[CentOS] Re: PHP 5.2.5 when ?

Tue Jan 15 22:29:51 UTC 2008
Johnny Hughes <johnny at centos.org>

Bart wrote:
> 
> 
> Johnny Hughes wrote:
>> Bart wrote:
>>>
>>>
>>> Johnny Hughes wrote:
>>>> Bart wrote:
>>>>> Well, life is not that black and white, luckily ;)
>>>>>
>>>>> Try authenticating with PHP to MySQL using certificates. That won't 
>>>>> work with the current PHP release shipped with RHEL/CentOS. There's 
>>>>> a bug in PHP 5.1 and it's fixed in 5.2. Since this is not a 
>>>>> security bug, but just missing (of wrongly implemented) 
>>>>> functionality, it's probably not going to be back ported.
>>>>>
>>>>> Since certificates (and PKI) are a pretty hot item these days, an 
>>>>> upgrade can be very useful.
>>>>>
>>>>> Just an idea that upgrading is not always about having the latest 
>>>>> and greatest.. ;)
>>>>
>>>> Did you file a bug that says, hey ... your php is broken like this, 
>>>> here is what it will not do ?
>>>>
>>>> If so, what is the upstream bug so I can track it ... if not, why 
>>>> not :D
>>>>
>>> No, we did not ;) We opened a Service Request at RHEL, and asked them 
>>> if php bug #37620 will be fixed, or if they will upgrade to php 5.2. 
>>> The response we got was that RH is selling RH Application Stack v2, 
>>> which does include php 5.2. And they asked us if there is an CVEs 
>>> related to this bug..
>>>
>>> Bottom line was.. either buy the application stack, or hand over the 
>>> CVEs. Since this bug is not security related, there is no  CVEs.
>>
>> Is this what you are talking about???
>>
>> http://bugs.php.net/bug.php?id=37620
>>
>> and if so, explain how that affects PKI authorization and I will be 
>> glad to file a bug and make lots of community noise ...
>>
>> Or if you would, file a bug on bugs.centos.org that explains exactly 
>> how pki cna not be used with php and I will file an upstream bug to 
>> see if they will fix it.
>>
>> Now, they will not fix every bug, but non-functional PKI is one I 
>> think that they will address.
>>
> 
> Thanks! I'll get back on this tomorrow (time for sleep now!)..
> 
> Do you mind if I mail the details directly to you?
> 

Directly to me is fine, yes.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080115/2cc2562e/attachment-0004.sig>