Hi, So I am proposing a topic for the next meeting: https://github.com/symfony/symfony/pull/511
The gist of the discussion is if to add a ".cache" postfix, making it ".php.cache" for all generated PHP files. Currently we already apply this convention in the standard edition for the bootstrap files: https://github.com/symfony/symfony-standard/blob/master/bin/build_bootstrap.php#L53 The above pull expands this to also be used for all files generated in the cache dir. Now I do not want to start a lengthy discussion on this list, because both sides have already presented their arguments on the pull request. So please if you reply keep it short and focused on what I might have incorrectly represented or have missed. Summary: ------------- The pro's: - automatically hide the files in IDE indexes and CI tools The con's: - editors will not automatically syntax highlight these files - web servers will not interpret these files as PHP files in case of a misconfigured document root Personal Comment: -------------------------- I personally believe the con's do not out weight the benefit. Adding ".php.cache" for syntax highlighting is a one time setting, configuring to ignore the cache (and bootstrap) files is a per project task. Furthermore, no end user will ever need to look in these files, let alone do modifications. And even core developers will very rarely need to look in these files. As for misconfigured document root, the config dir itself will then also be wide open, so its not an additional attack vector. regards, Lukas Kahwe Smith [email protected] -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
