[php-maint] Bug#657698: php5: re-enable suhosin patch or add separate packages with suhosin patch enabled per default

Carlos Alberto Lopez Perez clopez at igalia.com
Wed Feb 1 21:13:26 UTC 2012


On -10/01/37 20:59, Ondřej Surý wrote:
> On Sun, Jan 29, 2012 at 22:36, Christoph Anton Mitterer
> <calestyo at scientia.net> wrote:
>> Were there any troubles in applying the suhosin core patch to PHP?
> 
> It still applies cleanly.
> 
>> So is it "just" a matter of making the php5 source package produce binaries
>> for both -with-suhosin and no-suhosin?
> 
> That's exactly what it is not. You need to support every package you
> produce, check
> the bug reports, you need to communicate with users and with PHP upstream.
> 
> I am also quite sure that we don't want to build every extension
> twice. So you probably
> need to check if it's possible to build the extension just once and use it with
> with-suhosin and no-suhosin.
> 
> O.

Hello,

I have just noticed this today when upgrading...


I am really sad to see this feature removed from Debian.


After reading this bug report I understand that:

 * Suhosin patch was removed because lack of man-power to maintain it
 * The main problem maintaining Suhosin were related to bugs from users
complaining about broken php applications.


So, if suhosin was creating problems for some users.... why not simply
ship the configuration of php.ini with "suhosin.simulation = On" by default?


http://myeasylinux.wordpress.com/2010/10/25/disable-suhosin/


This would effectively disable suhosin patch (so no more users would
complain about suhosin breaking their applications) meanwhile this still
would allow the rest of users that are worried about security to enable
suhosin by just changing one line in the configuration.



Or I am missing something?




-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carlos Alberto Lopez Perez                           http://neutrino.es
Igalia - Free Software Engineering                http://www.igalia.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20120201/4c4abfce/attachment-0001.pgp>


More information about the pkg-php-maint mailing list