> It's unfortunate that Stefan has decided to put at risk a large
> portion of websites on the Internet.

Actually its unfortunate that *PHP* has done this *and* mistreated someone who was/is trying to make it a viable option.

Plus this "large portion of websites" you refer to are to blame since they use PHP in the first place.

IMHO, *anything* is better than PHP if for no other reason because of the head-in-the-sand security that has caused so many problems for so many sites and admins and the attitude they have toward doing it right. (IE PHP will never do it right and is therefore not an option for any serious application. In fact web servers without PHP is starting to be a selling point in the hosting industry.)

Not to mention the horrid state its in due to it being a ball of glue that piece meals real tools together with no rhyme or reason.

Stefan has done a lot that has probably saved *you* more often than not since you apparently blindy use PHP scripts with full trust in their absolute infalibility.

You should thank him not berate him. Its your kind of clueless "I'm so smart" attitude that makes PHP so incredibly stupid.

> Since he is aware of the bugs, he most likely knows the fixes
> as well. Will he be posting the fixes? That would benefit security...

Good god man did you even *read* the article? He's been doing just that for *years* and all they do is abuse him because finds their idiotness? The essence of PHP.

PHP and ignorance is the enemy not Stefan.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/432/34345#34345