The Guru
Fairlight
fairlite at fairlite.com
Wed May 28 08:10:21 PDT 2008
>From inside the gravity well of a singularity, Jay Ashworth shouted:
> On Tue, May 27, 2008 at 07:16:13PM -0400, Fairlight wrote:
> > Y'all catch dis heeyah? Jay Ashworth been jivin' 'bout like:
> > > Python has it's own, much smaller, library called (I think) PEAR -- or
> >
> > PEAR is part of PHP, and it's actually the regex parsing engine, if I
> > remember correctly.
>
> http://pear.php.net/
Yeah, I just figured out I confused PEAR with PCRE. Hey, they both
start with 'P', gimme a break! We have too many bloody acronyms in this
industry.
PCRE was actually the cause of a headache during a minor patchlevel (third
number) release. They released a security fix one week, and a week later
released a xx.yy.zz where zz=zz+1 to fix the bug they introduced in the
previous week's fix. But lo and behold, some brainiac decided that this
kind of release was a perfect opportunity to release PHP with a completely
new version of the PCRE subsystem. Which point actually -broke- the SRPM
build from a week prior, I might add.
This is one of the many reasons I really deplore PHP. A perusal of the
weekly SANS security digest week after week points out yet another. I know
seasoned linux kernel hackers that say they'd rather reinstall an entire
new OS than replace just PHP. I think that's overkill, but they -have-
said it.
But that PCRE fiasco is why it sticks in my mind so prominently.
mark->
--
"Moral cowardice will surely be written as the cause on the death
certificate of what used to be Western Civilization." --James P. Hogan
More information about the Filepro-list
mailing list