[php-maint] Bug#654439: Release state of suhosin for wheezy
Ondřej Surý
ondrej at debian.org
Sat Jan 14 10:11:38 UTC 2012
>> Anyways ... actuall it looks like the whole suhosin project is some kind of
>> abandoned. We got not response to mailing the upstream maintainer, the
>> forum[1] is broken and no new releases since ages, but a security problem
>> is open since long time, see #631283 [2].
>>
>> The question which comes to my mind is: "Do we want to ship weezy with
>> software under such bad conditions?"
>>
>> [1] http://forum.hardened-php.net/
>> [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631283
>
> any statement from your point of view about release state of suhosin. We
> (maintainers of php-suhosin) think php-suhosin is definetly not in shape to be
> released at the moment. How do you see this for the patch you are carring in
> php5?
It doesn't seem to be that abandoned to me:
http://www.hardened-php.net/suhosin/download.html (new release for 5.3.9)
https://github.com/stefanesser/suhosin
But yeah there was only recent activity on the github.
Anyway the suhosin *patch* is probably not that aggressive as the module.
O.
--
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/
More information about the pkg-php-maint
mailing list