Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:77750
Return-Path: <smalyshev@sugarcrm.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 70398 invoked from network); 2 Oct 2014 21:03:31 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Oct 2014 21:03:31 -0000
Authentication-Results: pb1.pair.com header.from=smalyshev@sugarcrm.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@sugarcrm.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain sugarcrm.com designates 108.166.43.67 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@sugarcrm.com
X-Host-Fingerprint: 108.166.43.67 smtp67.ord1c.emailsrvr.com Linux 2.6
Received: from [108.166.43.67] ([108.166.43.67:48846] helo=smtp67.ord1c.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B8/86-33841-1ADBD245 for <internals@lists.php.net>; Thu, 02 Oct 2014 17:03:29 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp17.relay.ord1c.emailsrvr.com (SMTP Server) with ESMTP id A865F18045A;
	Thu,  2 Oct 2014 17:03:26 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp17.relay.ord1c.emailsrvr.com (Authenticated sender: smalyshev-AT-sugarcrm.com) with ESMTPSA id 25C41180751;
	Thu,  2 Oct 2014 17:03:26 -0400 (EDT)
X-Sender-Id: smalyshev@sugarcrm.com
Received: from Stass-MacBook-Pro.local (108-201-189-144.lightspeed.sntcca.sbcglobal.net [108.201.189.144])
	(using TLSv1.2 with cipher DHE-RSA-AES128-SHA)
	by 0.0.0.0:465 (trex/5.2.13);
	Thu, 02 Oct 2014 21:03:26 GMT
Message-ID: <542DBD99.5040103@sugarcrm.com>
Date: Thu, 02 Oct 2014 14:03:21 -0700
Organization: SugarCRM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version: 1.0
To: Florian Margaine <florian@margaine.com>
CC: PHP Internals <internals@lists.php.net>, 
 Nikita Popov <nikita.ppv@gmail.com>
References: <CAF+90c9b6aRNNvJ6QVmumGgBW8=+dPxiByYY0h8M6x+L+BrYWQ@mail.gmail.com> <CAF+90c8Zt9DndV6WV+RJ1A+HgeG8LJ_Y2MATYtWi7=zB2ejEzw@mail.gmail.com> <542DA1A9.6020804@sugarcrm.com> <CABRjmp-4eeZ1UcFkOF62gtpRdMtbhfgk15y9bi56yZ=m+hVSwA@mail.gmail.com> <542DB1A2.3040507@sugarcrm.com> <CABRjmp_z0z3V2i0t2QYptWpYkNVzvr0UuQc4kbwE2KJvXqj5bQ@mail.gmail.com>
In-Reply-To: <CABRjmp_z0z3V2i0t2QYptWpYkNVzvr0UuQc4kbwE2KJvXqj5bQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: Remove generated lexers from git?
From: smalyshev@sugarcrm.com (Stas Malyshev)

Hi!

> Slipping in a malicious code in such a diff could easily go unnoticed,

This is not a bug. And if we have a malicious comitter, we have much
bigger problems than generated lexers. Fortunately, there's exactly zero
evidence that it is of any concern to us.

> you have to trust that it was generated and not touched after. Why this
> unnecessary trust to give, when we can simply not have the file?

Again, if you do not trust people who are working on most sensitive part
of the engine with being able to observe minimal rules of sane coding,
you have bigger problems than lexers. Not that there are hundreds of
them committing any way, this year we had exactly 1 (one) big lexer
commit so far, last year there were three. And it's not that hard to
scan through them either, if you're interested.
-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/