PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Validating PHP User Sessions
PHP and Working with Databases (for the Lazy Sod)
Building Dynamic Pages With Search Engines in Mind
Revisited: Build Dynamic Pages With Search Engines in Mind
Localizing a Web Page for Different Languages

RE: [PHP-DEV] CVS Account Request From: Sterling Hughes (Sterling.Hughes <email protected>)
Date: 11/15/00

Next message: Zeev Suraski: "RE: [PHP-DEV] CVS Account Request"
Previous message: Zeev Suraski: "RE: [PHP-DEV] CVS Account Request"
Next in thread: Zeev Suraski: "RE: [PHP-DEV] CVS Account Request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 03:33 PM 11/15/2000 -0800, Rasmus Lerdorf wrote:
> > At 00:19 16/11/2000, Myke Hines wrote:
> > >-----Original Message-----
> > >From: Zeev Suraski [mailto:zeev <email protected>]
> > >Sent: Wednesday, November 15, 2000 2:13 PM
> > >To: Rasmus Lerdorf
> > >Cc: Sterling Hughes; php-dev <email protected>
> > >Subject: Re: [PHP-DEV] CVS Account Request
> > >
> > >
> > > > If you see patches flowing in from
> > > >that guy, and they look ok, it means two things - he's unlikely to be a
> > > >hacker, and he's probably in a real need for a CVS account.
> > >
> > >I think that is totally not true.. you can't tell if a person is a hacker
> > >just because they do a couple of good patches..
> >
> >
> > You can't tell for sure. For all you know, you could argue that I (Zeev)
> > might be an undercover Bin Laden agent, in one of the most successful
> > undercover missions in history, trying to bring down the entire
> > imperialistic American web. Possible, but unlikely.
>
>I dunno, I have often suspected that to be true.
>
> > I gather that someone committing legitimate patches may still be a hacker,
> > but the likelihood goes down, significantly.
>
>And if he is sending us good patches to gain trust, great. Once he sends
>the nasty patch, even if it takes us a little while to catch it, we can
>roll back the bad ones and keep the good ones and in the end we are ahead.

Also as a rule we might consider (just as a practice, nothing formal)
spending the time to review patches from people who don't commit a lot, I
personally review most patches that "new" committers make (albeit not
thoroughly enough to catch a buffer overflow) as well as all commits to the
extensions I've written. However, I rarely will pay attention to something
Zeev commits (but then again, now that I know he is a terrorist...)

-Sterling

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: Zeev Suraski: "RE: [PHP-DEV] CVS Account Request"
Previous message: Zeev Suraski: "RE: [PHP-DEV] CVS Account Request"
Next in thread: Zeev Suraski: "RE: [PHP-DEV] CVS Account Request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]