[php-maint] Bug#512037: Bug#512037: Bug#512037: Bug#512037: php5-cgi: magic_quotes_gpc = On
Thijs Kinkhorst
thijs at debian.org
Sat Jan 17 19:19:08 UTC 2009
On Saturday 17 January 2009 19:16, Raphael Geissert wrote:
> Please don't suggest that,
I don't see harm in merely suggesting things...?
> lenny is almost out and we haven't even be
> able to get the other, actually important, issues sorted out. It's
> already late for those changes IMO.
I disagree. Code changes are of higher risk than changing the default of a
setting. It's very well defined what the effect of changing the setting is,
and we know for sure that it does not affect existing setups, contrary to
code changes. Furthermore there has been lots of testing with this item Off,
as it has been in the code for years and we're aware of many setups running
Debian's PHP with that.
I therefore think it's not right to see this in the same light as code
patches, rather, it's an easy switch to make.
Why I think we *should* do it before lenny:
- Well documented as being a bad function that destroys your input variables
and gives a false sense of security;
- Already deprecated upstream. As this change will only affect new
installations, I belive it is good to not get new setups started in an
environment we know is going away soon.
- Changing it will not affect current installations.
- If you need it, you can of course turn it on.
cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20090117/29075af6/attachment.pgp
More information about the pkg-php-maint
mailing list