Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57722
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 61309 invoked from network); 5 Feb 2012 09:22:24 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 5 Feb 2012 09:22:24 -0000
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.170 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.160.170 mail-gy0-f170.google.com  
Received: from [209.85.160.170] ([209.85.160.170:50509] helo=mail-gy0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id CD/E0-36317-E4A4E2F4 for <internals@lists.php.net>; Sun, 05 Feb 2012 04:22:23 -0500
Received: by ghbf18 with SMTP id f18so2513202ghb.29
        for <internals@lists.php.net>; Sun, 05 Feb 2012 01:22:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=kz//SZEPwpwDBKthNQDKlTUOzlUda/cZ4r5Wgt04jeY=;
        b=P5sCT+9dKYy/pUZWrpsjDsCc6YREfDqYE2crwsT6zaDf3XNYRYTeay3akd+mBQ1g4E
         6dOh2wpLlXwbkp1AONVK7ClSTk9emOqQuVxGrxa/bhmZFppfxKPR6QVKdx/GGFW9xnzq
         GANFLOIW8khPghK63ltSuDb1LzuRyT8ykt0IA=
MIME-Version: 1.0
Received: by 10.236.75.198 with SMTP id z46mr18384049yhd.45.1328433739195;
 Sun, 05 Feb 2012 01:22:19 -0800 (PST)
Received: by 10.146.197.7 with HTTP; Sun, 5 Feb 2012 01:22:18 -0800 (PST)
In-Reply-To: <1328381837-sup-1234@fewbar.com>
References: <CALjhHG_wYvJn-Z+x9fJUi+dgmZ+Ha9BD54N5VwhneJM4sg1xBQ@mail.gmail.com>
	<5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de>
	<CAEZPtU7jtQTDNpUovxxnDdRunjH9BOdX=WbS8JcGz+5Wkz8ocw@mail.gmail.com>
	<4F2A9378.70803@thelounge.net>
	<4F2AC9CA.2070308@sugarcrm.com>
	<4F2B2ED8.4050900@jimdo.com>
	<72878E6C-4C17-4D94-9F73-1446769247E1@nopiracy.de>
	<CAEZPtU5CP3GqUnKsxx51-ieHAdGh=ySvZCWhhAwa0kwuNG6Bhg@mail.gmail.com>
	<A33C7716-F355-455E-863D-5458205C3208@nopiracy.de>
	<4F2CEA7E.9010906@sugarcrm.com>
	<A633CF2D7C7BED41B41F1E64F25507B8069D29BD16@MAILR001.mail.lan>
	<CAGSj+Qs5GTp8RGc2HKeJm7N7CexCg21wDEJ8ONEKEKVafoiYuA@mail.gmail.com>
	<1328381837-sup-1234@fewbar.com>
Date: Sun, 5 Feb 2012 10:22:19 +0100
Message-ID: <CAEZPtU73WUcC2MinfXpiqKy44jx0r0Fz-BR07_LQHa7QXqOuzg@mail.gmail.com>
To: Clint Byrum <clint@ubuntu.com>
Cc: internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
From: pierre.php@gmail.com (Pierre Joye)

On Sat, Feb 4, 2012 at 8:20 PM, Clint Byrum <clint@ubuntu.com> wrote:
hi,

> So, I think I could probably put myself in as somebody that would support
> an effort to bring Suhosin's mitigations into PHP core. I don't know
> that the greater Ubuntu roject could devote many man-hours to it, but
> perhaps I could write the RFC's and offer resources for testing. Since
> the patches are already written, it shouldn't be much code work, right?

Well, the main work is not to decide to apply a big patch but to
decide what actually makes sense.

That's why I would rather go feature by feature instead, step by step
and carefully instead of the whole or nothing approach.

Cheers,
-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org