[php-maint] Bug#696470: php5-suhosin: php5-common make php5-suhosin defective

Jan Wagner waja at cyconet.org
Tue Jun 4 13:30:17 UTC 2013

Hash: SHA1

Am 04.06.2013 15:01, schrieb Ondřej Surý:
> On Tue, Jun 4, 2013 at 2:41 PM, Jan Wagner <waja at cyconet.org 
> <mailto:waja at cyconet.org>> wrote: When there's some activity on the
> upstream part, we can create a plan. The last commit in suhosin
> repository on github was more than _a year_ ago. So, you are trying
> to create plan for non-existent software.

Indeed, no activity code-wise yet.

> With the actual PHP packages, it is not possible to install a
> package named "php5-suhosin". Do you want to tell me, the PHP
> Maintainers didn't consider that php5-suhosin maybe come back?
> Yes, I don't think the php5-suhosin will ever come back. And even
> if it did I don't plan re-adding suhosin patch to php5 sources.

This is, what I did expected and I can understand this decision.
Stefan got more and more unreliable with suhosin.

>> You won't be able to use backports due PHP 5.5 in sid.
> Maybe I'm dumb, but I actually don't see a problem, if there occure
> a new suhosin upstream release, which maybe compatible with PHP 5.5
> and 5.4. Did I oversee anything?
> Maybe this could work, but you won't be able to test it with PHP
> 5.4 before you will upload to backports, which is not very
> QA-wise.

I can do that with my own repros and push the suhosin package there
and test it in a wider scale.

>> If there's a new stable suhosin, we can always release new php
>> 5.4 via pu, but I think that it's not worth the trouble for
>> wheezy.
> - From my experiences with pu, this will likely rare happen til
> not.
> Not true, there's already php5 accepted in pu.

Okay ... I was talking here about pu in general, not php specific.

> Anyways this will add a big expense and even shifts a system where 
> php5-common and php5-suhosin can be installed along far in the
> future.
>> Users can always use unpackaged extension with php5-dev.
> Which unfortunately doesn't scale in larger setups.
> Suhosin upstream is unrealiable with releases and promises[*]. And
> we didn't have a correct version number at hand when we have
> released wheezy. If you had given me the correct version number
> which will support PHP 5.4 (confirmed by upstream), I would have
> changed the Breaks to be versioned.

Okay ... we should have had talked a bit much more about this topic.
With suhosin abounded upstream, I didn't follow your packaging very
close, so I wasn't aware of the issue (as the change was on your side,
I would have wished you pinged me).
Anyways, there was also the #662637-debacle, so this messed the
situation more than needed.

> * - My understanding is that he just lost interest in PHP
> (-suhosin) and have moved on to some other projects (dayjob).

We share this understanding. ;)

Anyways ... looking into
and even in
makes me cautiously optimistic.

Cheers, Jan.
- -- 
Never write mail to <waja at spamfalle.info>, you have been warned!
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V-
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++
- ------END GEEK CODE BLOCK------
Version: GnuPG v1.4.12 (GNU/Linux)


More information about the pkg-php-maint mailing list