[php-maint] Status of suhosin in Debian
Ondřej Surý
ondrej at sury.org
Thu Jun 14 19:39:39 UTC 2012
On Thu, Jun 14, 2012 at 8:38 PM, Thomas Goirand <zigo at debian.org> wrote:
> Ondrej, is your plan still to leave suhosin as a build option in the
> source package like you wrote early last February, so that those who
> want it can just switch that option and rebuild? I can see in the
> debian/rules that there's still:
>
> # Set this flag to 'yes' if you want to compile PHP5 with suhosin patch
> PHP5_SUHOSIN=no
Yes, I do, but see the two last paragraphs.
> Does this mean that the suhosin patch still works in current php 5.4
> package?
No, it doesn't (there's even a wishlist bug for that).
> Or is this still something remaining fro the php 5.3 packaging?
Yup.
> Would it be feasible to build twice PHP, once with the suhosin patch,
> and once without, and build 2 debian binaries?
Nope, you would have to build twice every reverse dependency as well,
that's just crazy :).
> If yes, how much work would this be? Does this mean building 3 more binaries, like:
> libapache2-mod-php5-suhosin, php5-cli-suhosin, php5-cgi-suhosin?
Nope, you would have to have php5-mysql-suhosin, php5-imap-suhosin...
But this discussion is pointless. There is no suhosin release for php 5.4.x
and even if there was one say tomorrow, there is too little time to include
it again and feel comfortable.
We might revert the decision for wheezy+1, but given that as far as I know
only Ubuntu has kept suhosin (and thus 5.3.x branch) enabled.
O.
--
Ondřej Surý <ondrej at sury.org>
More information about the pkg-php-maint
mailing list