Join Up! 104887 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI Reading RSS feeds in PHP: Part 1 Creating an Online Survey - Part 2 Beginning Ajax with PHP: From Novice to Professional PHP with Apache on Windows? Piece of Cake! phpwiki - The Wiki for PHP Developers

php-developer-list | 2000111

From: Sterling Hughes (Sterling.Hughes <email protected>)
Date: 11/15/00

• Next message: Andrei Zmievski: "Re: [PHP-DEV] CVS Account Request"
• Previous message: Myke Hines: "RE: [PHP-DEV] CVS Account Request"
• In reply to: André Langhorst: "Re: [PHP-DEV] CVS Account Request"
• Next in thread: Jim Jagielski: "Re: [PHP-DEV] CVS Account Request"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 11:03 PM 11/15/2000 +0100, André Langhorst wrote:
>>Let's not raise the barrier of entry without cause. Show me viable cause
>>and we can talk about specifics.
>>I do agree that Pear needs to be split away at some point when it is
>>mature enough to split. And applying some ACL's to separate doc, web and
>>src code probably makes sense as well. But let's not take this further
>>and start changing something that has worked very well for many years.
>
>I think this is the most reasonable point to start...
>doc,web,src[,pear]
>
>Anyway, if someone was really evil, he could gain trust and cvs access
>somehow (using current rules or wait-a-few-weeks rule), sure it'll take
>some time but I don't think this is efficiently preventable until
>accidently detected.

Or he could do a myriad of other things to find exploits and create bugs,
security all relies on human laziness. If your a car thief what car are
you going to steal (if their the same model, etc) a car with the door open,
the keys in it and the owner on a plane to Italy or a car with the doors
closed and locked with the keys safely stowed away. Sure its possible to
break into both, but which would you choose? Its the same with PHP, sure
there is always going to be a way to introduce bugs, and hurt php, but I
could make a commit to phpweb that could have index.php say "Use ASP not
PHP" and people probably wouldn't notice until it made the slashdot (ok, a
little sooner, but I'm sure it would be there for long enough for someone
to notice).

In another sense, the same could happen to the source of PHP, but this
wouldn't be caught until someone gets bitten by it (and PHP's reputation
gets tarnished with a lot of people).

-Sterling

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: Andrei Zmievski: "Re: [PHP-DEV] CVS Account Request"
• Previous message: Myke Hines: "RE: [PHP-DEV] CVS Account Request"
• In reply to: André Langhorst: "Re: [PHP-DEV] CVS Account Request"
• Next in thread: Jim Jagielski: "Re: [PHP-DEV] CVS Account Request"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs