Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57635
Return-Path: <zigo@debian.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 81111 invoked from network); 2 Feb 2012 20:11:46 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Feb 2012 20:11:46 -0000
Authentication-Results: pb1.pair.com smtp.mail=zigo@debian.org; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=zigo@debian.org; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain debian.org from 117.121.247.104 cause and error)
X-PHP-List-Original-Sender: zigo@debian.org
X-Host-Fingerprint: 117.121.247.104 mx.atlanta.gplhost.com Linux 2.6
Received: from [117.121.247.104] ([117.121.247.104:54692] helo=mx.atlanta.gplhost.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 8A/2B-04454-10EEA2F4 for <internals@lists.php.net>; Thu, 02 Feb 2012 15:11:45 -0500
Received: from mx.atlanta.gplhost.com (localhost.localdomain [127.0.0.1])
	by mx.atlanta.gplhost.com (Postfix) with ESMTP id 6AFE1FE25D;
	Thu,  2 Feb 2012 20:12:30 +0000 (UTC)
Received: from [127.0.0.1] (atl.apt-proxy.gplhost.com [117.121.247.20])
	by mx.atlanta.gplhost.com (Postfix) with ESMTPA id 6608FFE146;
	Thu,  2 Feb 2012 20:12:27 +0000 (UTC)
Message-ID: <4F2AEDF8.2010203@debian.org>
Date: Fri, 03 Feb 2012 04:11:36 +0800
Organization: Debian
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.16) Gecko/20111110 Icedove/3.0.11
MIME-Version: 1.0
To: Stas Malyshev <smalyshev@sugarcrm.com>
CC: Stefan Esser <stefan@nopiracy.de>, Pierre Joye <pierre.php@gmail.com>, 
 657698 <657698@bugs.debian.org>,
 Christoph Anton Mitterer <calestyo@scientia.net>, 
 Douglas Calvert <dfc@douglasfcalvert.net>,
 Jesse Molina <jesse@opendreams.net>, 
 Carlos Alberto Lopez Perez <clopez@igalia.com>,
 PHP internals <internals@lists.php.net>, 
 Debian Developers <debian-devel@lists.debian.org>,
 Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
References: <CALjhHG_wYvJn-Z+x9fJUi+dgmZ+Ha9BD54N5VwhneJM4sg1xBQ@mail.gmail.com> <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <CAEZPtU7jtQTDNpUovxxnDdRunjH9BOdX=WbS8JcGz+5Wkz8ocw@mail.gmail.com> <46104CB6-A868-41C3-B8E1-F1E0AC06BCAB@nopiracy.de> <4F2ACEEB.4080202@sugarcrm.com>
In-Reply-To: <4F2ACEEB.4080202@sugarcrm.com>
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset=ISO-8859-2
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
From: zigo@debian.org (Thomas Goirand)

On 02/03/2012 01:59 AM, Stas Malyshev wrote:
> You seem to advocate the approach in which
> performance and convenience can and should be sacrificed to security.
> It is a matter of opinion

Something I don't get here. If there's this issue, and
different tastes, why can't a build flag be used, so
that you can choose security or speed depending on your
needs? If you do some:

#ifdef ENABLE_SLOWER_SUHOSIN_SECURITY

in the controversial parts, then I don't see how this
would be of trouble for anyone to have Suhosin included
in upstream PHP.

Cheers,

Thomas Goirand (zigo)