Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57614 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 14468 invoked from network); 2 Feb 2012 13:45:34 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Feb 2012 13:45:34 -0000 Authentication-Results: pb1.pair.com smtp.mail=h.reindl@thelounge.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=h.reindl@thelounge.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain thelounge.net designates 91.118.73.15 as permitted sender) X-PHP-List-Original-Sender: h.reindl@thelounge.net X-Host-Fingerprint: 91.118.73.15 mail.thelounge.net Received: from [91.118.73.15] ([91.118.73.15:34714] helo=mail.thelounge.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id EA/31-04454-B739A2F4 for ; Thu, 02 Feb 2012 08:45:32 -0500 Received: from rh.thelounge.net (rh.thelounge.net [10.0.0.99]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.thelounge.net (Postfix) with ESMTPSA id 37507A3 for ; Thu, 2 Feb 2012 14:45:29 +0100 (CET) Message-ID: <4F2A9378.70803@thelounge.net> Date: Thu, 02 Feb 2012 14:45:28 +0100 Organization: the lounge interactive design User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20120131 Thunderbird/10.0 MIME-Version: 1.0 To: internals@lists.php.net References: <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> In-Reply-To: X-Enigmail-Version: 1.3.5 OpenPGP: id=7F780279; url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig1169236664D3B8D10184D75F" Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: h.reindl@thelounge.net (Reindl Harald) --------------enig1169236664D3B8D10184D75F Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 02.02.2012 14:38, schrieb Pierre Joye: > About the current flaw affecting 5.3/4, PHP and suhosin had bugs, and > will have bugs. This is not really hot news. That does not affect this > discussion. >=20 > I, for one, like the idea to finally see distros droping Suhosin and > focus on making PHP itself better and safer instead of distracting us > and our users with custom patches or extensions. yes, but suhosin-extension and hardening patch exists since many years the question from a normal user: why are these things not included in the core? especially the option to disable function by directory while "disable_functions" is stupidity shown in phpinfo() per dir but never active? --------------enig1169236664D3B8D10184D75F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8qk3kACgkQhmBjz394AnlagQCfQvjBDoVic0vw3ABK2pwjbeeI XP0AnRQoGOKCZwtPfo72f99LJsSXXaDU =WwgB -----END PGP SIGNATURE----- --------------enig1169236664D3B8D10184D75F--