Hi Thijs,
On 2012-04-08 16:27, Thijs Kinkhorst wrote:
On Sun, April 8, 2012 22:07, Filipus Klutiero wrote:
On 2012-04-08 15:45, Thijs Kinkhorst wrote:
On Sun, April 8, 2012 21:23, Filipus Klutiero wrote:
Hi Thijs,
On 2012-04-08 13:16, Thijs Kinkhorst wrote:
On Sun, April 8, 2012 18:31, Filipus Klutiero wrote:
Package: php5-common
Version: 5.4.1~rc1-1
Severity: normal
README.Debian.security starts:
The Debian stable security team does not provide security support
for
certain configurations known to be inherently insecure. This
includes
the interpreter itself, extensions, and user scripts written in the
PHP
language.
This is at least most unclear. How would the PHP interpreter be a
configuration known to be inherently insecure?
If I add "features in", does it get clear to you what's meant?
| The Debian stable security team does not provide security support
for
| certain configurations known to be inherently insecure. This
includes
| features in the interpreter itself, extensions, and user scripts
written
| in the PHP language. Most specifically, but not exclusively, the
| security team will not provide support for the following.
I'm not sure. This raises the question "Are features configurations?"
Making use of a feature is most certainly a configuration.
Hum, if I use my MUA's reply feature, I don't think of myself as being
configuring anything. Then again, whether an action constitutes
"configuring" may be unclear in certain cases. If you can explain what
features in the PHP interpreter you consider as configurations, that may
clarify.
Perhaps you misunderstand the word "configuration". A configuration is a
combined set of components - like specific software features, or pieces on
a chess board. You can use a configuration without "being configuring" it
- in fact "configuring" is the state before "using". Therefore, you're
indeed not "configuring" anything if you use your mail client.
The problem is not a lack of examples that qualify. The whole list is
presented as configurations known to be inherently insecure. Please
either remove those which are not about configuration, present the list
differently,
I think you're taking 'configurtion' to mean something too specific, like
changing a configuration file.
There is a difference between configuring and using a configuration.
Using my MUA's reply feature may indeed be conceived as *using* a
configuration. However, it's certainly not commonly conceived as
*configuring*.
or clarify your understanding of what "configuration" means.
I've done that now.
We already had this text reviewed by Debian's native English review team
and that resulted in the text as it is now.
Hum. Could you point to that review?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
