[php-maint] Bug#662637 closed by Laszlo Boszormenyi (GCS) <gcs at debian.hu> (Bug#662637: fixed in php-suhosin 0.9.33-2)

Alexander Wirt formorer at debian.org
Thu May 31 06:06:15 UTC 2012

On Thu, 31 May 2012, Laszlo Boszormenyi (GCS) wrote:

> Hi Alexander, Jan,
> On Tue, 2012-05-29 at 22:28 +0200, Alexander Wirt wrote:
> > On Tue, 22 May 2012, Jan Wagner wrote:
> > > we (Alexande and I) wished, that an adopter had contacted us about his
> > > intention befor just uploading a new package.
>  It was not really my intention to do it silent. I've serious email
> problems for a while. My Evolution crashes on startup and can't fix it.
> It calls a function which ends in glibc functions, coded in x64
> assembly. Now I installed it in a Wheezy chroot. Still not good, but
> better than nothing.
> > > Anyways .. looking into your php54_fixes.patch doesn't convince me,
> > > that is a appropriate fix. For more info please have a look into:
>  In short, I know it's not a finished and polished patch. Stefan Esser
> gave no ETA for the finished PHP 5.4 support. All I would like to give
> users a chance to evaluate it, find things that may break and so on.
> Wheezy freeze is coming and Suhosin needs testing, even if not yet ready
> for production environments.
That is exactly the thing we wanted to prevent. suhosin is no thingy "for
learning" or for "testing". You should have taken the time to read our
comments regarding uploading this "version". We stated several times that we
don't think this version should be uploaded to debian. Just
hijacking/uploading the package is no solution.

> > Ok, given your bad done uploads I revert the maintainership back to us.
> > Tomorrow I'll upload the package back to the state of 0.9.33-1. It was a RFA
> > and you never talked about it to us. And you made exactly the errors we
> > wanted to prevent.
>  While I agree that 0.9.33-2 contained a bad mistake, I would like to
> learn and fix everything as soon as possible. Of course, it's your call
> if you give me a helping hand in this or take over the package.
As written above, this is no learning package, its impact is much too big for
this. We will take the package back into our maintenance, you can join the
team if you want. But I don't think its currently wise to leave things as
they are. I would even go so far to say that if there is no released version
we shouldn't ship wheezy with suhosin. I really don't want the shitstorm if
there is a hole in that pre-version and we ship wheezy with it.

I added the php maintainers to Cc, maybe they have some input to that topic.


More information about the pkg-php-maint mailing list