Re: php5 README.Debian.security

To: debian-l10n-english@lists.debian.org
Cc: Ondřej Surý <ondrej@sury.org>, Thijs Kinkhorst <thijs@debian.org>
Subject: Re: php5 README.Debian.security
From: Justin B Rye <jbr@edlug.org.uk>
Date: Wed, 8 Feb 2012 13:17:45 +0000
Message-id: <[🔎] 20120208131745.GA3971@xibalba.demon.co.uk>
Mail-followup-to: debian-l10n-english@lists.debian.org, Ondřej Surý <ondrej@sury.org>, Thijs Kinkhorst <thijs@debian.org>
In-reply-to: <CALjhHG_oL3SAijfve1PFSDNaLW-DR6xe8xcRFKf0fVF+Kbxrw@mail.gmail.com>
References: <CALjhHG9=nMLPqG3sQ=N4fY-G5utBh1rJ3udfVkJ75444617Sw@mail.gmail.com> <[🔎] 20120208102909.GA32288@xibalba.demon.co.uk> <CALjhHG_oL3SAijfve1PFSDNaLW-DR6xe8xcRFKf0fVF+Kbxrw@mail.gmail.com>

Ondřej Surý wrote:
> Justin B Rye <jbr@edlug.org.uk>:
>> Maybe s/code/user scripts/ ?
> 
> I think it means both, e.g. packages in PHP language and user scripts
> written in PHP, but I let Thijs to clarify here.

So no more DSAs for PHP packages?
 
>  * Vulnerabilities involving any kind of open_basedir violation, as
>    this feature is not considered a security model either by us or by
>    PHP upstream.

This version's clearer.  I still needed to google open_basedir and
discover that it's a (feeble) *restriction* on file-handling, but
readers of this file should already know that, I hope.
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

Reply to:

Follow-Ups:
- Re: php5 README.Debian.security
  - From: Ondřej Surý <ondrej@sury.org>

References:
- Re: php5 README.Debian.security
  - From: Justin B Rye <jbr@edlug.org.uk>

Prev by Date: Re: php5 README.Debian.security
Next by Date: Re: php5 README.Debian.security
Previous by thread: Re: php5 README.Debian.security
Next by thread: Re: php5 README.Debian.security
Index(es):
- Date
- Thread