PHP RFC: Security Issue Classification

• Version: 1.0
• Date: 2016-11-10
• Authors: Release Managers
• Status: Voting
• First Published at: http://wiki.php.net/rfc/security-classification

At the end of last month, Stas posted to internals with some ideas to reform security issue classification, and handling.

Before we can seek to implement changes in the process, we should seek ratification of the classification.

Voting opened November 10th for one week, closing November 17th:

Officially adopt the proposed security issue classification scheme ?
Real name	Yes	No
ab (ab)
bishop (bishop)
cmb (cmb)
colinodell (colinodell)
dmitry (dmitry)
krakjoe (krakjoe)
lcobucci (lcobucci)
lstrojny (lstrojny)
mariano (mariano)
mbeccati (mbeccati)
mgocobachi (mgocobachi)
ryat (ryat)
sammyk (sammyk)
stas (stas)
svpernova09 (svpernova09)
tpunt (tpunt)
trowski (trowski)
yohgaki (yohgaki)
Count:	18	0

There is no change to the language, however, since this is an important issue, we are going to require a super majority of 2/3+1.

Should the proposal fail to get the required votes, the classification will be reviewed and reformed before the vote is opened again: Consider this notice that there may not be two weeks between the first and subsequent vote.

Note: Should we discover, during the course of our work that the classification requires amendment, we will once again hold a vote.