On Wed, 2008-08-27 at 20:50 +0200, Thijs Kinkhorst wrote: > Whatever you personally think of PHP, I'm not charmed with you making > allegations on a public forum that "many" people were "flamed to crisp" by > the team I am a member of, but then fail to support that statement when asked > where you base it on. If you want to make statements that put a team in a bad > light in a public forum you'll have to be prepared to back them up. It wasn't meant to put any team in a bad light - it was meant to indicate that PHP is not without security problems and that ignoring previous problems will not bring favour with the security team. 'flame' had an unintended connotation for the team concerned. I apologise for that. :-) > It seems to boil down to "trust me, I once heard somewhere that a person was > flamed by a security team member". Actually, it was more that someone I know got a robust (but, IMHO, accurate) response from the security team which was not to their liking. i.e. other direction. The responses that resulted were not necessarily from any particular team (or without due cause). Here is not the place to go into details. > I think it's evident that I'm not charmed by you postulating that "many" > people were "flamed" by that team, suggesting structural issues, without > presenting a piece of material on that. I believe that only helps to set a > negative atmosphere around that team. That was not my intention - indeed, nothing was intended to reflect on the team itself, merely on the choice of language involved. In many ways, the responses of the security team were fully deserved and intended as a warning to maintainers of PHP code that insecure PHP code will get a robust response that might not be particularly friendly. ;-) Sorry. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
signature.asc
Description: This is a digitally signed message part