[php-maint] Bug#603174: Bug#603174: Why do we get just *part* of 5.3.3?

[Thomas Goirand]

On 12/13/2010 10:56 PM, hubert depesz lubaczewski wrote:
> Since 5.3.3. fpm is integrated into main php. So, if we have php 5.3.3
> *without* fpm, it effectively means that php in debian is crippled?
> What could be possible rationale for removing features from upstream?
> 
> Regards,
> 
> Hubert Lubaczewski

This was a request from the release team that didn't want too much
change between php 5.3.2 and the new 5.3.3.

BTW, waking-up so late on this issue, and so close from the release of
Squeeze, and without reading what has been already said about it, seems
a bit ... hum ... inappropriate at least! :)

If you are searching for a solution on how to do safe executions of PHP,
by the way, I would suggest you to use SBOX. It does safe chroot,
setlimits and setuid before executing (of course, you need a working
environment in your chroot...). I'm currently working on a new version
that makes it possible for sbox to find the PHP interpreter without
having to play with binfmt_misc, and it's been already working
experimentally. If you care, you can clone:

http://git.gplhost.com/sbox.git

I've just finished adding the support for Apache SetEnv directive, so
that any variables in /etc/sbox.conf can be overwritten on a per-vhost
basis. Oh, and it's also working for python and perl cgi scripts! :)

I think the above is a way more safe than using fcgid, even though it
might not perform as well (this would have to be benched, I'm really not
sure).

Thomas