[php-maint] Bug#657698: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds

[Kiall Mac Innes]

Hi John,

Ondřej (One of the Debian PHP maintainers) listed 5 or 6 reasons in the
initial email in this thread.

Honestly, I can't think of a good reason for Debian or anyone else to
include 3rd party patches, whatever the patches purpose, in the default PHP
packages.

I would argue that, if people want 3rd party patches they should either:

A) Apply the patch themselves. or:
B) Petition the author and php-core to have the patch applied upstream, to
everyone's benefit.

This is the only way to ensure IMO that everyone is using "the same PHP",
or they have explicitly opted to use some 3rd party code.

Thanks,
Kiall


On Sat, Feb 4, 2012 at 5:21 PM, John Crenshaw <johncrenshaw at priacta.com>wrote:

> OK, All the mud slinging is getting really silly (on *both* sides).
> There's no need to denigrate others because you don't agree with them.
> There's no point in arguing about who isn't a team player or who works for
> which evil multinational corporation. Nobody is attacking anybody else by
> suggesting that Suhosin is or is not critical, and none of that really
> matters anyway.
>
> I may have missed something, but has anyone asked *why* the patch was
> disabled? I think I could make a good guess, but I haven't seen even the
> slightest hint of the actual reasons in this email chain (though I could
> easily have missed it entirely).
>
> IMO we should try to focus on:
> 1. What are the pros vs. cons of enabling the Suhosin patch by default?
> 2. Why did the Debian team opt to disable it?
> 3. Are there better solutions that should be considered and recommended?
>
> John Crenshaw
> Priacta, Inc.
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20120204/d4166ce0/attachment.html>