[php-maint] Bug#654439: Release state of suhosin for wheezy

Jan Wagner waja at cyconet.org
Sat Jan 14 09:46:51 UTC 2012


Dear PHP Maintainers,

On Wednesday, 4. January 2012, Jan Wagner wrote:
> On Tuesday 03 January 2012 21:38:12 Marc-Christian Petersen wrote:
> > tried that on a fresh sid install, 32bit, same problem there.
> > 
> > I've also noticed that sometimes you see log entries like:
> > 
> > Jan  3 20:42:42 testhost ERT - script tried to disable memory_limit by
> > setting i... Jan  3 20:44:01 testhost LERT - script tried to disable
> > memory_limit by setting i...
> > 
> > you notice the missing AL and missing A ...
> > 
> > seems Suhosin is totally b0rked with new PHP 5.3.8 ...
> 
> This functionality is part of the suhosin patch which is integrated into
> the php5 package, so I'm reassigning the bug to this package.
> 
> Anyways ... actuall it looks like the whole suhosin project is some kind of
> abandoned.  We got not response to mailing the upstream maintainer, the
> forum[1] is broken and no new releases since ages, but a security problem
> is open since long time, see #631283 [2].
> 
> The question which comes to my mind is: "Do we want to ship weezy with
> software under such bad conditions?"
> 
> [1] http://forum.hardened-php.net/
> [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631283

any statement from your point of view about release state of suhosin. We 
(maintainers of php-suhosin) think php-suhosin is definetly not in shape to be 
released at the moment. How do you see this for the patch you are carring in 
php5?

Thanks and with kind regards, Jan.
-- 
Never write mail to <waja at spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V- PS PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++ 
------END GEEK CODE BLOCK------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20120114/f45fb9f5/attachment-0001.pgp>


More information about the pkg-php-maint mailing list