[delete some flaming....] Hehe, and I thought I had to go to USENET to see a flamewar. This is great, a flamewar delivered directly to my mailbox, it doesn't get better.......
Let me put my $0.02 in. Security holes happen, no matter what software you use. PHP and open source in general, unlike M$, does not have a new vius of the week, or security hole of the month. Their recent couple of announcements is bad luck, not bad design/development and I still happily stand by the PHP guys. I think PHP users should also be grateful that the PHP guys have said there is a need to upgrade to fix this hole, rahter than just put out a new release and hope most people see it and think "great, a new version, I will upgrade". As for the the implied terrible difficulty of upgrading, on my Linux systems it was tragically complicated - I chose to patch my 4.2.1 source, then recompile, install and restart apache: patch -p0 < php-4.2.1-to-4.2.2.patch cd php-4.2.1 ./configure --with-mysql --with-apxs=/usr/local/apache/bin/apxs --with-ldap make make install /usr/local/apache/bin/apachectl restart Yes, with a script like this, it is terribly complicated. This whole process took less than 5 minutes. I had to do it on three machines, and there were no problems to be seen. If you are going to wine about having to upgrade software because of security holes, get off the net, it would be easier and take much less precious time. That's my $0.02 (or in my case 0.02 Euro). Now I will go back to trying to work out my ldap problems. Ian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php