use Perl

• Public intormation (Score:2)

  by brian_d_foy (44)

  I find the last paragraph of his blog the most interesting:

  For the ordinary PHP user this means that I will no longer hide the slow response time to security holes in my advisories. It will also mean that some of my advisories will come without patches available, because the PHP Security Response Team refused to fix them for months. It will also mean that there will be a lot more advisories about security holes in PHP.

  Besides the other possible back-stories others have mentioned, it seems that they've falle
  • Re: (Score:2)

    by rafael (2125)

    I would hope that problems with Perl would immediately be made public so we have a chance to deal with them. I think, however, that we probably have a more reponsive set of core developers who already do their business in public (i think, maybe I'm just not in the star chamber :)

    Well, besides perlbug and P5P there is no infrastructure to report security bugs... (and the last core security bug that was found was a printf format string vulnerability back in December 2005, which was promptly fixed.) There might be for some CPAN modules, but I'm not aware of that...
    • Re:Public intormation (Score:1)

      by DAxelrod (4649) on 2006.12.12 20:53 (#52249) Journal

      That's a very good point. What additional infrastructure is needed?

      Reply to This

      Parent

      • Re: (Score:1)

        by grinder (1100)

        None, probably. If you built it, it would gather dust.

        I think the p5p mailing list is the best venue for reporting security problems. One doesn't have to be subscribed to post to it...