Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57642 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 66857 invoked from network); 3 Feb 2012 06:21:56 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Feb 2012 06:21:56 -0000 Authentication-Results: pb1.pair.com smtp.mail=ml@anderiasch.de; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=ml@anderiasch.de; sender-id=unknown Received-SPF: error (pb1.pair.com: domain anderiasch.de from 81.169.138.148 cause and error) X-PHP-List-Original-Sender: ml@anderiasch.de X-Host-Fingerprint: 81.169.138.148 ares.art-core.org Received: from [81.169.138.148] ([81.169.138.148:51623] helo=mail.anderiasch.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 55/83-21135-10D7B2F4 for ; Fri, 03 Feb 2012 01:21:54 -0500 Message-ID: <4F2B7CFD.4050709@anderiasch.de> Date: Fri, 03 Feb 2012 07:21:49 +0100 User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: Christoph Anton Mitterer CC: Debian Developers , 657698 <657698@bugs.debian.org>, PHP internals , Debian PHP Maintainers References: <1328228902.3385.151.camel@fermat.scientia.net> In-Reply-To: <1328228902.3385.151.camel@fermat.scientia.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: Re: [PHP-DEV] Re: Suhosin patch disabled by default in Debian php5 builds From: ml@anderiasch.de (Florian Anderiasch) On 02/03/2012 01:28 AM, Christoph Anton Mitterer wrote: > But this wouldn't solve our discussion here... the question would > still be open, whether Debian sets this flag or not, or whether it > makes two binary packages. Now that's something I didn't read from Ondřej's mail, but delivering the packages with and without suhosin would, while being more work, certainly the most helpful way for users. Then again I'd gladly help if there's anything of this additional work that can be done. I'd prefer to have Debian's default php5 package with Suhosin as usual, but I'm hardly the one making demands or suggestions here. I'm with Soenke (different mail in this thread) - better keep the securest-possible package by default. When I need performance, I'm rolling my own php anyway - no matter what base system or package format. Greetings, Florian