Re: Re: Windows Peer Verification
> No one is arguing against ease-of use here.
PHP users may now need to have write access to PHP.INI in order to not
get logs filled with security warnings, for the same code that
previously did not issue a warning. Or else they need to change all
outbound stream code, which in many cases isn't even theirs to safely
change.
This isn't ease-of-use. This is hardening security at the cost of
ease-of-use for some users. We must call it what it is.
> Have you read the relevant RFCs?
I was the one who told you the Peer Verification RFC would break the
official WPI package (break == E_WARNING without end) and nobody cared
then. Now it's like a minor after-the-fact surprise after the RFC was
accepted.
This thread itself actually surprised me: I honestly didn't think you
cared about the issue at all. Figured the next we'd hear about it
would be in WONTFIXes on the bug tracker with directions to download
the CA bundle. I'm psyched I got the earlier heads-up on Internals,
and I don't worry about our servers because I have full control. Other
users don't and you will upset them. I am not saying these changes to
PHP are not advisable. They are! But how can you be "befuddled" when
you started a thread that notes that Windows users may need to have
sysadmin privileges -- else they will be constantly reminded that they
don't?
> Please just take sixty seconds to at least read this one part then
> come back and tell me I'm making it *more difficult* for the average
> user to make secure transfers.
We will have made it easier for PHP users to either
[a] make secure transfers
or
[b] fill up their logs with warnings
The "average" user will fit into [a] per recent PHP statistics (at
least on the production side) so yeah, the "average" user will see a
major benefit.
How many users need to fit into [b] for you to acknowledge that this
rollout is going to be less than fully successful -- not a failure,
just not an unqualified success -- unless we take those users
seriously?
> Instantly discounting those is a myopic approach. You can't just
> instantly rule out that bundling a file might not be feasible.
It's fine to not bundle a file.
It's not fine to pretend that warnings will not be endlessly spewed on
Windows without a file.
It's not fine to suppress these warnings on Windows but not elsewhere.
-- S.
Thread (53 messages)