[php-maint] Bug#658208: Bug#658208: Bug#658208: [php5] README.Debian.security: "problems used by sloppy developers"
chealer at gmail.com
Thu Feb 2 18:42:21 UTC 2012
On 2012-02-02 13:18, Thomas Goirand wrote:
> On 02/03/2012 01:50 AM, Filipus Klutiero wrote:
>> That would leave the question, where is PHP functionality flawed if it
>> is not in PHP's design?
> That's a discussion that could be huge. Do you think that
> README.Debian.security or even the Debian BTS, are places were we should
> discuss this? (or maybe you're not having this discussion, and regret
> that the README.Debian.security leads to it?)
Sorry, there seems to be a misunderstanding. What I'm reporting is that
the current README contains a non-sensical item. Thijs has fixed the
problem, but the new version is also problematic. The new version would say:
> Security support will not be provided for flaws in functionality which is not flawed in the design of PHP but can be problematic when used by sloppy developers.
What I am saying is that this wording will leave the reader puzzled; if
a flaw in a PHP functionality is not in PHP's design, the reader will
wonder where the flaw is.
I do not expect the README to answer that question, I would rather have
it avoid raising the question.
> I believe that README.Debian.security really explains what it should in
> its current form.
> If you're not happy with it, could you (please)
> suggest a new wording here? That'd help, and speed-up this discussion.
If I understand what the item is supposed to say, I think the wording I
suggested here is fine. I also suggested in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639230#25 that the
entire item be scrapped.
More information about the pkg-php-maint