On Mon, Mar 17, 2014 at 10:24 PM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
> On Tue, Mar 18, 2014 at 6:15 AM, Pierre Joye <pierre.php@gmail.com> wrote:
>>
>> For one, I appreciate the effort that both of you put on the session
>> management.
>>
>> It seems that you are somehow alone to discuss this issue and slightly
>> in circle right now.
>>
>> I would suggest two steps:
>>
>> - sit down together for a chat and get your stuff together. It will by
>> far more efficient than mails
>
>
> Sounds good.
> I'm not on IRC, which one should I use?
>
>>
>>
>> - write one or more RFCs to fix what should be fixed, how and why (see
>> next point :)
>
>
> Sure.
>
>>
>>
>> - provide more info about the actual critical security impact that
>> could be fixed by the changes
>> as of now, I failed to see any CVE related to what you are referring to
>
>
> There wouldn't be CVE as it may be implemented by user land.
> I may try to ask MITRE to give me a CVE, though.
I am more asking for actual exploits/flaws either in user land apps
relying on existing behaviors or in php itself. Asking a CVE for this
discussion does not sound like a good thing at this stage.
Cheers,
--
Pierre
@pierrejoye | http://www.libgd.org