Hi, A PHP auditing project is a good idea, cause there are still lots of bugs, BUT such a project should never ever be led by people from the OpenBSD world. It would be much better if we create our own auditing team. This would ensure that we have control over the bugs that are found and we will never get such arrogant messages like: "This bug was fixed in PHP hardening patch about a year ago". Exactly this happened with the SSH deattack hole.
Stefan Esser -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
