[CentOS] PHP updates

Fri Nov 27 13:59:39 UTC 2009
Karanbir Singh <mail-lists at karan.org>

On 11/27/2009 01:34 PM, Bob McConnell wrote:
> We are trying to figure out how to handle this issue short of having to
> compile PHP ourselves. That would violate the agreement we have with the
> hosting service.

The whole PCI DSS issue is fairly important to many people at the 
moment, and wht does not help is the general brain-dead'ness shown by 
many of the so-called-experts doing the scans / checks.

Having said that, I *do* realise its a big deal and (a) we as a group of 
people should be able to address is, since its something that impacts so 
many and (b) most likely have the resources to do whatever is needed for 
(a). So if you want to extend your 'we' to be 'we, the centos community' 
- you have my attention and I know almost everyone else around here as well.

How about putting some ideas together on what needs to be done as a 
whole, on the wiki - even if one idea might be to better educate the 
people running these scans. Maybe even go one step further: setup the 
wiki page, bring some people together who have $clue >0 and have a bit 
of time, a few hours per week is plenty. And lets start thrashing out 
the possible solution paths for the hundreds of people in the 'problem 
area'.

I'd be happy to work with such a group of people. And I've read the PCI 
spec requirements.

Disclaimer: I dont have any use for or the requirement to meet any pci 
standards, but I am slightly concerned that too many people are trying 
too hard to work on this in silo's where its clear that having a central 
resource pool would be both a clear win and a massive saving on 
individual resources.

-- 
Karanbir Singh
London, UK        | http://www.karan.org/ | twitter.com/kbsingh
ICQ: 2522219      | Yahoo IM: z00dax      | Gtalk: z00dax
GnuPG Key : http://www.karan.org/publickey.asc