[CentOS] Re: PHP 5.2.5 when ?
Johnny Hughes
johnny at centos.org
Tue Jan 15 22:29:51 UTC 2008
Bart wrote:
>
>
> Johnny Hughes wrote:
>> Bart wrote:
>>>
>>>
>>> Johnny Hughes wrote:
>>>> Bart wrote:
>>>>> Well, life is not that black and white, luckily ;)
>>>>>
>>>>> Try authenticating with PHP to MySQL using certificates. That won't
>>>>> work with the current PHP release shipped with RHEL/CentOS. There's
>>>>> a bug in PHP 5.1 and it's fixed in 5.2. Since this is not a
>>>>> security bug, but just missing (of wrongly implemented)
>>>>> functionality, it's probably not going to be back ported.
>>>>>
>>>>> Since certificates (and PKI) are a pretty hot item these days, an
>>>>> upgrade can be very useful.
>>>>>
>>>>> Just an idea that upgrading is not always about having the latest
>>>>> and greatest.. ;)
>>>>
>>>> Did you file a bug that says, hey ... your php is broken like this,
>>>> here is what it will not do ?
>>>>
>>>> If so, what is the upstream bug so I can track it ... if not, why
>>>> not :D
>>>>
>>> No, we did not ;) We opened a Service Request at RHEL, and asked them
>>> if php bug #37620 will be fixed, or if they will upgrade to php 5.2.
>>> The response we got was that RH is selling RH Application Stack v2,
>>> which does include php 5.2. And they asked us if there is an CVEs
>>> related to this bug..
>>>
>>> Bottom line was.. either buy the application stack, or hand over the
>>> CVEs. Since this bug is not security related, there is no CVEs.
>>
>> Is this what you are talking about???
>>
>> http://bugs.php.net/bug.php?id=37620
>>
>> and if so, explain how that affects PKI authorization and I will be
>> glad to file a bug and make lots of community noise ...
>>
>> Or if you would, file a bug on bugs.centos.org that explains exactly
>> how pki cna not be used with php and I will file an upstream bug to
>> see if they will fix it.
>>
>> Now, they will not fix every bug, but non-functional PKI is one I
>> think that they will address.
>>
>
> Thanks! I'll get back on this tomorrow (time for sleep now!)..
>
> Do you mind if I mail the details directly to you?
>
Directly to me is fine, yes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080115/2cc2562e/attachment.sig>
More information about the CentOS
mailing list