[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Thies C. Arntzen
On Wed, Mar 21, 2001 at 03:30:58PM +0100, Sascha Schumann wrote: Guys, please play by the rules which are laid down in RELEASE_PROCESS. Further decreasing the quality of PHP releases doesn't help anyone and just makes us look bad. i fully agree to sascha. plus i see no real

[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Andi Gutmans
At 05:03 PM 3/21/2001 +0100, Sascha Schumann wrote: The bottom line is that, as I said, the trick in good opensource software is taking calculated risks, and mixing agility with quality assurance. One can look through your binary glasses, and then it's either complete lack of quality, or

[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Sascha Schumann
I think most (probably not all) pl's were sparked due to security bugs which were found and we took the opportunity to add another couple of important fixes. Those kind of pl's would not have been prevented by any Great Plan. If I remember correctly, 4.0.4pl1 was the only release

[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Andi Gutmans
A couple of these were buffer overflows IIRC which were security issues. Remember the group@ emails about those? Andi At 07:17 PM 3/21/2001 +0100, Sascha Schumann wrote: I think most (probably not all) pl's were sparked due to security bugs which were found and we took the opportunity to add

[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Sascha Schumann
On Wed, 21 Mar 2001, Andi Gutmans wrote: A couple of these were buffer overflows IIRC which were security issues. Remember the group@ emails about those? Fixes against format-string attacks and for file-upload issues went into 4.0.3. Or what are you referring to? - Sascha

[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Andi Gutmans
Why do we need to have an interrogation. Relax, it's not such a big deal. 4.0.4pl1 4.0.3pl1 both had security fixes (Apache config handling was a security issue). Anyway, I still don't understand what the big fuss is about. Let's stop arguing about this like 4th graders. By the way, the

Re: [PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Zeev Suraski
At 20:50 21/3/2001, Sascha Schumann wrote: On Wed, 21 Mar 2001, Andi Gutmans wrote: A couple of these were buffer overflows IIRC which were security issues. Remember the group@ emails about those? Fixes against format-string attacks and for file-upload issues went into 4.0.3. Or

[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Cynic
Hi Andi! At 19:58 21.3. 2001, Andi Gutmans wrote the following: -- Why do we need to have an interrogation. Relax, it's not such a big deal. We don't. I hope no one will take my remarks personally. :) 4.0.4pl1 4.0.3pl1 both had

Re: [PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Sascha Schumann
The Apache module issue was a security problem. A fairly major one, too. Yes, that is why I mentioned 4.0.4pl1 as an exception in an earlier email. - Sascha Experience IRCG http://schumann.cx/http://schumann.cx/ircg --

[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Sascha Schumann
On Wed, 21 Mar 2001, Andi Gutmans wrote: Why do we need to have an interrogation. Relax, it's not such a big deal. I'm completely relaxed. I just dislike twisting history. - Sascha Experience IRCG http://schumann.cx/

Re: [PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Zeev Suraski
But I referred to 4.0.3pl1 :) At 21:23 21/3/2001, Sascha Schumann wrote: The Apache module issue was a security problem. A fairly major one, too. Yes, that is why I mentioned 4.0.4pl1 as an exception in an earlier email. - Sascha Experience

Re: [PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Zeev Suraski
At 21:25 21/3/2001, Sascha Schumann wrote: On Wed, 21 Mar 2001, Andi Gutmans wrote: Why do we need to have an interrogation. Relax, it's not such a big deal. I'm completely relaxed. I just dislike twisting history. Sascha, As Cynic said, it's really a good idea to stop the flame wars.

Re: [PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Jason Greene
PROTECTED]; "PHP Quality Assurance Team Mailing List" [EMAIL PROTECTED] Sent: Wednesday, March 21, 2001 1:33 PM Subject: Re: [PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi But I referred to 4.0.3pl1 :) At 21:23 21/3/2001, Sascha Schumann wrote:

Re: [PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Zeev Suraski
t;Sascha Schumann" [EMAIL PROTECTED] Cc: "PHP Developers Mailing List" [EMAIL PROTECTED]; "PHP Quality Assurance Team Mailing List" [EMAIL PROTECTED] Sent: Wednesday, March 21, 2001 1:33 PM Subject: Re: [PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4

Re: [PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Zeev Suraski
At 22:19 21/3/2001, Jason Greene wrote: If the exception policy was in place here are some questions of thought: What would be necessary to make it safe to php in a whole? I'd say that a module that has no effect on building PHP is fine to add as an experimental module. The only reason I

Re: [PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-21 Thread Zeev Suraski
At 16:38 21/3/2001, Thies C. Arntzen wrote: i fully agree to sascha. plus i see no real reason to include a new module once we are in "release-process". new modules are by default not "producition-stable" so why hurry to include them in a "official-release"? For wide

[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

2001-03-20 Thread Zeev Suraski
At 20:57 20/3/2001, Jani Taskinen wrote: On Tue, 20 Mar 2001, Andi Gutmans wrote: I couldn't find any indication that this can break any of the other sapi builds so I don't think there's a problem with adding it. Okay. But still I find it very annoying that we don't follow the rules we have

[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5)/sapi/fastcgi

2001-03-20 Thread Joey Smith
Well, IIUC, this is really all Jani is trying to say...RC2 is could be considered invalid now... On Tue, 20 Mar 2001, Zeev Suraski wrote the following to Sascha Schumann : In my humble opinion (humility is a virtue), new modules are fine to add while in the release process, as long as