[php-maint] Bug#512037: Bug#512037: Bug#512037: Bug#512037: Bug#512037: php5-cgi: magic_quotes_gpc = On

sean finney seanius at debian.org
Sat Jan 17 19:48:30 UTC 2009

hi thijs,

On Sat, Jan 17, 2009 at 08:19:08PM +0100, Thijs Kinkhorst wrote:
> I disagree. Code changes are of higher risk than changing the default of a 
> setting. It's very well defined what the effect of changing the setting is, 

i guess it depends on scope.  within php itself, changing the setting one
way or the other isn't too dangerous, i agree. however, there may or may not be
applications that depend on the configuration's default (both packaged and
third-party), and i'd rather not find out at this point what breaks.

> Why I think we *should* do it before lenny:
> - Well documented as being a bad function that destroys your input variables 
> and gives a false sense of security;

sure, but to be honest i think that we're just too close to lenny and
there's too much other stuff going on...   i'm willing to yield to an
overwhelming majority of course, but this is how i feel.

> - Already deprecated upstream. As this change will only affect new 
> installations, I belive it is good to not get new setups started in an 
> environment we know is going away soon.

it's scheduled to be deprecated and still on by default in upstream
configs, as previously discussed.

> - Changing it will not affect current installations.

the change will go on by default in any installation that has the
default debian version of the ini files, and for the rest may or may
not result in a change depending on how the admin responds to the prompt,
so i would disagree there...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20090117/9a68995c/attachment-0001.pgp 

More information about the pkg-php-maint mailing list