[php-maint] Bug#657698: php5: re-enable suhosin patch or add separate packages with suhosin patch enabled per default
Thomas Goirand
zigo at debian.org
Wed Feb 1 22:41:00 UTC 2012
On 02/02/2012 05:13 AM, Carlos Alberto Lopez Perez wrote:
> Hello,
>
> I have just noticed this today when upgrading...
>
> I am really sad to see this feature removed from Debian.
>
>
> After reading this bug report I understand that:
>
> * Suhosin patch was removed because lack of man-power to maintain it
> * The main problem maintaining Suhosin were related to bugs from users
> complaining about broken php applications.
>
>
> So, if suhosin was creating problems for some users.... why not simply
> ship the configuration of php.ini with "suhosin.simulation = On" by default?
>
>
> http://myeasylinux.wordpress.com/2010/10/25/disable-suhosin/
>
>
> This would effectively disable suhosin patch (so no more users would
> complain about suhosin breaking their applications) meanwhile this still
> would allow the rest of users that are worried about security to enable
> suhosin by just changing one line in the configuration.
>
> Or I am missing something?
Yeah! Working very hard on maintaining the suhosin patch, and then
disabling it by default, don't you think that's a waste of time?
Yet, this doesn't solve the main issue: man power, and will to maintain
it in Debian. Would you like to work on it?
Cheers,
Thomas
More information about the pkg-php-maint
mailing list