GQF/OiiG0pDLv kjX/6g9HxSSBMxhuAo7HGEA1YjSAu9uLO/GSswiDmu/RVUsB3uAZHNu33Hg22U1xTPmS j8+FxO2BWC1+u6ejkAtnTBvhSvYClOLUS0Dz/W7pk+peEz+na/TfHpJvNQNu34QrvHM+ Mu5Rv981P3rcw9v5+433JPe9YhOq8GJiAhpzsg6tKWtHD159RDEqTcOgmJc28oB5iccR +5wL+7IWOFHv4qTVKIL5ekZq5Fwn5O0kF2OJrUhHQnvQGxX74yNOsvn/JxcOnEBt77X/ /MtQ== X-Gm-Message-State: ALoCoQl+qsy6qDpy2tdRwkpioz/IHsz3LRT0dnutvTmIi4xRej+B3vz3JuN8o7IwRo94U0p38ZSC MIME-Version: 1.0 X-Received: by 10.236.100.226 with SMTP id z62mr11194896yhf.111.1395242527331; Wed, 19 Mar 2014 08:22:07 -0700 (PDT) Received: by 10.170.188.139 with HTTP; Wed, 19 Mar 2014 08:22:07 -0700 (PDT) In-Reply-To: References: Date: Wed, 19 Mar 2014 17:22:07 +0200 Message-ID: To: Ferenc Kovacs Cc: Yasuo Ohgaki , "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Solution for session_regenerate_id() issues From: narf@devilix.net (Andrey Andreev) Hi, On Wed, Mar 19, 2014 at 12:12 PM, Ferenc Kovacs wrote: >> If you choose "security" bug type, it's hidden. > > > nope, security bug type only makes it send the bug mail to security@php.net, > only private bugs are protected from public access. > that is something really error-prone, so I remember some discussion about > changing that, and making new security bugs to be private by default, but > AFAIK we never implemented that. Actually, somebody did implement it. Turned out the issue I wanted to report is solved though ... it was the regression with use_strict_mode in 5.5.3 and for some unknown reason, Ubuntu is sticking exactly to that version. On topic: I understand the gains, Yasuo. But I completely disagree that it's mandatory or that it is PHP's job at all. If I tell PHP to delete something, I expect it to do so, immediately. Cheers, Andrey.