[php-maint] Bug#603174: Bug#603174: Why do we get just *part* of 5.3.3?
Thomas Goirand
thomas at goirand.fr
Mon Dec 13 17:50:43 UTC 2010
On 12/13/2010 10:56 PM, hubert depesz lubaczewski wrote:
> Since 5.3.3. fpm is integrated into main php. So, if we have php 5.3.3
> *without* fpm, it effectively means that php in debian is crippled?
> What could be possible rationale for removing features from upstream?
>
> Regards,
>
> Hubert Lubaczewski
This was a request from the release team that didn't want too much
change between php 5.3.2 and the new 5.3.3.
BTW, waking-up so late on this issue, and so close from the release of
Squeeze, and without reading what has been already said about it, seems
a bit ... hum ... inappropriate at least! :)
If you are searching for a solution on how to do safe executions of PHP,
by the way, I would suggest you to use SBOX. It does safe chroot,
setlimits and setuid before executing (of course, you need a working
environment in your chroot...). I'm currently working on a new version
that makes it possible for sbox to find the PHP interpreter without
having to play with binfmt_misc, and it's been already working
experimentally. If you care, you can clone:
http://git.gplhost.com/sbox.git
I've just finished adding the support for Apache SetEnv directive, so
that any variables in /etc/sbox.conf can be overwritten on a per-vhost
basis. Oh, and it's also working for python and perl cgi scripts! :)
I think the above is a way more safe than using fcgid, even though it
might not perform as well (this would have to be benched, I'm really not
sure).
Thomas
More information about the pkg-php-maint
mailing list