[php-maint] Bug#658208: Bug#658208: [php5] README.Debian.security: "problems used by sloppy developers"

Filipus Klutiero chealer at gmail.com
Thu Feb 2 17:50:18 UTC 2012


On 2012-02-02 04:13, Thijs Kinkhorst wrote:
> On Wed, February 1, 2012 01:53, Filipus Klutiero wrote:
>> Package: php5
>> Version: 5.3.9-1
>> Severity: minor
>>
>> README.Debian.security contains:
>>
>>> Most specifically, the security team will not provide
>>> support for flaws in:
>>>
>>> - problems which are not flaws in the design of php but can be
>>> problematic
>>>    when used by sloppy developers (for example: not checking the contents
>>>    of a tar file before extracting it, using unserialize() on
>>>    untrusted data, or relying on a specific value of short_open_tag).
>> Sloppy developers do not use problems, although crackers may.
>> This is unclear and I frankly wouldn't know how to reformulate besides:
>>> - application code
>> But if that's what it means, then I don't think it's worth a mention at
>> this place.
> I've changed it to read:
>
>    - functionality which is not flawed in the design of PHP but can be
>      problematic when used by sloppy developers (for example: not
>
>

Thanks Thijs. I guess that solves the problem described, but I don't 
think the new version is more sensical.

> Security support will not be provided for flaws in functionality which is not flawed in the design of PHP but can be problematic when used by sloppy developers.

That would leave the question, where is PHP functionality flawed if it 
is not in PHP's design?





More information about the pkg-php-maint mailing list