[php-maint] Bug#696470: php5-suhosin: php5-common make php5-suhosin defective
Jan Wagner
waja at cyconet.org
Tue Jun 4 13:30:17 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 04.06.2013 15:01, schrieb Ondřej Surý:
> On Tue, Jun 4, 2013 at 2:41 PM, Jan Wagner <waja at cyconet.org
> <mailto:waja at cyconet.org>> wrote: When there's some activity on the
> upstream part, we can create a plan. The last commit in suhosin
> repository on github was more than _a year_ ago. So, you are trying
> to create plan for non-existent software.
Indeed, no activity code-wise yet.
> With the actual PHP packages, it is not possible to install a
> package named "php5-suhosin". Do you want to tell me, the PHP
> Maintainers didn't consider that php5-suhosin maybe come back?
>
> Yes, I don't think the php5-suhosin will ever come back. And even
> if it did I don't plan re-adding suhosin patch to php5 sources.
This is, what I did expected and I can understand this decision.
Stefan got more and more unreliable with suhosin.
>> You won't be able to use backports due PHP 5.5 in sid.
>
> Maybe I'm dumb, but I actually don't see a problem, if there occure
> a new suhosin upstream release, which maybe compatible with PHP 5.5
> and 5.4. Did I oversee anything?
>
> Maybe this could work, but you won't be able to test it with PHP
> 5.4 before you will upload to backports, which is not very
> QA-wise.
I can do that with my own repros and push the suhosin package there
and test it in a wider scale.
>> If there's a new stable suhosin, we can always release new php
>> 5.4 via pu, but I think that it's not worth the trouble for
>> wheezy.
>
> - From my experiences with pu, this will likely rare happen til
> not.
>
> Not true, there's already php5 accepted in pu.
Okay ... I was talking here about pu in general, not php specific.
> Anyways this will add a big expense and even shifts a system where
> php5-common and php5-suhosin can be installed along far in the
> future.
>
>> Users can always use unpackaged extension with php5-dev.
>
> Which unfortunately doesn't scale in larger setups.
>
> Suhosin upstream is unrealiable with releases and promises[*]. And
> we didn't have a correct version number at hand when we have
> released wheezy. If you had given me the correct version number
> which will support PHP 5.4 (confirmed by upstream), I would have
> changed the Breaks to be versioned.
Okay ... we should have had talked a bit much more about this topic.
With suhosin abounded upstream, I didn't follow your packaging very
close, so I wasn't aware of the issue (as the change was on your side,
I would have wished you pinged me).
Anyways, there was also the #662637-debacle, so this messed the
situation more than needed.
> * - My understanding is that he just lost interest in PHP
> (-suhosin) and have moved on to some other projects (dayjob).
We share this understanding. ;)
Anyways ... looking into
https://github.com/stefanesser/suhosin/issues/20#issuecomment-15631909
and even in
https://github.com/stefanesser/suhosin/issues/27#issuecomment-18741064
makes me cautiously optimistic.
Cheers, Jan.
- --
Never write mail to <waja at spamfalle.info>, you have been warned!
- -----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V-
PS PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++
- ------END GEEK CODE BLOCK------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRrevo9u6Dud+QFyQRAqwAAJ91zvuwQQEoouIF5UtGewTgQNL3kwCg9G0C
u/2/j1ZNod/46t6v73BammA=
=5zzm
-----END PGP SIGNATURE-----
More information about the pkg-php-maint
mailing list