Hi Thomas,
On 2012-02-02 13:18, Thomas Goirand wrote:
On 02/03/2012 01:50 AM, Filipus Klutiero wrote:
That would leave the question, where is PHP functionality flawed if it
is not in PHP's design?
That's a discussion that could be huge. Do you think that
README.Debian.security or even the Debian BTS, are places were we should
discuss this? (or maybe you're not having this discussion, and regret
that the README.Debian.security leads to it?)
Sorry, there seems to be a misunderstanding. What I'm reporting is that
the current README contains a non-sensical item. Thijs has fixed the
problem, but the new version is also problematic. The new version would say:
Security support will not be provided for flaws in functionality which is not
flawed in the design of PHP but can be problematic when used by sloppy
developers.
What I am saying is that this wording will leave the reader puzzled; if
a flaw in a PHP functionality is not in PHP's design, the reader will
wonder where the flaw is.
I do not expect the README to answer that question, I would rather have
it avoid raising the question.
I believe that README.Debian.security really explains what it should in
its current form.
I agree.
If you're not happy with it, could you (please)
suggest a new wording here? That'd help, and speed-up this discussion.
If I understand what the item is supposed to say, I think the wording I
suggested here is fine. I also suggested in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639230#25 that the
entire item be scrapped.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
