Re: php vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: php vulnerabilities
From: Florian Weimer <fw@deneb.enyo.de>
Date: Wed, 22 Dec 2004 14:58:47 +0100
Message-id: <[🔎] 87fz1ywi20.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20041222125754.GH25737@hezmatt.org> (Matthew Palmer's message of "Wed, 22 Dec 2004 23:57:54 +1100")
References: <[🔎] 20041221074711.51856.qmail@web51707.mail.yahoo.com> <[🔎] 41C813C3.1030803@famipow.com> <[🔎] 20041221122800.GA5447@cirrus.madduck.net> <[🔎] 20041222125754.GH25737@hezmatt.org>

* Matthew Palmer:

> On Tue, Dec 21, 2004 at 01:28:00PM +0100, martin f krafft wrote:
>> Stop using PHP. Learn Zope and PostgreSQL.
>
> Because, of course, neither of those ever have security
> vulnerabilities, and if they did, their upstreams would naturally
> help us to backport security fixes to 3 year old versions of the
> software.

It's not just the historic version in Debian/stable.  For example,
SuSE has yet to release a php4 update, too, although they only support
4.3 these days, AFAIK.  The lack of coordination of security bug
resolution on the PHP developers' part is certainly a point to
consider before you deploy additional PHP-based applications.

I'm not sure if the other server-side scripting languages are so much
better.  I'm just following the PHP situation more closely, having
left behind a couple of PHP scripts at my previous workplace. 8-/

Reply to:

References:
- Re: php vulnerabilities
  - From: saravanan ganapathy <sarav_gsa@yahoo.com>
- Re: php vulnerabilities
  - From: Francois Bayart <francois@famipow.com>
- Re: php vulnerabilities
  - From: martin f krafft <madduck@debian.org>
- Re: php vulnerabilities
  - From: Matthew Palmer <mpalmer@debian.org>

Prev by Date: Re: php vulnerabilities
Next by Date: Re: php vulnerabilities
Previous by thread: Re: php vulnerabilities
Next by thread: Re: php vulnerabilities
Index(es):
- Date
- Thread