[php-maint] Status of suhosin in Debian

[Thomas Goirand]

On 06/12/2012 04:22 AM, Alexander Wirt wrote:
> Therefore the php maintainers decided to drop the patch from the
> 5.3 packaging a few months ago (there were also some bugs and
> slowdowns with the patch) [1].

Isn't it possible to disable these slowdowns with environment values, as
the suhosin author suggested? This could be the default setup...

On 06/12/2012 04:27 AM, Ondřej Surý wrote:
> +1 from /me on not releasing suhosin in wheezy...
> 
> Ondřej Surý

I'd like to highlight Ondrej's impressive work maintaining PHP mostly
alone. If someone wants to oppose to his view, then than someone also
needs to stand up and do the work of adding suhosin support AND
supporting it for the life of Wheezy.

That being said, I'll have a go in trying to influence Ondrej on the
other direction! ;) Who care's about Suhosin's author relation with
upstream if his work is useful? Let them fight each other if they feel
it's needed.

Ondrej, is your plan still to leave suhosin as a build option in the
source package like you wrote early last February, so that those who
want it can just switch that option and rebuild? I can see in the
debian/rules that there's still:

# Set this flag to 'yes' if you want to compile PHP5 with suhosin patch
PHP5_SUHOSIN=no

Does this mean that the suhosin patch still works in current php 5.4
package? Or is this still something remaining fro the php 5.3 packaging?
Would it be feasible to build twice PHP, once with the suhosin patch,
and once without, and build 2 debian binaries? If yes, how much work
would this be? Does this mean building 3 more binaries, like:
libapache2-mod-php5-suhosin, php5-cli-suhosin, php5-cgi-suhosin? Would
it slow down a lot the package building process?

Thanks again, Ondrej, for your work of packaging PHP,

Thomas