> Your blaming of PHP is significantly misplaced. It is not solely
> responsible for programmer malpractice. There are programmers out
> there, right this moment, with code all across Github doing one very
> unusual thing. They are deliberately disabling peer verification in
> cURL where it is enabled by default. They WILL do the same with PHP
> streams/sockets. The buck stops at the programmer's feet and that's
> it. All PHP can do is promote and encourage best practices, it can
> never enforce them.
So you don't agree with this patch? In that case I agree, you are
being fully consistent and this standpoint is quite convincing. If we
don't touch the language, we can affix blame solely to the user.
However my argument assumed the patch was accepted into the language.
_In that context_ it is foolish to say the language bears no
responsibility while at the same time making language changes so it
behaves "the way it should have been."
> There are programmers out there, right this moment, with code all
> across Github doing one very unusual thing. They are deliberately
> disabling peer verification in cURL where it is enabled by default
These aren't the programmers who are affected by the changing of
defaults. They are fully culpable.
-- S.