[php-maint] Bug#512037: Bug#512037: Bug#512037: Bug#512037: php5-cgi: magic_quotes_gpc = On

Thijs Kinkhorst thijs at debian.org
Sat Jan 17 19:19:08 UTC 2009


On Saturday 17 January 2009 19:16, Raphael Geissert wrote:
> Please don't suggest that,

I don't see harm in merely suggesting things...?

> lenny is almost out and we haven't even be 
> able to get the other, actually important, issues sorted out. It's
> already late for those changes IMO.

I disagree. Code changes are of higher risk than changing the default of a 
setting. It's very well defined what the effect of changing the setting is, 
and we know for sure that it does not affect existing setups, contrary to 
code changes. Furthermore there has been lots of testing with this item Off, 
as it has been in the code for years and we're aware of many setups running 
Debian's PHP with that.

I therefore think it's not right to see this in the same light as code 
patches, rather, it's an easy switch to make.

Why I think we *should* do it before lenny:
- Well documented as being a bad function that destroys your input variables 
and gives a false sense of security;
- Already deprecated upstream. As this change will only affect new 
installations, I belive it is good to not get new setups started in an 
environment we know is going away soon.
- Changing it will not affect current installations.
- If you need it, you can of course turn it on.


cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20090117/29075af6/attachment.pgp 


More information about the pkg-php-maint mailing list