[delete some flaming....]

Hehe, and I thought I had to go to USENET to see a flamewar.  This is great, 
a flamewar delivered directly to my mailbox, it doesn't get better.......

Let me put my $0.02 in.  Security holes happen, no matter what software you 
use.  PHP and open source in general, unlike M$, does not have a new vius of 
the week, or security hole of the month.  Their recent couple of 
announcements is bad luck, not bad design/development and I still 
happily stand by the PHP guys.  I think PHP users should also be grateful 
that the PHP guys have said there is a need to upgrade to fix this hole, 
rahter than just put out a new release and hope most people see it and think 
"great, a new version, I will upgrade".  

As for the the implied terrible difficulty of upgrading, on my Linux systems 
it was tragically complicated - I chose to patch my 4.2.1 source, then 
recompile, install and restart apache:

patch -p0 < php-4.2.1-to-4.2.2.patch
cd php-4.2.1
./configure --with-mysql --with-apxs=/usr/local/apache/bin/apxs --with-ldap 
make install
/usr/local/apache/bin/apachectl restart

Yes, with a script like this, it is terribly complicated.  This whole process 
took less than 5 minutes.  I had to do it on three machines, and there were 
no problems to be seen.

If you are going to wine about having to upgrade software because of security 
holes, get off the net, it would be easier and take much less precious time.  

That's my $0.02 (or in my case 0.02 Euro).  Now I will go back to trying 
to work out my ldap problems.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to