On Sat, 28 Jul 2001, Zeev Suraski wrote:

> BTW, I'm just being argumentative here.  I personally think that having
> E_NOTICE on is a very good idea, and that apps should be E_NOTICE-clean.  A
> great deal of PHP programmers will not agree with me, though, so I haven't
> made up my mind on whether I support changing this default or not.

Consider it this way:

If an user decides to use my library that is E_NOTICE clean and
doesn't have E_NOTICE, what happens?

If I decide to use a library that isn't E_NOTICE clean and I have
E_NOTICE, what happens?

The main issue here from my point of view is interoperation and
distribution of software.

> 2.  PHP, with register_globals=on, mixes information coming from the user
> with information coming from code written by the developer, to a degree
> where it's impossible to differentiate between the two.  Given problem #1,
> this often leads to security problems.

As long as we have a small quantity of small programs and libraries
with minor distribution, the maintainance effort of obfuscated code
is not vast, and thus flexibility may be default, and perhaps the
primary aim.

As software written in PHP grows in popularity and the codebase itself
grows in size, maintainance becomes harder. Thus I think that a clear
message from the developers - whether it's E_NOTICE or register_globals
or an open letter called "Code Together" - that states "we are
concerned that it's becoming increasingly hard to incorporate large
codebases together without compromising stability and security" is
in my opinion in place.

But that's of course only me.

> Zeev

          Heikki Korpela -- [EMAIL PROTECTED] -- http://iki.fi/heko/

PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to