On Sun, Mar 10, 2002 at 10:22:55PM -0000, Jim Winstead wrote :
> David Eriksson <[EMAIL PROTECTED]> wrote:
> > I just read about the "PHP audit project" on NewsForge. More info here:
> >
> > http://phpaudit.42-networks.com/
> >
> > Their patch looked great to me, although I didn't browse through all of
> > it... :-)
>
> it's unfortunate that they're auditing 4.1.2, instead of the CVS HEAD
> (or the 4.2 branch). there are definitely parts of that patch that will
> not apply. a lot has changed since 4.1 branched a zillion years ago.
>
> but it is very nice to see someone taking on the task of tightening
> things up.
>
> it is a little annoying to read things in their mailing list archive
> like "One probably exploitable buffer overflow has been fixed, as well
> as a format string vulnerability." thanks for the heads up, guys.
>
> it would be nice if they were feeding us these patches in manageable
> chunks. one giant patch is unlikely to be accepted quickly.
Anyway it would ->very<- interesting to get those work
integrated into PHP. How should we process .. just talk to
those if they're interested in participating and putting
their patches into PHP itself too ?
Someone else also could just go over the patch and merge it
into HEAD (if it's ok with the authors [no idea]).
- Markus
--
Please always Cc to me when replying to me on the lists.
GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
