On 08/27/2014 04:57 PM, Michael M Slusarz wrote:
Quoting Andy Dorman <ador...@ironicdesign.com>:
On 08/27/2014 02:09 PM, Michael M Slusarz wrote:
Quoting Jens Pranaitis <pranai...@phil.hhu.de>:
FYI to others: this turned out to be a bug with Debian (and Ubuntu's)
PHP package. Namely, the JSON-C package is broken. Very frustrating
since there is nothing wrong with *PHP's* JSON decoding code.
Could you elaborate on this? Is this
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687269 ? I think I'm
seeing the same issue with some users loading messages from search
results.
Debian has an issue with the line "Use this software for good, not evil"
in the source code for the PHP JSON code. (This is real. I am not
making this up.) So they replaced this stable code that works perfectly
fine with a replacement that is broken in several areas - mainly dealing
with null characters. We use null characters a bunch in IMP data for
technical reasons I won't go into here. So Debian ships with broken
JSON code with known bugs (which, I should mention, have been known for
a year and *still* aren't fixed).
Well the issue is not quite that simple and Debian isn't the only
distro that has a problem with a "morality" clause in software.
This has been covered before. Regardless of what anyone feels
personally/morally about the clause, *legally* the clause causes no
substantial issues - or at least no more substantial issues than any
other supposed "free" license.
I really don't care that Debian gets the whole legal argument wrong.
Whatever - that pissing contest is not my idea of intellectual stimulation.
What I do care is that they ship BROKEN software that claims to be PHP,
when it really isn't. In other words: "Debian PHP 5.x.y" !== "PHP 5.x.y".
michael
___________________________________
Michael Slusarz [slus...@horde.org]
Michael, I agree, but the lawyer I checked with disagrees with you that
the clause causes no substantial issues.
But I definitely agree this line of discussion is a complete waste of
all of our time.
However, we still need a solution...So I gather that the options for
anyone using a Debian distro are:
1. Switch to a non-debian distro...really not feasible for us as our
many debian servers are already running other services with thousands of
users and we do not have the resources nor expertise to switch distros.
2. Live with the bug caused by the Debian PHP JSON-C package not
handling null (and apparently some other) characters.
3. Recompile our own version of PHP with Mr Crockford's
"morality-constrained" package and use it on our servers. Again we do
not have the expertise nor time to maintain our own PHP version.
4. Are the two JSON-C packages so incompatible that end software (ie
Horde) could not be modified to work with either one? I expect the
Horde team has already considered this and that means it is not feasible
nor should they have to. If this is really a bug in the free version of
PHP JSON-C, then the best thing would be to fix the bug.
and that leads us to....
5. See if we could help fund added development in the Debian JSON-C
package to resolve the null (and other) character handling bugs.
6. See if we can get Mr Crockford to grant Debian and PHP the same
exception to his morality clause that he granted to IBM. Based on his
treating this as a funny joke, I expect not.
So it looks to me like #5 is the best and possibly only way to proceed
at this time.
Toward that end, is this the problem bug?
json_decode: strings cut off after first null-byte
https://github.com/remicollet/pecl-json-c/issues/7
If so then I will be happy to see if we can accelerate getting the code
with the bug fix into Debian PHP ASAP.
Thanks,
--
Andy Dorman
--
imp mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ
To unsubscribe, mail: imp-unsubscr...@lists.horde.org
