PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Dynamic Graphs with PHP, MySQL and GD
PHP and Working with Databases (for the Lazy Sod)
In Case You Missed It...
Book Review: Pro PHP, XML and Web Services
Introducing SQLyog, a MySQL Front End

Re: [PHP-DEV] CVS Account Request From: Rasmus Lerdorf (rasmus <email protected>)
Date: 11/15/00

Next message: Zeev Suraski: "Re: [PHP-DEV] CVS Account Request"
Previous message: Ignacio Vazquez-Abrams: "[PHP-DEV] php_compat.h and php3_compat.h"
In reply to: Zeev Suraski: "Re: [PHP-DEV] CVS Account Request"
Next in thread: Zeev Suraski: "Re: [PHP-DEV] CVS Account Request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 15 Nov 2000, Zeev Suraski wrote:

> At 00:24 16/11/2000, Rasmus Lerdorf wrote:
> >Part of the reason the PHP project has been successful is precisely
> >because the barrier of entry has always been nice and low. This applies
> >both to the language itself and also to the development of the language.
> >I can count on one hand the number of times we have had bad commits over
> >the last 5 years.
>
> Your hands must have changed a lot since I last saw you :)
> There were dozens.

Bad commits being commits that we needed to reverse because they were so
wrong that they couldn't be fixed. Sure there have been commits that
broken things. You and I have made dozens of such commits. Nobody writes
code without bugs. That doesn't mean we shouldn't have cvs access.

> So, did you find the buffer overflow bug in Onn's fribidi extension?

No I didn't, the commit message is still unread in my inbox due to a heavy
travel schedule, but chances are I wouldn't have caught it when I got back
and started chewing through my mailbox anyway. But are you seriously
suggesting that because he had an overflow in his extension he should not
have had commit access? Onn works for Zend and Andi vouched for him and
created his CVS account. Those a pretty good credentials and I don't care
how much we tighten rules, Onn would still have gotten a CVS account and
he would still have committed an extension that contained a buffer
overflow so I don't see how this does anything to prove your point.

> I think I made my point when I said we don't need to wait to be hacked
> before we take measures to reduce the chances of this happening. Things
> aren't too secure in this world as it is, I don't see a reason to make it
> easier to screw us up.

As long as it can be done without adding extra hurdles for legitimate
contributions I am fine with it. ACL's make sense. But I am leary about
any sort of review-then-commit type of approach as per Sterling's
suggestion. It puts an extra workload on existing contributors and
introduces delays for potential new contributors.

-Rasmus

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: Zeev Suraski: "Re: [PHP-DEV] CVS Account Request"
Previous message: Ignacio Vazquez-Abrams: "[PHP-DEV] php_compat.h and php3_compat.h"
In reply to: Zeev Suraski: "Re: [PHP-DEV] CVS Account Request"
Next in thread: Zeev Suraski: "Re: [PHP-DEV] CVS Account Request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]