Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57707 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 66181 invoked from network); 4 Feb 2012 17:35:09 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Feb 2012 17:35:09 -0000 Authentication-Results: pb1.pair.com header.from=kiall@managedit.ie; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=kiall@managedit.ie; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain managedit.ie designates 209.85.210.170 as permitted sender) X-PHP-List-Original-Sender: kiall@managedit.ie X-Host-Fingerprint: 209.85.210.170 unknown Received: from [209.85.210.170] ([209.85.210.170:49157] helo=mail-iy0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 05/A1-08838-A4C6D2F4 for ; Sat, 04 Feb 2012 12:35:07 -0500 Received: by iakk32 with SMTP id k32so7244090iak.29 for ; Sat, 04 Feb 2012 09:35:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=managedit.ie; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=O18kAXhBC1vYJsVoyDqJ9lWebCgzxhDuSmaB2Xyhg+o=; b=KQTZl5XCKfPjP2n16R9Pb6ue1N+GfpuDytnOYLFJSRLnpIfy3yjs7Re2hVK51meOui IgqtjrOJp+tTx/tt6iurFJaNjetOFE8Sas3HVcrL0KpnjTvxyaNaMVwLywAZeCFdcjCa FHzXXwgvOCJLI++GXziG644ahXNmDk6sR4Kv0= Received: by 10.50.178.65 with SMTP id cw1mr2068179igc.16.1328376904246; Sat, 04 Feb 2012 09:35:04 -0800 (PST) MIME-Version: 1.0 Received: by 10.231.242.76 with HTTP; Sat, 4 Feb 2012 09:34:44 -0800 (PST) In-Reply-To: References: <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <4F2A9378.70803@thelounge.net> <4F2AC9CA.2070308@sugarcrm.com> <4F2B2ED8.4050900@jimdo.com> <72878E6C-4C17-4D94-9F73-1446769247E1@nopiracy.de> <4F2CEA7E.9010906@sugarcrm.com> Date: Sat, 4 Feb 2012 17:34:44 +0000 Message-ID: To: John Crenshaw Cc: PHP internals , ondrej@sury.org, 657698@bugs.debian.org Content-Type: multipart/alternative; boundary=e89a8f839f6181661904b826d9ac Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: kiall@managedit.ie (Kiall Mac Innes) --e89a8f839f6181661904b826d9ac Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi John, =EF=BB=BFOnd=C5=99ej (One of the Debian PHP maintainers) listed 5 or 6 reas= ons in the initial email in this thread. Honestly, I can't think of a good reason for Debian or anyone else to include 3rd party patches, whatever the patches purpose, in the default PHP packages. I would argue that, if people want 3rd party patches they should either: A) Apply the patch themselves. or: B) Petition the author and php-core to have the patch applied upstream, to everyone's benefit. This is the only way to ensure IMO that everyone is using "the same PHP", or they have explicitly opted to use some 3rd party code. Thanks, Kiall On Sat, Feb 4, 2012 at 5:21 PM, John Crenshaw wro= te: > OK, All the mud slinging is getting really silly (on *both* sides). > There's no need to denigrate others because you don't agree with them. > There's no point in arguing about who isn't a team player or who works fo= r > which evil multinational corporation. Nobody is attacking anybody else by > suggesting that Suhosin is or is not critical, and none of that really > matters anyway. > > I may have missed something, but has anyone asked *why* the patch was > disabled? I think I could make a good guess, but I haven't seen even the > slightest hint of the actual reasons in this email chain (though I could > easily have missed it entirely). > > IMO we should try to focus on: > 1. What are the pros vs. cons of enabling the Suhosin patch by default? > 2. Why did the Debian team opt to disable it? > 3. Are there better solutions that should be considered and recommended? > > John Crenshaw > Priacta, Inc. > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > --e89a8f839f6181661904b826d9ac--