[php-maint] Bug#657698: php5: re-enable suhosin patch or add separate packages with suhosin patch enabled per default

Thomas Goirand zigo at debian.org
Wed Feb 1 22:41:00 UTC 2012


On 02/02/2012 05:13 AM, Carlos Alberto Lopez Perez wrote:
> Hello,
> 
> I have just noticed this today when upgrading...
> 
> I am really sad to see this feature removed from Debian.
> 
> 
> After reading this bug report I understand that:
> 
>  * Suhosin patch was removed because lack of man-power to maintain it
>  * The main problem maintaining Suhosin were related to bugs from users
> complaining about broken php applications.
> 
> 
> So, if suhosin was creating problems for some users.... why not simply
> ship the configuration of php.ini with "suhosin.simulation = On" by default?
> 
> 
> http://myeasylinux.wordpress.com/2010/10/25/disable-suhosin/
> 
> 
> This would effectively disable suhosin patch (so no more users would
> complain about suhosin breaking their applications) meanwhile this still
> would allow the rest of users that are worried about security to enable
> suhosin by just changing one line in the configuration.
> 
> Or I am missing something?

Yeah! Working very hard on maintaining the suhosin patch, and then
disabling it by default, don't you think that's a waste of time?

Yet, this doesn't solve the main issue: man power, and will to maintain
it in Debian. Would you like to work on it?

Cheers,

Thomas





More information about the pkg-php-maint mailing list