[php-maint] Bug#657698: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
eof at kiyuko.org
Thu Feb 2 14:41:58 UTC 2012
On Thu, Feb 02, 2012 at 03:14:56PM +0100, Stefan Esser wrote:
> BTW: You should really really look into the history of PHP security and check for each of the last 8 years how many features were in Suhosin and later merged into PHP because of some nasty security problem.
> You will see that at least 2 features of Suhosin per year were merged into PHP.
If that’s the case, then you have nothing to worry about.
As more and more Suoshin features are merged into mainline PHP, Debian’s
PHP package will get more and more secure. That’s the way it happens for
many other packages, I fail to see why PHP should be treated differently.
Andrea Bolognani <eof at kiyuko.org>
Resistance is futile, you will be garbage collected.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the pkg-php-maint