On 07/28/2015 04:45 PM, Johannes Schlüter wrote: > (and yes - developers doing this might be an interesting targeted > attack vector. Malicious code there knows where the developer keeps > the source tree and might inject bad code into the codebase which we > notice only with good review of commits ... which we hopefully do ;-) > )
If this really only affects the developers of PHP then how about toggling the default and not build --with-pear by default? Developers of PHP don't really care about PEAR anyway, or do they? -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
