Hi Yasuo, On Mon, Aug 5, 2013 at 11:10 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > > On Mon, Aug 5, 2013 at 7:05 PM, Arpad Ray <array...@gmail.com> wrote: > >> I'm not against the idea in principle but still think having a security >> feature which just quietly fails if you're not using one of two modified >> handlers is really not good. >> >> I also think there's no great rush to add this, because as you say, it >> can be protected against in userland too. >> >> I would much rather have a robust, clean solution even if we have to wait >> until php.next for it. >> > > As I wrote, we already had long discussion a year ago and decided to > include maintained branches. >
Could you point me to where this was decided please? I don't see a vote or anything like a consensus in the previous threads. > This issue should be fixed 8 years ago. It's already too late to adopt > IMHO. > > If you would like to know the details of risks, please refer to the RFC. > I understand the risk and your solution, I just think there's a better solution (more like your original patch if I recall correctly) and that we shouldn't rush to apply an inferior solution just because the issue is so old. Arpad