Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57706 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 63802 invoked from network); 4 Feb 2012 17:21:47 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Feb 2012 17:21:47 -0000 Authentication-Results: pb1.pair.com header.from=johncrenshaw@priacta.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=johncrenshaw@priacta.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain priacta.com designates 64.95.72.244 as permitted sender) X-PHP-List-Original-Sender: johncrenshaw@priacta.com X-Host-Fingerprint: 64.95.72.244 mxout.myoutlookonline.com Received: from [64.95.72.244] ([64.95.72.244:63968] helo=mxout.myoutlookonline.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 15/51-08838-A296D2F4 for ; Sat, 04 Feb 2012 12:21:46 -0500 Received: from mxout.myoutlookonline.com (localhost [127.0.0.1]) by mxout.myoutlookonline.com (Postfix) with ESMTP id 027387E379B; Sat, 4 Feb 2012 12:21:44 -0500 (EST) X-Virus-Scanned: by SpamTitan at mail.lan Received: from HUB024.mail.lan (unknown [10.110.2.1]) by mxout.myoutlookonline.com (Postfix) with ESMTP id 88FBD7E36B6; Sat, 4 Feb 2012 12:21:43 -0500 (EST) Received: from MAILR001.mail.lan ([10.110.18.27]) by HUB024.mail.lan ([10.110.17.24]) with mapi; Sat, 4 Feb 2012 12:21:43 -0500 To: Stas Malyshev , Stefan Esser CC: Pierre Joye , Soenke Ruempler - Jimdo , PHP internals , "security@php.net" , "zigo@debian.org" Date: Sat, 4 Feb 2012 12:21:28 -0500 Thread-Topic: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds Thread-Index: AczjFgRvHdG6QTZyRGe/OhGWwDy+ywARQnxw Message-ID: References: <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <4F2A9378.70803@thelounge.net> <4F2AC9CA.2070308@sugarcrm.com> <4F2B2ED8.4050900@jimdo.com> <72878E6C-4C17-4D94-9F73-1446769247E1@nopiracy.de> <4F2CEA7E.9010906@sugarcrm.com> In-Reply-To: <4F2CEA7E.9010906@sugarcrm.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: RE: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: johncrenshaw@priacta.com (John Crenshaw) OK, All the mud slinging is getting really silly (on *both* sides). There's= no need to denigrate others because you don't agree with them. There's no = point in arguing about who isn't a team player or who works for which evil = multinational corporation. Nobody is attacking anybody else by suggesting t= hat Suhosin is or is not critical, and none of that really matters anyway. I may have missed something, but has anyone asked *why* the patch was disab= led? I think I could make a good guess, but I haven't seen even the slighte= st hint of the actual reasons in this email chain (though I could easily ha= ve missed it entirely). IMO we should try to focus on: 1. What are the pros vs. cons of enabling the Suhosin patch by default? 2. Why did the Debian team opt to disable it? 3. Are there better solutions that should be considered and recommended? John Crenshaw Priacta, Inc.