[php-maint] Bug#657698: php5: re-enable suhosin patch or add separate packages with suhosin patch enabled per default

Christoph Anton Mitterer calestyo at scientia.net
Sat Jan 28 02:42:47 UTC 2012

Package: php5
Version: 5.3.9-3
Severity: wishlist


Having the suhosin patch enabled per default used to be a very good thing
and probably greatly increased security of PHP installations.

In this versions, it seems you've disabled the patch.

I don't know the reasons but I'm very sad about it.
Even though you've added that PHP5_SUHOSIN=no/yes option to the rules file
it would mean some effort for people to reactivate this (manually making
packages and so on).

Could you:
a) Just re-enable it per default (for security reasons); if some people have problems
with it, they should rather try to fix this upstream... or such people could manually
build their packages and disable suhosin in it.

b) Provide packages for both, which conflict each other, and provide the same names.
One could have e.g.
php5, php5-cgi, php5-cli, etc. => suhosin enabled
php5-nosuhosin, php5-cgi-nosuhosin, php5-cli-nosuhosin, etc. => suhosin disabled
That way, per default packages with suhosin enabled (which should be the sane default)
would get installed, but people have still the possibility to take the other packages
if they like; without any manual compilations.


More information about the pkg-php-maint mailing list