On 16-Dec-06, at 4:26 PM, Stanislav Malyshev wrote:
If you know of vulnerability on zend.com, please write to
[EMAIL PROTECTED], that would be only responsible course of
action. However, I do not see how having vulnerabilities imply not
caring for security.
That's my point (and for record previous exploits in the Zend site
were reported several times) just because a mistake was made does not
mean you don't care about security. Same logic must apply to phpinfo
(), someone created it for debugging and forgot to remove and the
search engine stumbled across it. It happens.
You're not helping them, just making assumptions about how their
code should work and making them adhere to them.
Yes, and this is helping. Every language does that. Saying "you
can't make 100% work exactly as I wanted without any effort, so
entire thing isn't even worth discussing" is a road nowhere.
There's a lot of places it would be helpful, and there's a lot of
places it won't - and that's ok.
I am saying that you should not try to outsmart the developer because
you assume you know best.
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
