On Tue, Sep 19, 2017 at 2:41 PM, C. Scott Ananian <[email protected]> wrote:
> source". You also mentioned PHP's long history of FLOSS without also > mentioning their long history at sucking at security. > Whoops, I should have toned that down a bit before hitting send. To be clear, I'm mostly talking about the ~2007 time frame where there was a lot of tension between the PHP core team and various folks who wanted to make PHP more secure in different ways. I don't actually know what the present-day status is -- suhosin seems to be still around, but (for instance) https://sektioneins.de/en/categories/php.html hasn't had any particular complaints since 2015. So to be super clear: I'm just pointing out that there used to be issues here; sometimes the community's interests do not exactly align. Consider me in the devil's advocate role again: I'd be interested to hear an insider's opinion (Stas?) on how security issues are handled these days and what the future outlook is, https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/PHP-PHP.html doesn't look as nice as http://www.cvedetails.com/vulnerability-list/vendor_id-7758/product_id-35896/Facebook-Hhvm.html but maybe the latter is misleading; older vulnerabilities seem to be at http://www.cvedetails.com/vulnerability-list/vendor_id-7758/product_id-30684/Facebook-Hiphop-Virtual-Machine.html for instance. --scott -- (http://cscott.net) _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
