[php-maint] Bug#657698: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
Andrea Bolognani
eof at kiyuko.org
Thu Feb 2 14:41:58 UTC 2012
On Thu, Feb 02, 2012 at 03:14:56PM +0100, Stefan Esser wrote:
> BTW: You should really really look into the history of PHP security and check for each of the last 8 years how many features were in Suhosin and later merged into PHP because of some nasty security problem.
> You will see that at least 2 features of Suhosin per year were merged into PHP.
If that’s the case, then you have nothing to worry about.
As more and more Suoshin features are merged into mainline PHP, Debian’s
PHP package will get more and more secure. That’s the way it happens for
many other packages, I fail to see why PHP should be treated differently.
--
Andrea Bolognani <eof at kiyuko.org>
Resistance is futile, you will be garbage collected.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20120202/17b3d844/attachment.pgp>
More information about the pkg-php-maint
mailing list