[php-maint] Bug#657698: php5: re-enable suhosin patch or add separate packages with suhosin patch enabled per default
zigo at debian.org
Wed Feb 1 22:41:00 UTC 2012
On 02/02/2012 05:13 AM, Carlos Alberto Lopez Perez wrote:
> I have just noticed this today when upgrading...
> I am really sad to see this feature removed from Debian.
> After reading this bug report I understand that:
> * Suhosin patch was removed because lack of man-power to maintain it
> * The main problem maintaining Suhosin were related to bugs from users
> complaining about broken php applications.
> So, if suhosin was creating problems for some users.... why not simply
> ship the configuration of php.ini with "suhosin.simulation = On" by default?
> This would effectively disable suhosin patch (so no more users would
> complain about suhosin breaking their applications) meanwhile this still
> would allow the rest of users that are worried about security to enable
> suhosin by just changing one line in the configuration.
> Or I am missing something?
Yeah! Working very hard on maintaining the suhosin patch, and then
disabling it by default, don't you think that's a waste of time?
Yet, this doesn't solve the main issue: man power, and will to maintain
it in Debian. Would you like to work on it?
More information about the pkg-php-maint