Retired from security () php net

["Richard M. Smith" <rms () computerbytesman com>]

Via Slashdot:
 
http://blog.php-security.org/archives/61-Retired-from-securityphp.net.html

Last night I finally retired from the PHP Security Response Team, that was
initially my idea a few years ago.

The reasons for this are many, but the most important one is that I have
realised that any attempt to improve the security of PHP from the inside is
futile. The PHP Group will jump into your boat as soon you try to blame
PHP's security problems on the user but the moment you criticize the
security of PHP itself you become persona non grata. I stopped counting the
times I was called immoral traitor for disclosing security holes in PHP or
for developing Suhosin <http://www.suhosin.org/> .

For the ordinary PHP user this means that I will no longer hide the slow
response time to security holes in my advisories. It will also mean that
some of my advisories will come without patches available, because the PHP
Security Response Team refused to fix them for months. It will also mean
that there will be a lot more advisories about security holes in PHP.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.