 |
 |
 |
 |
|
|
Date: 11/15/00
- Next message: Rasmus Lerdorf: "Re: [PHP-DEV] CVS Account Request"
- Previous message: Zeev Suraski: "RE: [PHP-DEV] CVS Account Request"
- Next in thread: Sterling Hughes: "Re: [PHP-DEV] CVS Account Request"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 20:52 15/11/2000, John Donagher wrote:
>The apache hack was a system-level vulnerability which is something any
>software distribution repository is vulnerable to.
It doesn't really matter. I wanted to show that the motivation is there,
and the danger of hacking into opensource software repositories exists, and
people who say that are not paranoid. They say that generals always
prepare for the previous war, we shouldn't make the same mistake and assume
that's the only way to hack in.
>I tend to agree with Rasmus on this one. Although someone could certainly
>commit malicious code to the repository, the likelihood of someone
>relatively unknown (like me) slipping code past the subscribers of php-cvs
>is probably not an easy thing. I don't think cutting off so many potential
>contributors at the ankles would be beneficial to PHP's evolution.
It's not cutting them in the ankles, it's not even giving them a paper
cut. It's nothing serious, and it can help reduce the security
problem. Not *solve* it, *reduce* it.
Zeev
-- Zeev Suraski <zeev <email protected>> CTO, Zend Technologies Ltd. http://www.zend.com/-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Rasmus Lerdorf: "Re: [PHP-DEV] CVS Account Request"
- Previous message: Zeev Suraski: "RE: [PHP-DEV] CVS Account Request"
- Next in thread: Sterling Hughes: "Re: [PHP-DEV] CVS Account Request"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]