[php-maint] Bug#471336: Bug#471336: libapache2-mod-php5: please consider providing debugging version without suhosin

Ondřej Surý ondrej at sury.org
Mon Mar 17 15:40:07 UTC 2008


> some authors of PHP applications claim that the suhosin patch might be
> the cause for applications misbehavior. 

Give us a simple test case.  And better not ask me, what I think of some
authors of PHP applications (and PHP itself) :-).

I reviewed suhosin patch and I don't really think it could "cause
application misbehavior" for any normal application.  Yes, it does
change realpath so it adds some checks here and there and it does checks
for heap corruptions (zend_canary), but that's all.

> Please consider generating such a package during your package build
> process. Or, should this be impractical

It is very impractical.  php build process is very complicated as it is,
building double number of packages is not going to help.

> document how to build a PHP
> without suhosin from the Debian sources. This shuold be ideally be
> controllable from a variable set in debian/rules so that re-building
> is easy.

Is 'rm debian/patches/suhosin.patch && debuild' so complicated that it
needs it's own FAQ point?

Ondrej.
-- 
Ondřej Surý <ondrej at sury.org>






More information about the pkg-php-maint mailing list