[php-maint] Bug#658208: Bug#658208: [php5] README.Debian.security: "problems used by sloppy developers"

Thijs Kinkhorst thijs at debian.org
Thu Feb 2 09:13:36 UTC 2012


On Wed, February 1, 2012 01:53, Filipus Klutiero wrote:
> Package: php5
> Version: 5.3.9-1
> Severity: minor
>
> README.Debian.security contains:
>
>> Most specifically, the security team will not provide
>> support for flaws in:
>>
>> - problems which are not flaws in the design of php but can be
>> problematic
>>   when used by sloppy developers (for example: not checking the contents
>>   of a tar file before extracting it, using unserialize() on
>>   untrusted data, or relying on a specific value of short_open_tag).
>
> Sloppy developers do not use problems, although crackers may.
> This is unclear and I frankly wouldn't know how to reformulate besides:
>> - application code
> But if that's what it means, then I don't think it's worth a mention at
> this place.

I've changed it to read:

  - functionality which is not flawed in the design of PHP but can be
    problematic when used by sloppy developers (for example: not


Thijs






More information about the pkg-php-maint mailing list