PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Cross-platform and Portable Development With PHP
Logging With PHP
In Case You Missed It...The Week of April 17, 2006
Test Driven Development in PHP
Creating an Online Survey

Re: [PHP-DEV] CVS Account Request From: Zeev Suraski (zeev <email protected>)
Date: 11/15/00

Next message: Zak Greant: "RE: [PHP-DEV] CVS Account Request"
Previous message: moshe doron: "[PHP-DEV] may header like `OO case' 'll do the job?"
Next in thread: Sascha Schumann: "Re: [PHP-DEV] CVS Account Request"
Reply: Sascha Schumann: "Re: [PHP-DEV] CVS Account Request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 23:15 15/11/2000, Sascha Schumann wrote:
> > Secondly, TONS of bugs have been introduced by buggy CVS commits from
> > people that touched things they weren't completely familiar with, or worse,
> > did things in apparently non core places, that still resulted in either
> > security problems or other sorts of crash bugs. I'm not sure where we
> > would have been without Andi's "CVS police", and frankly, I have no idea
> > where he's drawing the strength to go over almost all of the CVS
> commits from.
>
> I have not seen anything during the last three years which
> would qualify as "tons of bugs" introduced by committers. It
> is also the first time that I hear the term "CVS police". We
> all do peer review; that is all php-cvs is about.

Well, I have logs from the last 4.5 years. I can go through them if you'd
like, but I can assure you that there were plenty. Remember, that one is
enough.
I don't see what you do, but judging from the Email exchange I see, Andi is
one of the only people that actually looks at *ANY* commit that is made,
regardless of the module it's made to. Obviously he can't catch all, or
even most bugs - but he did catch plenty of security bugs in the past.
Peer review was usually done only on areas that were of interest to
everyone. Did you look at Onn's Fribidi extension code? Can you assure me
that it doesn't introduce buffer overflows?

> We can regulate the access to various modules using ACLs. No
> need to divide repositories per se. Having said that, I see
> currently no reason to regulate that much further.

I do. If ACL's are powerful enough, giving extension coders access only to
their extension is a good idea as well. If people don't take it
'personally' as some sort of an insult, but take it for what it is - give
them access to what they need access to - things will be much better
off. Much like you don't give your friends root access, not because you
think they'll screw things up, but because you just don't.

Zeev

--
Zeev Suraski   <zeev <email protected>>
CTO, Zend Technologies Ltd.  http://www.zend.com/
-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: Zak Greant: "RE: [PHP-DEV] CVS Account Request"
Previous message: moshe doron: "[PHP-DEV] may header like `OO case' 'll do the job?"
Next in thread: Sascha Schumann: "Re: [PHP-DEV] CVS Account Request"
Reply: Sascha Schumann: "Re: [PHP-DEV] CVS Account Request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]