[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

Wed, 21 Mar 2001 11:00:31 -0800 

Hi Andi!

At 19:58 21.3. 2001, Andi Gutmans wrote the following:
-------------------------------------------------------------- 
>Why do we need to have an interrogation. Relax, it's not such a big deal.

We don't. I hope no one will take my remarks personally. :)

>4.0.4pl1 & 4.0.3pl1 both had security fixes (Apache config handling was a security 
>issue).

One might consider all bugs security issues.

>By the way, the error_reporting() pl1 in 4.0.1 was due to a bug which was in the CVS 
>a looooong time. It was not a spontaneous bug that was introduced.

Well, how come it wasn't serious enough to make it into 4.0.1,
and two days later it justified a release of pl1? :) I guess 
such a situation was a symptom of a need for a better RC process...
It improved. I understand Sascha's fear the group was backpedalling 
from the position it has achieved. 

I must say I agree with Sascha and the other people who wrote that 
they'd prefer new stuff _not_ added during an RC period. 
Apache group has a pretty different modus operandi more like FreeBSD
with a group of commiters, and if you check [EMAIL PROTECTED], 
you'll see that they're trying to tighten it even more. They tossed 
CVS branches, and it seems like they're going to use code-freeze 
periods. Now, before someone jumps on this, I know PHP isn't Apache,
and there are other projects that do well without freezes, but I 
still think PHP is a bit too liberal in this area.


>At 07:50 PM 3/21/2001 +0100, Sascha Schumann wrote:
>>On Wed, 21 Mar 2001, Andi Gutmans wrote:
>>
>>> A couple of these were buffer overflows IIRC which were security issues.
>>> Remember the group@ emails about those?
>>
>>    Fixes against format-string attacks and for file-upload
>>    issues went into 4.0.3.  Or what are you referring to?
>>
>>    - Sascha                                     Experience IRCG
>>      http://schumann.cx/                http://schumann.cx/ircg
------end of quote------ 


[EMAIL PROTECTED]
-------------
And the eyes of them both were opened and they saw that their files
were world readable and writable, so they chmoded 600 their files.
    - Book of Installation chapt 3 sec 7 


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to