Re: Re: Windows Peer Verification

From: Date: Tue, 04 Feb 2014 08:29:53 +0000
Subject: Re: Re: Windows Peer Verification
References: 1 2 3 4 5 6 7 8 9 10 11  Groups: php.internals 
Request: Send a blank email to [email protected] to get a copy of this message 
Pierre Joye wrote:

On Tue, Feb 4, 2014 at 8:57 AM, Lester Caine <[email protected]> wrote:

Pierre Joye wrote:


Security is not the

only thing that is reliant nowadays on third party data?


We bundle the TZ data and it is used on all supported platforms. So
no, no platform lags behind other. Some distributions may patch the
date extension to use the system TZ but then it is none of our
business.



But that is the whole point here ... it's the same argument with CA file?


If someone distributes a patched PHP, it is none of our business.

And CA file on Windows is not the same issue as Windows do not have
system CA files compatible with OpenSSL. Implementing a backend using
windows keys store and SSL APIs would bring more issues and
incompatibilities (user lever) than asking users to set an ini
setting.


OK that is making sense. The only reason that the tz data sprang to mind is a similar situation. Up until now windows has also had it's own timezone data management, so was not compatible with tz, but it seems from information being received that newer versions of windows are now using the tz data itself as it was their data which was lagging behind the real world. Linux distributions do update their tz data, but windows installs of PHP can't take advantage of the same update path? Just like the CA files.

It's PHP distributing the 'patched' windows builds here?

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk

Thread (53 messages)

« previous php.internals (#72184) next »