The Guru

Fairlight fairlite at fairlite.com
Wed May 28 08:10:21 PDT 2008


>From inside the gravity well of a singularity, Jay Ashworth shouted:
> On Tue, May 27, 2008 at 07:16:13PM -0400, Fairlight wrote:
> > Y'all catch dis heeyah?  Jay Ashworth been jivin' 'bout like:
> > > Python has it's own, much smaller, library called (I think) PEAR -- or
> > 
> > PEAR is part of PHP, and it's actually the regex parsing engine, if I
> > remember correctly.
> 
> 	http://pear.php.net/

Yeah, I just figured out I confused PEAR with PCRE.  Hey, they both
start with 'P', gimme a break!  We have too many bloody acronyms in this
industry.

PCRE was actually the cause of a headache during a minor patchlevel (third
number) release.  They released a security fix one week, and a week later
released a xx.yy.zz where zz=zz+1 to fix the bug they introduced in the
previous week's fix.  But lo and behold, some brainiac decided that this
kind of release was a perfect opportunity to release PHP with a completely
new version of the PCRE subsystem.  Which point actually -broke- the SRPM
build from a week prior, I might add.

This is one of the many reasons I really deplore PHP.  A perusal of the
weekly SANS security digest week after week points out yet another.  I know
seasoned linux kernel hackers that say they'd rather reinstall an entire
new OS than replace just PHP.  I think that's overkill, but they -have-
said it.

But that PCRE fiasco is why it sticks in my mind so prominently.

mark->
-- 
"Moral cowardice will surely be written as the cause on the death
certificate of what used to be Western Civilization." --James P. Hogan


More information about the Filepro-list mailing list