[php-maint] Bug#657698: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
Russell Coker
russell at coker.com.au
Thu Feb 2 23:45:59 UTC 2012
On Fri, 3 Feb 2012, Russ Allbery <rra at debian.org> wrote:
> For example, Debian could immediately become a much more secure OS by
> enabling SELinux in enforcing mode on all Debian systems. The reason why
> we don't do this is that currently that tradeoff doesn't make sense; too
> much other stuff doesn't work, too much other effort is required, and
> we're not in a position to enforce that technology, even if it would
> increase security.
SE Linux is supported in critical packages including the kernel, sysvinit, and
cron. So any user who wants to use it can just install the SE Linux specific
packages and rely on the built-in support for SE Linux in important base
packages.
This compares to the PHP/Suhosin situation where users who want that have no
option other than to download the source and the Suhosin patch and build their
own packages.
For the analogy you want to make a better option would be GR Security which is
not supported in the Debian kernel and won't be supported in the forseeable
future.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the pkg-php-maint
mailing list