[php-maint] Bug#696470: php5-suhosin: php5-common make php5-suhosin defective

Ondřej Surý ondrej at debian.org
Tue Jun 4 13:01:09 UTC 2013


On Tue, Jun 4, 2013 at 2:41 PM, Jan Wagner <waja at cyconet.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Ondřej,
>
> thanks for your reply.
>
> Am 04.06.2013 13:59, schrieb Ondřej Surý:
> > On Tue, Jun 4, 2013 at 1:31 PM, Jan Wagner <waja at cyconet.org
> > <mailto:waja at cyconet.org>> wrote: as this Break is unversioned, how
> > is the plan to get a (maybe in the future) compatible php5-suhosin
> > installed beside php5-common?
> >
> > There's no plan since there's no suhosin.
>
> Oh Ondřej, come on! This was not a question about the actual suhosin
> status, but about the PHP packages.
>

When there's some activity on the upstream part, we can create a plan.  The
last commit in suhosin repository on github was more than _a year_ ago. So,
you are trying to create plan for non-existent software.


> With the actual PHP packages, it is not possible to install a package
> named "php5-suhosin". Do you want to tell me, the PHP Maintainers
> didn't consider that php5-suhosin maybe come back?


Yes, I don't think the php5-suhosin will ever come back. And even if it did
I don't plan re-adding suhosin patch to php5 sources.

> Even if this problen can be solved for jessie and sid, what whould
> > be the best way to provide a php5-suhosin package for wheezy (for
> > example maybe via backports)?
> >
> > You won't be able to use backports due PHP 5.5 in sid.
>
> Maybe I'm dumb, but I actually don't see a problem, if there occure a
> new suhosin upstream release, which maybe compatible with PHP 5.5 and
> 5.4. Did I oversee anything?


Maybe this could work, but you won't be able to test it with PHP 5.4 before
you will upload to backports, which is not very QA-wise.


> > If there's a new stable suhosin, we can always release new php 5.4
> > via pu, but I think that it's not worth the trouble for wheezy.
>
> - From my experiences with pu, this will likely rare happen til not.
>

Not true, there's already php5 accepted in pu.


> Anyways this will add a big expense and even shifts a system where
> php5-common and php5-suhosin can be installed along far in the future.
>
> > Users can always use unpackaged extension with php5-dev.
>
> Which unfortunately doesn't scale in larger setups.
>

Suhosin upstream is unrealiable with releases and promises[*]. And we
didn't have a correct version number at hand when we have released wheezy.
If you had given me the correct version number which will support PHP 5.4
(confirmed by upstream), I would have changed the Breaks to be versioned.

* - My understanding is that he just lost interest in PHP (-suhosin) and
have moved on to some other projects (dayjob).

O.
-- 
Ondřej Surý <ondrej at sury.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20130604/b95601cf/attachment.html>


More information about the pkg-php-maint mailing list