> > someone that they are not allowed to communicate with members of the > > PHP development team in a private manner makes no sense. Perhaps we > > need a [EMAIL PROTECTED] private mailing list for this instead where > > only people with php-dev cvs accounts can subscribe and either not > > archive or at least delay the archiving of messages to the list by > > a couple of weeks. > > Excellent idea. This is exactly something we really need. > A private address which is not limited to 10 persons or so. > What did Linus say again..enough eyes and all bugs are..something?
I'm really not all that worried about having the ability to fix issues in the small group or at least understanding the issue and bringing in the appropriate people privately to come up with a fix. So the number of people receiving that initial email really doesn't worry me. Heck it could be a single person we designate to be the security officer and rotate that responsibility. It isn't that hard to figure out who wrote a specific piece and if you have been around a while you know the people who are likely to be able to provide some insight. > Also, the other issue are the so called 'script kiddies'..so you're right > in this. Yes, the majority of the attacks out there are really not very advanced. Just some kid who downloads an exploit from somewhere. If we can make a bit harder for these kids, we should. -Rasmus -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
