On Wednesday 27 August 2008 19:02, Neil Williams wrote: > 3. You're asking for sponsorship of PHP packages which are a security > nightmare (esp. wordpress that had a huge flamewar around the time of > the Etch release due to security issues). Many sponsors are justifiably > wary of PHP packages after seeing many others being flamed to a crisp by > the security team and ftp-master team. Personally, I won't touch PHP > packages ever again - I'm reconsidering my own PHP in favour of perl and > if I could do without php on my own servers, I would. Although there are PHP applications that are a security nightmare, there are well-written applications just as well. This goes for any programming language. Generalising, unseen, that the program being in PHP meaning that it must be insecure is not exactly helpful. In fact, the problems caused by things like buffer overflows in the C language are for Debian a significantly larger task. Plus, I've surely not seen anyone being "flamed [...] by the security team", let alone "to crisp", let even further alone those "many" people you're talking about, and find the suggestion that we would act in such a way a bit offensive. Please, this mailinglist is intended as a friendly place to get help and sponsorship on your packages. It would be helpful to write in a more balanced tone than you used in this email. thanks, Thijs
Attachment:
pgpBfIBCKiaMS.pgp
Description: PGP signature