Re: php5 README.Debian.security
Ondřej Surý wrote:
> Justin B Rye <jbr@edlug.org.uk>:
>> Maybe s/code/user scripts/ ?
>
> I think it means both, e.g. packages in PHP language and user scripts
> written in PHP, but I let Thijs to clarify here.
So no more DSAs for PHP packages?
> * Vulnerabilities involving any kind of open_basedir violation, as
> this feature is not considered a security model either by us or by
> PHP upstream.
This version's clearer. I still needed to google open_basedir and
discover that it's a (feeble) *restriction* on file-handling, but
readers of this file should already know that, I hope.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Reply to: