[php-maint] Bug#657698: Bug#657698:

Thomas Goirand zigo at debian.org
Mon Jan 30 23:42:19 UTC 2012

On 01/31/2012 06:02 AM, Stefan Esser wrote:
> I can understand that you as a Debian user are sad about
> the fact that Debian's PHP maintainers decided that
> security is not important.
> However from my point of view it is actually better if
> Debian does not ship Suhosin by default. That might stop
> them from spreading nonsense like Suhosin is
> unmaintained/upstream is not responsive etc

Please calm down. This is *not* the way to make your point. I might have
been the one who used the bad wording "unresponsive" (based on what
others wrote), if so, then sorry, you've just proven me wrong.

But if you continue with this tone, the only thing that is going to
happen is that instead of saying that upstream is unresponsive, we'll say:

"upstream isn't friendly and replies aggressively on the bug tracker"

You've proven that you are responsive, that's good, and can potentially
reverse the decision if you are ready to help for the packaging. Don't
waste the opportunity! The main reason which this discussion was started
was *the lack of man power*, so if you can do the work...

Also, what you might want to do to avoid the same issue again, would be
registering this list and reading it often, don't you think?

By the way, I've been asking here, and I didn't get a satisfying answer,
so I'd like to ask you as well. I'd be very happy to have your opinion
as upstream author. Do you think that suhosin is still valuable when
running PHP as CGI-BIN, in a chroot? If so, can you explain why?

Thomas Goirand (zigo)

More information about the pkg-php-maint mailing list